Lucene search

K
osvGoogleOSV:SUSE-SU-2024:2561-1
HistoryJul 18, 2024 - 2:04 p.m.

Security update for the Linux Kernel

2024-07-1814:04:33
Google
osv.dev
2
suse linux enterprise
kernel
security update
cves
bluetooth
usb
network
kvm
drm
fix
vulnerability
patch
linux
bugfixes

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.009

Percentile

83.5%

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988).
  • CVE-2021-47103: net: sock: preserve kabi for sock (bsc#1221010).
  • CVE-2021-47145: btrfs: do not BUG_ON in link_to_fixup_dir (bsc#1222005).
  • CVE-2021-47191: Fix out-of-bound read in resp_readcap16() (bsc#1222866).
  • CVE-2021-47201: iavf: free q_vectors before queues in iavf_disable_vf (bsc#1222792).
  • CVE-2021-47267: usb: fix various gadget panics on 10gbps cabling (bsc#1224993).
  • CVE-2021-47270: usb: fix various gadgets null ptr deref on 10gbps cabling (bsc#1224997).
  • CVE-2021-47275: bcache: avoid oversized read request in cache missing code path (bsc#1224965).
  • CVE-2021-47293: net/sched: act_skbmod: Skip non-Ethernet packets (bsc#1224978).
  • CVE-2021-47294: netrom: Decrease sock refcount when sock timers expire (bsc#1224977).
  • CVE-2021-47297: net: fix uninit-value in caif_seqpkt_sendmsg (bsc#1224976).
  • CVE-2021-47309: net: validate lwtstate->data before returning from skb_tunnel_info() (bsc#1224967).
  • CVE-2021-47328: blacklist.conf: bsc#1225047 CVE-2021-47328: breaks kABI Also, does not apply.
  • CVE-2021-47354: drm/sched: Avoid data corruptions (bsc#1225140)
  • CVE-2021-47372: net: macb: fix use after free on rmmod (bsc#1225184).
  • CVE-2021-47379: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (bsc#1225203).
  • CVE-2021-47407: KVM: x86: Handle SRCU initialization failure during page track init (bsc#1225306).
  • CVE-2021-47418: net_sched: fix NULL deref in fifo_set_limit() (bsc#1225337).
  • CVE-2021-47434: xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1225232).
  • CVE-2021-47438: net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() (bsc#1225229)
  • CVE-2021-47445: drm/msm: Fix null pointer dereference on pointer edp (bsc#1225261)
  • CVE-2021-47498: dm rq: do not queue request to blk-mq during DM suspend (bsc#1225357).
  • CVE-2021-47518: nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (bsc#1225372).
  • CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431).
  • CVE-2021-47544: tcp: fix page frag corruption on page fault (bsc#1225463).
  • CVE-2021-47547: net: tulip: de4x5: fix the problem that the array ‘lp->phy’ may be out of bound (bsc#1225505).
  • CVE-2021-47566: Fix clearing user buffer by properly using clear_user() (bsc#1225514).
  • CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
  • CVE-2021-47587: net: systemport: Add global locking for descriptor lifecycle (bsc#1226567).
  • CVE-2021-47602: mac80211: track only QoS data frames for admission control (bsc#1226554).
  • CVE-2021-47609: firmware: arm_scpi: Fix string overflow in SCPI genpd driver (bsc#1226562)
  • CVE-2022-48732: drm/nouveau: fix off by one in BIOS boundary checking (bsc#1226716)
  • CVE-2022-48733: btrfs: fix use-after-free after failure to create a snapshot (bsc#1226718).
  • CVE-2022-48740: selinux: fix double free of cond_list on error paths (bsc#1226699).
  • CVE-2022-48743: net: amd-xgbe: Fix skb data length underflow (bsc#1226705).
  • CVE-2022-48756: drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (bsc#1226698)
  • CVE-2022-48759: rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (bsc#1226711).
  • CVE-2022-48761: usb: xhci-plat: fix crash when suspend if remote wake enable (bsc#1226701).
  • CVE-2022-48772: media: lgdt3306a: Add a check against null-pointer-def (bsc#1226976).
  • CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
  • CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
  • CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
  • CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080).
  • CVE-2023-52675: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (bsc#1224504).
  • CVE-2023-52683: ACPI: LPIT: Avoid u32 multiplication overflow (bsc#1224627).
  • CVE-2023-52693: ACPI: video: check for error while searching for backlight device parent (bsc#1224686).
  • CVE-2023-52737: btrfs: lock the inode in shared mode before starting fiemap (bsc#1225484).
  • CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
  • CVE-2023-52753: drm/amd/display: Avoid NULL dereference of timing generator (bsc#1225478).
  • CVE-2023-52754: media: imon: fix access to invalid resource for the second interface (bsc#1225490).
  • CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548).
  • CVE-2023-52762: virtio-blk: fix implicit overflow on virtio_max_dma_size (bsc#1225573).
  • CVE-2023-52764: media: gspca: cpia1: shift-out-of-bounds in set_flicker (bsc#1225571).
  • CVE-2023-52784: bonding: stop the device in bond_setup_by_slave() (bsc#1224946).
  • CVE-2023-52817: drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (bsc#1225569).
  • CVE-2023-52818: drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (bsc#1225530).
  • CVE-2023-52819: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (bsc#1225532).
  • CVE-2023-52832: wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (bsc#1225577).
  • CVE-2023-52834: atl1c: Work around the DMA RX overflow issue (bsc#1225599).
  • CVE-2023-52835: perf/core: Bail out early if the request AUX area is out of bound (bsc#1225602).
  • CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951).
  • CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585).
  • CVE-2023-52855: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (bsc#1225583).
  • CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
  • CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647).
  • CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656).
  • CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659).
  • CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654).
  • CVE-2024-26679: Fixed read sk->sk_family once in inet_recv_error() (bsc#1222385).
  • CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
  • CVE-2024-26720: mm: Avoid overflows in dirty throttling logic (bsc#1222364).
  • CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809).
  • CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021).
  • CVE-2024-26880: dm: call the resume method on internal suspend (bsc#1223188).
  • CVE-2024-26894: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() (bsc#1223043).
  • CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
  • CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532).
  • CVE-2024-26973: fat: fix uninitialized field in nostale filehandles (bsc#1223641).
  • CVE-2024-27399: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (bsc#1224177).
  • CVE-2024-27410: Reject iftype change with mesh ID change (bsc#1224432).
  • CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948).
  • CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743).
  • CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735).
  • CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683).
  • CVE-2024-35822: usb: udc: remove warning when queue disabled ep (bsc#1224739).
  • CVE-2024-35828: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (bsc#1224622).
  • CVE-2024-35835: net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605).
  • CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
  • CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763).
  • CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
  • CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break() (bsc#1224668).
  • CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664).
  • CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678).
  • CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224672).
  • CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670).
  • CVE-2024-35922: fbmon: prevent division by zero in fb_videomode_from_videomode() (bsc#1224660)
  • CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661).
  • CVE-2024-35930: scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (bsc#1224651).
  • CVE-2024-35947: dyndbg: fix old BUG_ON in >control parser (bsc#1224647).
  • CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
  • CVE-2024-35956: Fixed qgroup prealloc rsv leak in subvolume operations (bsc#1224674)
  • CVE-2024-35958: net: ena: Fix incorrect descriptor free behavior (bsc#1224677).
  • CVE-2024-35960: net/mlx5: Properly link new fs rules into the tree (bsc#1224588).
  • CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575).
  • CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572).
  • CVE-2024-35997: Remove I2C_HID_READ_PENDING flag to prevent lock-up (bsc#1224552).
  • CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549).
  • CVE-2024-36014: drm/arm/malidp: fix a possible null pointer dereference (bsc#1225593).
  • CVE-2024-36016: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (bsc#1225642).
  • CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681).
  • CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949).
  • CVE-2024-36952: scsi: lpfc: Move NPIV’s transport unregistration to after resource clean up (bsc#1225898).
  • CVE-2024-36880: Bluetooth: qca: add missing firmware sanity checks (bsc#1225722).
  • CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
  • CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
  • CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770).
  • CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767).
  • CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815).
  • CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760).
  • CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761).
  • CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
  • CVE-2024-36941: wifi: nl80211: do not free NULL coalescing rule (bsc#1225835).
  • CVE-2024-36949: amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872)
  • CVE-2024-36950: firewire: ohci: mask bus reset interrupts between ISR and bottom half (bsc#1225895).
  • CVE-2024-36960: drm/vmwgfx: Fix invalid reads in fence signaled events (bsc#1225872)
  • CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
  • CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950).
  • CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101).
  • CVE-2024-38544: RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (bsc#1226597)
  • CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
  • CVE-2024-38546: drm: vc4: Fix possible null pointer dereference (bsc#1226593).
  • CVE-2024-38549: drm/mediatek: Add 0 size check to mtk_drm_gem_obj (bsc#1226735)
  • CVE-2024-38552: drm/amd/display: Fix potential index out of bounds in color (bsc#1226767)
  • CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744).
  • CVE-2024-38565: wifi: ar5523: enable proper endpoint verification (bsc#1226747).
  • CVE-2024-38567: wifi: carl9170: add a proper sanity check for endpoints (bsc#1226769).
  • CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634).
  • CVE-2024-38579: crypto: bcm - Fix pointer arithmetic (bsc#1226637).
  • CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610).
  • CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749).
  • CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757).
  • CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746).
  • CVE-2024-38618: ALSA: timer: Set lower bound of start tick time (bsc#1226754).
  • CVE-2024-38619: usb-storage: alauda: Check whether the media is initialized (bsc#1226861).
  • CVE-2024-38621: media: stk1160: fix bounds checking in stk1160_copy_video() (bsc#1226895).
  • CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857).
  • CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883).
  • CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996).
  • CVE-2024-38780: dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (bsc#1226886).
  • CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).
  • CVE-2024-39475: fbdev: savage: Handle err return when savagefb_check_var failed (bsc#1227435)

