SUSE-SU-2024:4100-1

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.

The Linux Enterprise 12 SP5 kernel turned LTSS (Extended Security)

The following security bugs were fixed:

• CVE-2021-46936: Fixed use-after-free in twtimerhandler() (bsc#1220439).
• CVE-2021-47163: kABI fix for tipc: wait and exit until all work queues are done (bsc#1221980).
• CVE-2021-47612: nfc: fix segfault in nfcgenldumpdevicesdone (bsc#1226585).
• CVE-2022-48809: net: fix a memleak when uncloning an skb dst and its metadata (bsc#1227947).
• CVE-2022-48951: ASoC: ops: Correct bounds check for second channel on SX controls (bsc#1231929).
• CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
• CVE-2022-48958: ethernet: aeroflex: fix potential skb leak in grethinitrings() (bsc#1231889).
• CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
• CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisifemacrx() (bsc#1232286).
• CVE-2022-48966: net: mvneta: Fix an out of bounds check (bsc#1232191).
• CVE-2022-48967: NFC: nci: Bounds check struct nfc_target arrays (bsc#1232304).
• CVE-2022-48971: Bluetooth: Fix not cleanup led when bt_init fails (bsc#1232037).
• CVE-2022-48972: mac802154: fix missing INITLISTHEAD in ieee802154ifadd() (bsc#1232025).
• CVE-2022-48973: gpio: amd8111: Fix PCI device reference count leak (bsc#1232039).
• CVE-2022-48978: HID: core: fix shift-out-of-bounds in hidreportraw_event (bsc#1232038).
• CVE-2022-48991: mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths (bsc#1232070).
• CVE-2022-48992: ASoC: soc-pcm: Add NULL check in BE reparenting (bsc#1232071).
• CVE-2022-49000: iommu/vt-d: Fix PCI device refcount leak in hasexternalpci() (bsc#1232123).
• CVE-2022-49002: iommu/vt-d: Fix PCI device refcount leak in dmardevscope_init() (bsc#1232133).
• CVE-2022-49010: hwmon: (coretemp) Check for null before removing sysfs attrs (bsc#1232172).
• CVE-2022-49011: hwmon: (coretemp) fix pci device refcount leak in nv1aramnew() (bsc#1232006).
• CVE-2022-49014: net: tun: Fix use-after-free in tun_detach() (bsc#1231890).
• CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
• CVE-2022-49020: net/9p: Fix a potential socket leak in p9socketopen (bsc#1232175).
• CVE-2022-49021: net: phy: fix null-ptr-deref while probe() failed (bsc#1231939).
• CVE-2022-49026: e100: Fix possible use after free in e100xmitprepare (bsc#1231997).
• CVE-2022-49027: iavf: Fix error handling in iavfinitmodule() (bsc#1232007).
• CVE-2022-49028: ixgbevf: Fix resource leak in ixgbevfinitmodule() (bsc#1231996).
• CVE-2022-49029: hwmon: (ibmpex) Fix possible UAF when ibmpexregisterbmc() fails (bsc#1231995).
• CVE-2023-52898: xhci: Fix null pointer dereference when host dies (bsc#1229568).
• CVE-2023-52918: media: pci: cx23885: check cx23885vdevinit() return (bsc#1232047).
• CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629).
• CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606).
• CVE-2024-39476: md/raid5: fix deadlock that raid5d() wait for itself to clear MDSBCHANGE_PENDING (bsc#1227437).
• CVE-2024-40965: i2c: lpi2c: Avoid calling clkgetrate during transfer (bsc#1227885).
• CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620).
• CVE-2024-42114: netlink: extend policy range validation (bsc#1228564 prerequisite).
• CVE-2024-42253: gpio: pca953x: fix pca953xirqbussyncunlock race (bsc#1229005 stable-fixes).
• CVE-2024-44931: gpio: prevent potential speculation leaks in gpiodeviceget_desc() (bsc#1229837 stable-fixes).
• CVE-2024-44958: sched/smt: Fix unbalance schedsmtpresent dec/inc (bsc#1230179).
• CVE-2024-46724: drm/amdgpu: Fix out-of-bounds read of dfv17channelnumber (bsc#1230725).
• CVE-2024-46755: wifi: mwifiex: Do not return unused priv in mwifiexgetprivbyid() (bsc#1230802).
• CVE-2024-46802: drm/amd/display: added NULL check at start of dcvalidatestream (bsc#1231111).
• CVE-2024-46809: drm/amd/display: Check BIOS images before it is used (bsc#1231148).
• CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
• CVE-2024-46816: drm/amd/display: Stop amdgpudm initialize when link nums greater than maxlinks (bsc#1231197).
• CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
• CVE-2024-46826: ELF: fix kernel.randomizevaspace double read (bsc#1231115).
• CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096).
• CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105).
• CVE-2024-46841: btrfs: do not BUGON on ENOMEM from btrfslookupextentinfo() in walkdownproc() (bsc#1231094).
