Security update for the Linux Kernel
An update that solves 87 vulnerabilities and has 12 security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104).
- CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612).
- CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
- CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
- CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342).
- CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721).
- CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618).
- CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2023-52607: Fixed NULL pointer dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
The following non-security bugs were fixed:
- Call flush_delayed_fput() from nfsd main-loop (bsc#1223380).
- ibmvfc: make 'max_sectors' a module option (bsc#1216223).
- scsi: Update max_hw_sectors on rescan (bsc#1216223).
Special Instructions and Notes:
- Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-1647=1
-
SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-1647=1
-
openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2024-1647=1
-
openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2024-1647=1
-
SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-1647=1
-
SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-1647=1
Package List:
-
SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64)
- kernel-rt-5.14.21-150400.15.79.1
-
SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
- kernel-rt-debugsource-5.14.21-150400.15.79.1
- kernel-rt-debuginfo-5.14.21-150400.15.79.1
-
SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
- kernel-source-rt-5.14.21-150400.15.79.1
-
SUSE Linux Enterprise Micro 5.4 (nosrc x86_64)
- kernel-rt-5.14.21-150400.15.79.1
-
SUSE Linux Enterprise Micro 5.4 (x86_64)
- kernel-rt-debugsource-5.14.21-150400.15.79.1
- kernel-rt-debuginfo-5.14.21-150400.15.79.1
-
SUSE Linux Enterprise Micro 5.4 (noarch)
- kernel-source-rt-5.14.21-150400.15.79.1
-
openSUSE Leap Micro 5.3 (nosrc x86_64)
- kernel-rt-5.14.21-150400.15.79.1
-
openSUSE Leap Micro 5.3 (x86_64)
- kernel-rt-debugsource-5.14.21-150400.15.79.1
- kernel-rt-debuginfo-5.14.21-150400.15.79.1
-
openSUSE Leap Micro 5.4 (nosrc x86_64)
- kernel-rt-5.14.21-150400.15.79.1
-
openSUSE Leap Micro 5.4 (x86_64)
- kernel-rt-debugsource-5.14.21-150400.15.79.1
- kernel-rt-debuginfo-5.14.21-150400.15.79.1
-
SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64)
- kernel-rt-5.14.21-150400.15.79.1
-
SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
- kernel-rt-debugsource-5.14.21-150400.15.79.1
- kernel-rt-debuginfo-5.14.21-150400.15.79.1
-
SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
- kernel-source-rt-5.14.21-150400.15.79.1
-
SUSE Linux Enterprise Micro 5.3 (nosrc x86_64)
- kernel-rt-5.14.21-150400.15.79.1
-
SUSE Linux Enterprise Micro 5.3 (x86_64)
- kernel-rt-debugsource-5.14.21-150400.15.79.1
- kernel-rt-debuginfo-5.14.21-150400.15.79.1
-
SUSE Linux Enterprise Micro 5.3 (noarch)
- kernel-source-rt-5.14.21-150400.15.79.1
References: