SUSE-SU-2024:4177-1 Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059141 fixes several issues. The following security issues were fixed: - CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. - CVE-2024-43861: Fix memory leak for not ip packets bsc1229553...

CVE-2024-36904

A use-after-free flaw was found in the Linux kernel’s TCP protocol in how a local user triggers a complex race condition during connection to the socket. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation Mitigation for this issue is either n...

CVE-2024-36904

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcountincnotzero in tcptwskunique. Anderson Nascimento reported a use-after-free splat in tcptwskunique with nice analysis. Since commit ec94c2696f0b "tcp/dccp: avoid one atomic operation for timewait hashdance",...

CVE-2024-36904 tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcountincnotzero in tcptwskunique. Anderson Nascimento reported a use-after-free splat in tcptwskunique with nice analysis. Since commit ec94c2696f0b "tcp/dccp: avoid one atomic operation for timewait hashdance",...