• CVE-2024-46848: perf/x86/intel: Limit the period on Haswell (bsc#1231072).
• CVE-2024-47672: wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (bsc#1231540).
• CVE-2024-47673: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (bsc#1231539).
• CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
• CVE-2024-47684: tcp: check skb is non-NULL in tcprtodelta_us() (bsc#1231987).
• CVE-2024-47685: netfilter: nfrejectipv6: fix nfrejectip6tcphdrput() (bsc#1231998).
• CVE-2024-47697: drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (bsc#1231858).
• CVE-2024-47698: drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (bsc#1231859).
• CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
• CVE-2024-47707: ipv6: avoid possible NULL deref in rt6uncachedlistflushdev() (bsc#1231935).
• CVE-2024-47713: wifi: mac80211: use two-phase skb reclamation in ieee80211dostop() (bsc#1232016).
• CVE-2024-47735: RDMA/hns: Fix spinunlockirqrestore() called with IRQs enabled (bsc#1232111).
• CVE-2024-47737: nfsd: call cacheput if xdrreserve_space returns NULL (bsc#1232056).
• CVE-2024-47742: firmware_loader: Block path traversal (bsc#1232126).
• CVE-2024-47745: mm: split critical region in remapfilepages() and invoke LSMs in between (bsc#1232135).
• CVE-2024-49851: tpm: Clean up TPM space after command failure (bsc#1232134).
• CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
• CVE-2024-49881: ext4: update origpath in ext4find_extent() (bsc#1232201).
• CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200).
• CVE-2024-49883: ext4: aovid use-after-free in ext4extinsert_extent() (bsc#1232199).
• CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217).
• CVE-2024-49891: scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1232218).
• CVE-2024-49894: drm/amd/display: Fix index out of bounds in degamma hardware format translation (bsc#1232354).
• CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221).
• CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305).
• CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313).
• CVE-2024-49929: wifi: iwlwifi: mvm: avoid NULL pointer dereference (bsc#1232253).
• CVE-2024-49936: net/xen-netback: prevent UAF in xenvifflushhash() (bsc#1232424).
• CVE-2024-49949: net: avoid potential underflow in qdiscpktlen_init() with UFO (bsc#1232160).
• CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151).
• CVE-2024-49959: jbd2: stop waiting for space when jbd2cleanupjournal_tail() returns error (bsc#1232149).
• CVE-2024-49962: ACPICA: check null return of ACPIALLOCATEZEROED() in acpidbconverttopackage() (bsc#1232314).
• CVE-2024-49966: ocfs2: cancel dqisyncwork before freeing oinfo (bsc#1232141).
• CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140).
• CVE-2024-49991: drm/amdkfd: amdkfdfreegtt_mem clear the correct pointer (bsc#1232282).
• CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
• CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).
• CVE-2024-50006: ext4: fix idatasem unlock order in ext4indmigrate() (bsc#1232442).
• CVE-2024-50007: ALSA: asihpi: Fix potential OOB array access (bsc#1232394).
• CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).
• CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914).
• CVE-2024-50035: ppp: fix pppasyncencode() illegal access (bsc#1232392).
• CVE-2024-50045: netfilter: brnetfilter: fix panic with metadatadst skb (bsc#1231903).
• CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
• CVE-2024-50058: serial: protect uartportdtrrts() in uartshutdown() too (bsc#1232285).

The following non-security bugs were fixed:

• arm64: esr: Define ESRELxEC_* constants as UL (git-fixes)
• arm64: probes: Fix simulateldr*literal() (git-fixes)
• arm64: probes: Fix uprobes for big-endian kernels (git-fixes)
• arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)
• bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
• drbd: Add NULL check for net_conf to prevent dereference in state validation (git-fixes).
• drbd: Fix atomicity violation in drbduuidset_bm() (git-fixes).
• ext4: fix slab-use-after-free in ext4splitextent_at() (bsc#1232201)
• kernel-binary: generate and install compile_commands.json (bsc#1228971)
• net: usb: usbnet: fix name regression (get-fixes).
• nfs: fix memory leak in error path of nfs4doreclaim (git-fixes).
• nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes).
• x86/kaslr: Expose and use the end of the physical memory address space (bsc#1230405).