The following non-security bugs were fixed:

  • Btrfs: bail out on error during replay_dir_deletes (git-fixes)
  • Btrfs: clean up resources during umount after trans is aborted (git-fixes)
  • Btrfs: fix NULL pointer dereference in log_dir_items (git-fixes)
  • Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2() (git-fixes)
  • Btrfs: fix unexpected EEXIST from btrfs_get_extent (git-fixes)
  • Btrfs: send, fix issuing write op when processing hole in no data mode (git-fixes)
  • KVM: allow KVM_BUG/KVM_BUG_ON to handle 64-bit cond (git-fixes).
  • NFSv4: Always clear the pNFS layout when handling ESTALE (bsc#1221791).
  • NFSv4: nfs_set_open_stateid must not trigger state recovery for closed state (bsc#1221791).
  • PM: hibernate: x86: Use crc32 instead of md5 for hibernation e820 integrity check (git-fixes).
  • PNFS for stateid errors retry against MDS first (bsc#1221791).
  • RDMA/mlx5: Add check for srq max_sge attribute (git-fixes)
  • Revert ‘build initrd without systemd’ (bsc#1195775)’
  • SUNRPC: Fix gss_free_in_token_pages() (git-fixes).
  • SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git-fixes).
  • USB: serial: option: add Foxconn T99W265 with new baseline (git-fixes).
  • USB: serial: option: add Quectel EG912Y module support (git-fixes).
  • USB: serial: option: add Quectel RM500Q R13 firmware support (git-fixes).
  • arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (git-fixes).
  • blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062 bsc#1225203).
  • blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes bsc#1225203).
  • blk-cgroup: support to track if policy is online (bsc#1216062 bsc#1225203).
  • bpf, scripts: Correct GPL license name (git-fixes).
  • bsc#1225894: Fix build warning Fix the following build warning. * unused-variable (i) in …/drivers/gpu/drm/amd/amdkfd/kfd_device.c in kgd2kfd_resume …/drivers/gpu/drm/amd/amdkfd/kfd_device.c: In function ‘kgd2kfd_resume’: …/drivers/gpu/drm/amd/amdkfd/kfd_device.c:621:11: warning: unused variable ‘i’ [-Wunused-variable]
  • btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups (git-fixes)
  • btrfs: fix crash when trying to resume balance without the resume flag (git-fixes)
  • btrfs: fix describe_relocation when printing unknown flags (git-fixes)
  • btrfs: fix false EIO for missing device (git-fixes)
  • btrfs: tree-check: reduce stack consumption in check_dir_item (git-fixes)
  • btrfs: use correct compare function of dirty_metadata_bytes (git-fixes)
  • drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (git-fixes).
  • drm/amdkfd: Rework kfd_locked handling (bsc#1225872)
  • fix compat handling of FICLONERANGE, FIDEDUPERANGE and FS_IOC_FIEMAP (bsc#1225848).
  • fs: make fiemap work from compat_ioctl (bsc#1225848).
  • iommu/amd: Fix sysfs leak in iommu init (git-fixes).
  • iommu/vt-d: Allocate local memory for page request queue (git-fixes).
  • ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
  • kabi: blkcg_policy_data fix KABI (bsc#1216062 bsc#1225203).
  • kgdb: Add kgdb_has_hit_break function (git-fixes).
  • kgdb: Move the extern declaration kgdb_has_hit_break() to generic kgdb.h (git-fixes).
  • mkspec-dtb: add toplevel symlinks also on arm
  • net: hsr: fix placement of logical operator in a multi-line statement (bsc#1223021).
  • net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (git-fixes).
  • net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (git-fixes).
  • nfs: Handle error of rpc_proc_register() in nfs_net_init() (git-fixes).
  • nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912).
  • nvmet: fix ns enable/disable possible hang (git-fixes).
  • ocfs2: adjust enabling place for la window (bsc#1219224).
  • ocfs2: fix sparse warnings (bsc#1219224).
  • ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
  • ocfs2: speed up chain-list searching (bsc#1219224).
  • powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
  • rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212) Some builds do not just create an iso9660 image, but also mount it during build.
  • rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211) docker needs more networking modules, even legacy iptable_nat and _filter.
  • rpm/kernel-obs-build.spec.in: Include algif_hash, aegis128 and xts modules afgif_hash is needed by some packages (e.g. iwd) for tests, xts is used for LUKS2 volumes by default and aegis128 is useful as AEAD cipher for LUKS2. Wrap the long line to make it readable.
  • sched/deadline: Fix BUG_ON condition for deboosted tasks (bsc#1227407).
  • scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes).
  • scsi: 53c700: Check that command slot is not NULL (git-fixes).
  • scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes).
  • scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (git-fixes).
  • scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (git-fixes).
  • scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (git-fixes).
  • scsi: core: Decrease scsi_device’s iorequest_cnt if dispatch failed (git-fixes).
  • scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
  • scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
  • scsi: csiostor: Avoid function pointer casts (git-fixes).
  • scsi: isci: Fix an error code problem in isci_io_request_build() (git-fixes).
  • scsi: iscsi: Add length check for nlattr payload (git-fixes).
  • scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (git-fixes).
  • scsi: iscsi_tcp: restrict to TCP sockets (git-fixes).
  • scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (git-fixes).
  • scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type() (git-fixes).
  • scsi: libsas: Fix disk not being scanned in after being removed (git-fixes).
  • scsi: libsas: Introduce struct smp_disc_resp (git-fixes).
  • scsi: lpfc: Correct size for wqe for memset() (git-fixes).
  • scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (git-fixes).
  • scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
  • scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers (git-fixes).
  • scsi: mpt3sas: Fix in error path (git-fixes).
  • scsi: mpt3sas: Fix loop logic (git-fixes).
  • scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git-fixes).
  • scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly (git-fixes).
  • scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (git-fixes).
  • scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (git-fixes).
  • scsi: qedf: Fix NULL dereference in error handling (git-fixes).
  • scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
  • scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
  • scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
  • scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (git-fixes).
  • scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes).
  • scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
  • scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
  • scsi: stex: Fix gcc 13 warnings (git-fixes).
  • scsi: target: core: Add TMF to tmr_list handling (bsc#1223018 CVE-26845).
  • sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
  • usb: port: Do not try to peer unused USB ports based on location (git-fixes).
  • usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes).
  • x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys (git-fixes).
  • x86/boot/e820: Fix typo in e820.c comment (git-fixes).
  • x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
  • x86/fpu: Return proper error codes from user access functions (git-fixes).
  • x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
  • x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes).
  • x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes).
  • x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes (git-fixes).
  • x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
  • x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
  • x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes).

References

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.009

Percentile

83.5%