SUSE-SU-2024:4082-1

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2022-48879: efi: fix NULL-deref in init error path (bsc#1229556).
• CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
• CVE-2022-48959: net: dsa: sja1105: fix memory leak in sja1105setupdevlink_regions() (bsc#1231976).
• CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
• CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisifemacrx() (bsc#1232286).
• CVE-2022-48991: mm/khugepaged: fix collapseptemappedthp() to allow anonvma (bsc#1232070).
• CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
• CVE-2024-45013: nvme: move stopping keep-alive into nvmeuninitctrl() (bsc#1230442).
• CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
• CVE-2024-45026: s390/dasd: fix error recovery leading to data corruption on ESE devices (bsc#1230454).
• CVE-2024-46716: dmaengine: altera-msgdma: properly free descriptor in msgdmafreedescriptor (bsc#1230715).
• CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
• CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
• CVE-2024-46815: drm/amd/display: Check numvalidsets before accessing readerwmsets (bsc#1231195).
• CVE-2024-46816: drm/amd/display: Stop amdgpudm initialize when link nums greater than maxlinks (bsc#1231197).
• CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
• CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
• CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
• CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in _genradixptr_alloc() (bsc#1231502).
• CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
• CVE-2024-47684: tcp: check skb is non-NULL in tcprtodelta_us() (bsc#1231987).
• CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
• CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
• CVE-2024-47748: vhost_vdpa: assign irq bypass producer token correctly (bsc#1232174).
• CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
• CVE-2024-49930: wifi: ath11k: fix array out-of-bound access in SoC stats (bsc#1232260).
• CVE-2024-49936: net/xen-netback: prevent UAF in xenvifflushhash() (bsc#1232424).
• CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
• CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
• CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
• CVE-2024-49991: drm/amdkfd: amdkfdfreegtt_mem clear the correct pointer (bsc#1232282).
• CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
• CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).

The following non-security bugs were fixed:

• NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
• PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666).
• RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (bsc#1232036).
• bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
• dnroute: set rt neigh to blackholenetdev instead of loopback_dev in ifdown (bsc#1216813).
• ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
• ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
• net: mana: Fix the extra HZ in manahwcsend_request (bsc#1232033).
• xfrm: set dst dev to blackholenetdev instead of loopbackdev in ifdown (bsc#1216813).