Lucene search

GoogleOSV:SUSE-SU-2024:2384-1

HistoryJul 10, 2024 - 12:03 p.m.

Security update for the Linux Kernel

2024-07-1012:03:43

Google

osv.dev

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

Low

JSON

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.


The following security bugs were fixed:

- CVE-2021-47247: net/mlx5e: Fix use-after-free of encap entry in neigh update handler (bsc#1224865).
- CVE-2021-47311: net: qcom/emac: fix UAF in emac_remove (bsc#1225010).
- CVE-2021-47368: enetc: Fix illegal access when reading affinity_hint (bsc#1225161).
- CVE-2021-47372: net: macb: fix use after free on rmmod (bsc#1225184).
- CVE-2021-47379: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (bsc#1225203).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2022-2938: psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1202623).
- CVE-2022-48760: USB: core: Fix hang in usb_kill_urb by adding memory barriers (bsc#1226712).
- CVE-2023-52707: sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1225109). polled (bsc#1202623).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35950: drm/client: Fully protect modes with dev-&gt;mode_config.mutex (bsc#1224703).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).

The following non-security bugs were fixed:

- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- psi: Fix uaf issue when psi trigger is destroyed while being
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).

References

bugzilla.suse.com/1156395

bugzilla.suse.com/1171988

bugzilla.suse.com/1176447

bugzilla.suse.com/1176774

bugzilla.suse.com/1181147

bugzilla.suse.com/1191958

bugzilla.suse.com/1195065

bugzilla.suse.com/1195254

bugzilla.suse.com/1195798

bugzilla.suse.com/1202623

bugzilla.suse.com/1218148

bugzilla.suse.com/1219224

bugzilla.suse.com/1219633

bugzilla.suse.com/1222015

bugzilla.suse.com/1223011

bugzilla.suse.com/1224671

bugzilla.suse.com/1224703

bugzilla.suse.com/1224749

bugzilla.suse.com/1224764

bugzilla.suse.com/1224765

bugzilla.suse.com/1224766

bugzilla.suse.com/1224865

bugzilla.suse.com/1225010

bugzilla.suse.com/1225047

bugzilla.suse.com/1225109

bugzilla.suse.com/1225161

bugzilla.suse.com/1225184

bugzilla.suse.com/1225203

bugzilla.suse.com/1225487

bugzilla.suse.com/1225518

bugzilla.suse.com/1225611

bugzilla.suse.com/1225732

bugzilla.suse.com/1225749

bugzilla.suse.com/1225840

bugzilla.suse.com/1225866

bugzilla.suse.com/1226226

bugzilla.suse.com/1226537

bugzilla.suse.com/1226552

bugzilla.suse.com/1226554

bugzilla.suse.com/1226557

bugzilla.suse.com/1226558

bugzilla.suse.com/1226562

bugzilla.suse.com/1226563

bugzilla.suse.com/1226575

bugzilla.suse.com/1226583

bugzilla.suse.com/1226585

bugzilla.suse.com/1226587

bugzilla.suse.com/1226595

bugzilla.suse.com/1226614

bugzilla.suse.com/1226619

bugzilla.suse.com/1226621

bugzilla.suse.com/1226624

bugzilla.suse.com/1226643

bugzilla.suse.com/1226644

bugzilla.suse.com/1226645

bugzilla.suse.com/1226647

bugzilla.suse.com/1226650

bugzilla.suse.com/1226669

bugzilla.suse.com/1226670

bugzilla.suse.com/1226672

bugzilla.suse.com/1226674

bugzilla.suse.com/1226679

bugzilla.suse.com/1226686

bugzilla.suse.com/1226691

bugzilla.suse.com/1226692

bugzilla.suse.com/1226698

bugzilla.suse.com/1226703

bugzilla.suse.com/1226708

