SUSE-SU-2024:3680-1 Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-150600237 fixes several issues. The following security issues were fixed: - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails bsc122780...

SUSE-SU-2024:3655-1 Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005531 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. -...

SUSE-SU-2024:3643-1 Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-1504002492 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. -...

SUSE-SU-2024:3638-1 Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505001321 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. -...

SUSE-SU-2024:3631-1 Security update for the Linux Kernel RT (Live Patch 10 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505001335 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. -...

SUSE-SU-2024:3628-1 Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506008 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. - CVE-2024-40954...

kernel: gpiolib: cdev: Fix use after free in lineinfo_changed_notify

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfochangednotify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpiochrdevrelease, watchedlines is freed by bitmapfree, but the...

kernel: gpiolib: cdev: Fix use after free in lineinfo_changed_notify

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfochangednotify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpiochrdevrelease, watchedlines is freed by bitmapfree, but the...

CVE-2023-52894 usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: fix potential NULL ptr deref in ncmbitrate In Google internal bug 265639009 we've received an as yet unreproducible crash report from an aarch64 GKI 5.10.149-android13 running device. AFAICT the source code is...

CVE-2023-52894

CVE-2023-52894 affects the Linux kernel USB gadget f_ncm path, where a NULL cdev->gadget dereferences max_speed in ncm_bitrate() during SPEED_NOTIFY handling. The issue was observed on an aarch64 GKI 5.10.149-android13 crash (NULL pointer dereference at 0x5c) and is linked to ncm_do_notify() S...

DEBIAN-CVE-2024-38629

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Avoid unnecessary destruction of fileida fileida is allocated during cdev open and is freed accordingly during cdev release. This sequence is guaranteed by driver file operations. Therefore, there is no need to...

CVE-2024-38629 dmaengine: idxd: Avoid unnecessary destruction of file_ida

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Avoid unnecessary destruction of fileida fileida is allocated during cdev open and is freed accordingly during cdev release. This sequence is guaranteed by driver file operations. Therefore, there is no need to...

CVE-2024-38629 dmaengine: idxd: Avoid unnecessary destruction of file_ida

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Avoid unnecessary destruction of fileida fileida is allocated during cdev open and is freed accordingly during cdev release. This sequence is guaranteed by driver file operations. Therefore, there is no need to...

CVE-2024-38629

In CVE-2024-38629, the Linux kernel’s dmaengine: idxd driver had a use-after-free risk where ida_destroy(&file_ida) could run after file_ida was already destroyed during WQ cdev teardown, risking a kernel panic. The fix removes ida_destroy(&file_ida) since file_ida is allocated on cdev open and f...

CVE-2022-48759

In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsgctrldev and cdev struct rpmsgctrldev contains a struct cdev. The current code frees the rpmsgctrldev struct in rpmsgctrldevreleasedevice, but the cdev is a managed object, therefo...

DEBIAN-CVE-2022-48759

In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsgctrldev and cdev struct rpmsgctrldev contains a struct cdev. The current code frees the rpmsgctrldev struct in rpmsgctrldevreleasedevice, but the cdev is a managed object, therefo...

UBUNTU-CVE-2022-48759

In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsgctrldev and cdev struct rpmsgctrldev contains a struct cdev. The current code frees the rpmsgctrldev struct in rpmsgctrldevreleasedevice, but the cdev is a managed object, therefo...

CVE-2022-48759

CVE-2022-48759 describes a race in the Linux kernel between releasing rpmsg_ctrldev and its associated cdev, potentially freeing rpmsg_ctrldev before the cdev is fully released. The issue affects rpmsg_ctrldev which includes a struct cdev; freeing the rpmsg_ctrldev via rpmsg_ctrldev_release_devic...

CVE-2022-48759 rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev

In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsgctrldev and cdev struct rpmsgctrldev contains a struct cdev. The current code frees the rpmsgctrldev struct in rpmsgctrldevreleasedevice, but the cdev is a managed object, therefo...

CVE-2022-48759 rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev

In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsgctrldev and cdev struct rpmsgctrldev contains a struct cdev. The current code frees the rpmsgctrldev struct in rpmsgctrldevreleasedevice, but the cdev is a managed object, therefo...