SUSE-SU-2024:3806-1 Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024119 fixes several issues. The following security issues were fixed: - CVE-2024-35905: Fixed int overflow for stack access size bsc1226327. - CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. - CVE-2024-35863: Fixed potentia...

CVE-2024-50086 ksmbd: fix user-after-free from session log off

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix user-after-free from session log off There is racy issue between smb2 session log off and smb2 session setup. It will cause user-after-free from session log off. This add sessionlock when setting SMB2SESSIONEXPIRED and...

CVE-2024-49931 wifi: ath12k: fix array out-of-bound access in SoC stats

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix array out-of-bound access in SoC stats Currently, the ath12ksocdpstats::halreoerror array is defined with a maximum size of DPREODSTRINGMAX. However, the ath12kdprxprocess function access...

UBUNTU-CVE-2024-47744

In the Linux kernel, the following vulnerability has been resolved: KVM: Use dedicated mutex to protect kvmusagecount to avoid deadlock Use a dedicated mutex to guard kvmusagecount to fix a potential deadlock on x86 due to a chain of locks and SRCU synchronizations. Translating the below lockdep...

DEBIAN-CVE-2024-47680

In the Linux kernel, the following vulnerability has been resolved: f2fs: check discard support for conventional zones As the helper function f2fsbdevsupportdiscard shows, f2fs checks if the target block devices support discard by calling bdevmaxdiscardsectors and bdeviszoned. This check works we...

CVE-2024-47715 wifi: mt76: mt7915: fix oops on non-dbdc mt7986

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: fix oops on non-dbdc mt7986 mt7915bandconfig sets bandidx = 1 on the main phy for mt7986 with MT7975ONEADIE or MT7976ONEADIE. Commit 0335c034e726 "wifi: mt76: fix race condition related to checking tx queue fi...

DEBIAN-CVE-2024-47659

In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...

kernel: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()

A vulnerability was found in the icebridgesetlink function in the Linux kernel. A missing check to verify whether the nlmsgfindattr function returns NULL or not could lead to a NULL pointer dereference, system instability, or crashes...

AZL-49328 CVE-2024-46681 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: pktgen: use cpusreadlock in pgnetinit I have seen the WARNONsmpprocessorid != cpu firing in pktgenthreadworker during tests. We must use cpusreadlock/cpusreadunlock around the foreachonlinecpucpu loop. While we are at it use...

UBUNTU-CVE-2024-43834

In the Linux kernel, the following vulnerability has been resolved: xdp: fix invalid wait context of pagepooldestroy If the driver uses a page pool, it creates a page pool with pagepoolcreate. The reference count of page pool is 1 as default. A page pool will be destroyed only when a reference...

CVE-2024-42294 block: fix deadlock between sd_remove & sd_release

In the Linux kernel, the following vulnerability has been resolved: block: fix deadlock between sdremove & sdrelease Our test report the following hung task: 2538.459400 INFO: task "kworker/0:0":7 blocked for more than 188 seconds. 2538.459427 Call trace: 2538.459430 switchto+0x174/0x338...

DEBIAN-CVE-2024-41021

In the Linux kernel, the following vulnerability has been resolved: s390/mm: Fix VMFAULTHWPOISON handling in doexception There is no support for HWPOISON, MEMORYFAILURE, or ARCHHASCOPYMC on s390. Therefore we do not expect to see VMFAULTHWPOISON in doexception. However, since commit af19487f00f3...

AZL-47931 CVE-2024-39487 affecting package kernel for versions less than 5.15.164.1-1

In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bondoptionarpiptargetsset In function bondoptionarpiptargetsset, if newval-string is an empty string, newval-string+1 will point to the byte after the string, causing an out-of-bound read. BUG:...

UBUNTU-CVE-2024-39474

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix vmalloc which may return null if called with GFPNOFAIL commit a421ef303008 "mm: allow !GFPKERNEL allocations for kvmalloc" includes support for GFPNOFAIL, but it presents a conflict with commit dd544141b9eb...

OESA-2024-1768 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Fix DSP oops stack dump output contents Fix @buf arg given to hexdumptobuffer and stack address used in dump error output.CVE-2021-47381 In the Linux...

SUSE CVE-2024-39276

In the Linux kernel, the following vulnerability has been resolved: ext4: fix mbcacheentry's erefcnt leak in ext4xattrblockcachefind Syzbot reports a warning as follows: ============================================ WARNING: CPU: 0 PID: 5075 at fs/mbcache.c:419 mbcachedestroy+0x224/0x290 Modules...

UBUNTU-CVE-2024-39469

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfsemptydir misjudgment and long loop on I/O errors The error handling in nilfsemptydir when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the folio/page cannot be read or...

SUSE CVE-2022-48714

In the Linux kernel, the following vulnerability has been resolved: bpf: Use VMMAP instead of VMALLOC for ringbuf After commit 2fd3fb0be1d1 "kasan, vmalloc: unpoison VMALLOC pages after mapping", non-VMALLOC mappings will be marked as accessible in getvmareanode when KASAN is enabled. But now the...

UBUNTU-CVE-2023-52883

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible null pointer dereference abo-tbo.resource may be NULL in amdgpuvmboupdate...

UBUNTU-CVE-2024-38590

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Modify the print level of CQE error Too much print may lead to a panic in kernel. Change ibdeverr to ibdeverrratelimited, and change the printing level of cqe dump to debug level...