SUSE-SU-2024:3350-1 Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005568 fixes several issues. The following security issues were fixed: - CVE-2024-40909: Fix a potential use-after-free in bpflinkfree bsc1228349. - CVE-2023-52846: Prevent use after free in prpcreatetaggedframe bsc1225099. - CVE-2024-26923: Fixed...

DEBIAN-CVE-2024-46678

In the Linux kernel, the following vulnerability has been resolved: bonding: change ipseclock from spin lock to mutex In the cited commit, bond-ipseclock is added to protect ipseclist, hence xdodevstateadd and xdodevstatedelete are called inside this lock. As ipseclock is a spin lock and such...

SUSE-SU-2024:3037-1 Security update for the Linux Kernel (Live Patch 54 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122201 fixes several issues. The following security issues were fixed: - CVE-2021-47378: Fixed use-after-free by destroying cm id before destroying qp bsc1225202. - CVE-2024-27398: Fixed use-after-free bugs caused by scosocktimeout bsc1225013. -...

SUSE-SU-2024:2843-1 Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005559 fixes several issues. The following security issues were fixed: - CVE-2024-27398: Fixed use-after-free bug caused by scosocktimeout bsc1225013. - CVE-2024-35950: drm/client: Fully protect modes with dev-modeconfig.mutex bsc1225310. -...

SUSE CVE-2024-40980

In the Linux kernel, the following vulnerability has been resolved: dropmonitor: replace spinlock by rawspinlock tracedropcommon is called with preemption disabled, and it acquires a spinlock. This is problematic for RT kernels because spinlocks are sleeping locks in this configuration, which...

CVE-2022-48830

In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix potential CAN frame reception race in isotprcv When receiving a CAN frame the current code logic does not consider concurrently receiving processes which do not show up in real world usage. Ziyang Xuan writes: The...

CVE-2024-40980

In the Linux kernel, the following vulnerability has been resolved: dropmonitor: replace spinlock by rawspinlock tracedropcommon is called with preemption disabled, and it acquires a spinlock. This is problematic for RT kernels because spinlocks are sleeping locks in this configuration, which...

CVE-2022-48830 can: isotp: fix potential CAN frame reception race in isotp_rcv()

In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix potential CAN frame reception race in isotprcv When receiving a CAN frame the current code logic does not consider concurrently receiving processes which do not show up in real world usage. Ziyang Xuan writes: The...

CVE-2024-40980

In the Linux kernel, the following vulnerability has been resolved: dropmonitor: replace spinlock by rawspinlock tracedropcommon is called with preemption disabled, and it acquires a spinlock. This is problematic for RT kernels because spinlocks are sleeping locks in this configuration, which...

CVE-2024-40980 drop_monitor: replace spin_lock by raw_spin_lock

In the Linux kernel, the following vulnerability has been resolved: dropmonitor: replace spinlock by rawspinlock tracedropcommon is called with preemption disabled, and it acquires a spinlock. This is problematic for RT kernels because spinlocks are sleeping locks in this configuration, which...

CVE-2024-40980

CVE-2024-40980 affects the Linux kernel where drop_monitor uses a spin_lock in trace_drop_common() executed with preemption disabled, problematic on RT kernels due to sleeping locks in atomic context. The vulnerability can lead to a crash (sleeping function called from invalid context) and potent...

CVE-2024-40980 drop_monitor: replace spin_lock by raw_spin_lock

In the Linux kernel, the following vulnerability has been resolved: dropmonitor: replace spinlock by rawspinlock tracedropcommon is called with preemption disabled, and it acquires a spinlock. This is problematic for RT kernels because spinlocks are sleeping locks in this configuration, which...

CVE-2024-40980 drop_monitor: replace spin_lock by raw_spin_lock

In the Linux kernel, the following vulnerability has been resolved: dropmonitor: replace spinlock by rawspinlock tracedropcommon is called with preemption disabled, and it acquires a spinlock. This is problematic for RT kernels because spinlocks are sleeping locks in this configuration, which...

CVE-2024-40912 wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix deadlock in ieee80211stapsdeliverwakeup The ieee80211stapsdeliverwakeup function takes sta-pslock to synchronizes with ieee80211txhunicastpsbuf which is called from softirq context. However using only spinlock...

SUSE-SU-2024:2410-1 Security update for the Linux Kernel RT (Live Patch 14 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505001352 fixes several issues. The following security issues were fixed: - CVE-2024-26923: Fixed false-positive lockdep splat for spinlock in unixgc bsc1223683. - CVE-2024-26828: Fixed underflow in parseserverinterfaces bsc1223363...

CVE-2024-38780 dma-buf/sw-sync: don't enable IRQ from sync_print_obj()

In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from syncprintobj Since commit a6aa8fca4d79 "dma-buf/sw-sync: Reduce irqsave/irqrestore from known context" by error replaced spinunlockirqrestore with spinunlockirq for both syncdebugfsshow and...

CVE-2021-47132

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix skforwardmemory corruption on retransmission MPTCP skforwardmemory handling is a bit special, as such field is protected by the msk socket spinlock, instead of the plain socket lock. Currently we have a code path...

CVE-2021-47132

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix skforwardmemory corruption on retransmission MPTCP skforwardmemory handling is a bit special, as such field is protected by the msk socket spinlock, instead of the plain socket lock. Currently we have a code path...

CVE-2021-46929 sctp: use call_rcu to free endpoint

In the Linux kernel, the following vulnerability has been resolved: sctp: use callrcu to free endpoint This patch is to delay the endpoint free by calling callrcu to fix another use-after-free issue in sctpsockdump: BUG: KASAN: use-after-free in lockacquire+0x36d9/0x4c20 Call Trace:...

GSD-2022-1001789 f2fs: use spin_lock to avoid hang

f2fs: use spinlock to avoid hang This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.33 by commit 2eff60346e7ae1a24cd868b8fdcf58e946e7dde1. Fo...