bugzilla.suse.com/1226709

bugzilla.suse.com/1226711

bugzilla.suse.com/1226712

bugzilla.suse.com/1226713

bugzilla.suse.com/1226715

bugzilla.suse.com/1226716

bugzilla.suse.com/1226720

bugzilla.suse.com/1226721

bugzilla.suse.com/1226732

bugzilla.suse.com/1226762

bugzilla.suse.com/1226785

bugzilla.suse.com/1226786

bugzilla.suse.com/1226962

www.suse.com/security/cve/CVE-2021-43389

www.suse.com/security/cve/CVE-2021-4439

www.suse.com/security/cve/CVE-2021-47247

www.suse.com/security/cve/CVE-2021-47311

www.suse.com/security/cve/CVE-2021-47328

www.suse.com/security/cve/CVE-2021-47368

www.suse.com/security/cve/CVE-2021-47372

www.suse.com/security/cve/CVE-2021-47379

www.suse.com/security/cve/CVE-2021-47571

www.suse.com/security/cve/CVE-2021-47576

www.suse.com/security/cve/CVE-2021-47583

www.suse.com/security/cve/CVE-2021-47589

www.suse.com/security/cve/CVE-2021-47595

www.suse.com/security/cve/CVE-2021-47596

www.suse.com/security/cve/CVE-2021-47600

www.suse.com/security/cve/CVE-2021-47602

www.suse.com/security/cve/CVE-2021-47609

www.suse.com/security/cve/CVE-2021-47611

www.suse.com/security/cve/CVE-2021-47612

www.suse.com/security/cve/CVE-2021-47617

www.suse.com/security/cve/CVE-2021-47618

www.suse.com/security/cve/CVE-2021-47619

www.suse.com/security/cve/CVE-2021-47620

www.suse.com/security/cve/CVE-2022-2938

www.suse.com/security/cve/CVE-2022-48711

www.suse.com/security/cve/CVE-2022-48715

www.suse.com/security/cve/CVE-2022-48717

www.suse.com/security/cve/CVE-2022-48722

www.suse.com/security/cve/CVE-2022-48724

www.suse.com/security/cve/CVE-2022-48726

www.suse.com/security/cve/CVE-2022-48728

www.suse.com/security/cve/CVE-2022-48730

www.suse.com/security/cve/CVE-2022-48732

www.suse.com/security/cve/CVE-2022-48736

www.suse.com/security/cve/CVE-2022-48737

www.suse.com/security/cve/CVE-2022-48738

www.suse.com/security/cve/CVE-2022-48746

www.suse.com/security/cve/CVE-2022-48747

www.suse.com/security/cve/CVE-2022-48748

www.suse.com/security/cve/CVE-2022-48749

www.suse.com/security/cve/CVE-2022-48752

www.suse.com/security/cve/CVE-2022-48754

www.suse.com/security/cve/CVE-2022-48756

www.suse.com/security/cve/CVE-2022-48758

www.suse.com/security/cve/CVE-2022-48759

www.suse.com/security/cve/CVE-2022-48760

www.suse.com/security/cve/CVE-2022-48767

www.suse.com/security/cve/CVE-2022-48768

www.suse.com/security/cve/CVE-2022-48771

www.suse.com/security/cve/CVE-2023-24023

www.suse.com/security/cve/CVE-2023-52707

www.suse.com/security/cve/CVE-2023-52752

www.suse.com/security/cve/CVE-2023-52881

www.suse.com/security/cve/CVE-2024-26822

www.suse.com/security/cve/CVE-2024-35789

www.suse.com/security/cve/CVE-2024-35861

www.suse.com/security/cve/CVE-2024-35862

www.suse.com/security/cve/CVE-2024-35864

www.suse.com/security/cve/CVE-2024-35878

www.suse.com/security/cve/CVE-2024-35950

www.suse.com/security/cve/CVE-2024-36894

www.suse.com/security/cve/CVE-2024-36904

www.suse.com/security/cve/CVE-2024-36940

www.suse.com/security/cve/CVE-2024-36964

www.suse.com/security/cve/CVE-2024-38541

www.suse.com/security/cve/CVE-2024-38545

www.suse.com/security/cve/CVE-2024-38559

www.suse.com/security/cve/CVE-2024-38560

www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

Low

JSON

Related for OSV:SUSE-SU-2024:2384-1