GoogleOSV:SUSE-SU-2024:3249-1Security update for the Linux Kernel
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2022-48919: Fix double free race when mount fails in cifs_get_root() (bsc#1229657).
- CVE-2023-52854: Fix refcnt handling in padata_free_shell() (bsc#1225584).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2022-48872: Fix use-after-free race condition for maps (bsc#1229510).
- CVE-2022-48873: Do not remove map on creater_process and device_release (bsc#1229512).
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
- CVE-2022-48686: Fixed UAF when detecting digest errors (bsc#1223948).
- CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020).
- CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)
The following non-security bugs were fixed:
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error).
- sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799 bsc#1225109).
- scsi: pm80xx: Fix TMF task completion race condition (bsc#1228002).
References
bugzilla.suse.com/1176447
bugzilla.suse.com/1195668
bugzilla.suse.com/1195928
bugzilla.suse.com/1195957
bugzilla.suse.com/1196018
bugzilla.suse.com/1196516
bugzilla.suse.com/1196823
bugzilla.suse.com/1202346
bugzilla.suse.com/1209636
bugzilla.suse.com/1209799
bugzilla.suse.com/1210629
bugzilla.suse.com/1216834
bugzilla.suse.com/1220185
bugzilla.suse.com/1220186
bugzilla.suse.com/1222251
bugzilla.suse.com/1222728
bugzilla.suse.com/1223948
bugzilla.suse.com/1225109
bugzilla.suse.com/1225584
bugzilla.suse.com/1227832
bugzilla.suse.com/1227924
bugzilla.suse.com/1227928
bugzilla.suse.com/1227932
bugzilla.suse.com/1227935
bugzilla.suse.com/1227941
bugzilla.suse.com/1227942
bugzilla.suse.com/1227945
bugzilla.suse.com/1227952
bugzilla.suse.com/1227964
bugzilla.suse.com/1227969
bugzilla.suse.com/1227985
bugzilla.suse.com/1227987
bugzilla.suse.com/1227988
bugzilla.suse.com/1227989
bugzilla.suse.com/1227997
bugzilla.suse.com/1228000
bugzilla.suse.com/1228002
bugzilla.suse.com/1228004
bugzilla.suse.com/1228005
bugzilla.suse.com/1228006
bugzilla.suse.com/1228015
bugzilla.suse.com/1228020
bugzilla.suse.com/1228037
bugzilla.suse.com/1228045
bugzilla.suse.com/1228060
bugzilla.suse.com/1228062
bugzilla.suse.com/1228066
bugzilla.suse.com/1228114
bugzilla.suse.com/1228516
bugzilla.suse.com/1228576
bugzilla.suse.com/1228959
bugzilla.suse.com/1229400
bugzilla.suse.com/1229454
bugzilla.suse.com/1229500
bugzilla.suse.com/1229503
bugzilla.suse.com/1229510
bugzilla.suse.com/1229512
bugzilla.suse.com/1229598
bugzilla.suse.com/1229604
bugzilla.suse.com/1229607
bugzilla.suse.com/1229620
bugzilla.suse.com/1229621
bugzilla.suse.com/1229624
bugzilla.suse.com/1229626
bugzilla.suse.com/1229629
bugzilla.suse.com/1229630
bugzilla.suse.com/1229637
bugzilla.suse.com/1229641
bugzilla.suse.com/1229657
bugzilla.suse.com/1229707
www.suse.com/security/cve/CVE-2021-4441
www.suse.com/security/cve/CVE-2022-0854
www.suse.com/security/cve/CVE-2022-20368
www.suse.com/security/cve/CVE-2022-28748
www.suse.com/security/cve/CVE-2022-2964
www.suse.com/security/cve/CVE-2022-48686
www.suse.com/security/cve/CVE-2022-48775
www.suse.com/security/cve/CVE-2022-48778
www.suse.com/security/cve/CVE-2022-48787
www.suse.com/security/cve/CVE-2022-48788
www.suse.com/security/cve/CVE-2022-48789
www.suse.com/security/cve/CVE-2022-48790
www.suse.com/security/cve/CVE-2022-48791
www.suse.com/security/cve/CVE-2022-48798
www.suse.com/security/cve/CVE-2022-48802
www.suse.com/security/cve/CVE-2022-48805
www.suse.com/security/cve/CVE-2022-48811
www.suse.com/security/cve/CVE-2022-48823
www.suse.com/security/cve/CVE-2022-48824
www.suse.com/security/cve/CVE-2022-48827
www.suse.com/security/cve/CVE-2022-48834
www.suse.com/security/cve/CVE-2022-48835
www.suse.com/security/cve/CVE-2022-48836
www.suse.com/security/cve/CVE-2022-48837
www.suse.com/security/cve/CVE-2022-48838
www.suse.com/security/cve/CVE-2022-48839
www.suse.com/security/cve/CVE-2022-48843
www.suse.com/security/cve/CVE-2022-48851
www.suse.com/security/cve/CVE-2022-48853
www.suse.com/security/cve/CVE-2022-48856
www.suse.com/security/cve/CVE-2022-48857
www.suse.com/security/cve/CVE-2022-48858
www.suse.com/security/cve/CVE-2022-48872
www.suse.com/security/cve/CVE-2022-48873
www.suse.com/security/cve/CVE-2022-48901
www.suse.com/security/cve/CVE-2022-48905
www.suse.com/security/cve/CVE-2022-48912
www.suse.com/security/cve/CVE-2022-48917
www.suse.com/security/cve/CVE-2022-48919
www.suse.com/security/cve/CVE-2022-48925
www.suse.com/security/cve/CVE-2022-48926
www.suse.com/security/cve/CVE-2022-48928
www.suse.com/security/cve/CVE-2022-48930
www.suse.com/security/cve/CVE-2022-48933
www.suse.com/security/cve/CVE-2022-48934
www.suse.com/security/cve/CVE-2023-1582
www.suse.com/security/cve/CVE-2023-2176
www.suse.com/security/cve/CVE-2023-52854
www.suse.com/security/cve/CVE-2024-26583
www.suse.com/security/cve/CVE-2024-26584
www.suse.com/security/cve/CVE-2024-26800
www.suse.com/security/cve/CVE-2024-40910
www.suse.com/security/cve/CVE-2024-41009
www.suse.com/security/cve/CVE-2024-41011
www.suse.com/security/cve/CVE-2024-41062
www.suse.com/security/cve/CVE-2024-42077
www.suse.com/security/cve/CVE-2024-42232
www.suse.com/security/cve/CVE-2024-42271
www.suse.com/security/cve/CVE-2024-43861
www.suse.com/security/cve/CVE-2024-43882
www.suse.com/security/cve/CVE-2024-43883
www.suse.com/security/cve/CVE-2024-44947
www.suse.com/support/update/announcement/2024/suse-su-20243249-1/
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High