[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2024:0468-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":32,"duplicates":33,"related":34,"reserved_at":9,"published_at":44,"modified_at":45,"state":9,"summary":46,"references_raw":48,"kevs":189,"epss":9,"epss_history":190,"metrics":191,"affected":192},"SUSE-SU-2024:0468-1","Security update for the Linux Kernel\n\n\nThe SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).\n- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).\n- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).\n- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).\n- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).\n- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).\n- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).\n- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).\n- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).\n\nThe following non-security bugs were fixed:\n\n- 9p: missing chunk of 'fs/9p: Do not update file type when updating file attributes' (git-fixes).\n- ACPICA: Avoid cache flush inside virtual machines (git-fixes).\n- Fix build error in debug config\n- GFS2: Flush the GFS2 delete workqueue before stopping the kernel threads (git-fixes).\n- KVM: s390: vsie: Fix STFLE interpretive execution identification (git-fixes bsc#1219022).\n- Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281).\n- UAPI: ndctl: Fix g++-unsupported initialisation in headers (git-fixes).\n- USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).\n- USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).\n- USB: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes).\n- USB: serial: option: fix FM101R-GL defines (git-fixes).\n- acpi/nfit: Require opt-in for read-only label configurations (git-fixes).\n- acpi/nfit: improve bounds checking for 'func' (git-fixes).\n- affs: fix basic permission bits to actually work (git-fixes).\n- aio: fix mremap after fork null-deref (git-fixes).\n- asix: Add check for usbnet_get_endpoints (git-fixes).\n- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1219445).\n- chardev: fix error handling in cdev_device_add() (git-fixes).\n- configfs: fix a deadlock in configfs_symlink() (git-fixes).\n- configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes).\n- configfs: fix a use-after-free in __configfs_open_file (git-fixes).\n- configfs: fix config_item refcnt leak in configfs_rmdir() (git-fixes).\n- configfs: fix memleak in configfs_release_bin_file (git-fixes).\n- configfs: new object reprsenting tree fragments (git-fixes).\n- configfs: provide exclusion between IO and removals (git-fixes).\n- configfs: stash the data we need into configfs_buffer at open time (git-fixes).\n- ext4: Avoid freeing inodes on dirty list (bsc#1216989).\n- ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889).\n- fat: add ratelimit to fat*_ent_bread() (git-fixes).\n- fs/exofs: fix potential memory leak in mount option parsing (git-fixes).\n- fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters() (git-fixes).\n- fs/fat/file.c: issue flush after the writeback of FAT (git-fixes).\n- fs/file.c: initialize init_files.resize_wait (git-fixes).\n- fs: do not audit the capability check in simple_xattr_list() (git-fixes).\n- fs: ocfs2: namei: check return value of ocfs2_add_entry() (git-fixes).\n- fs: orangefs: fix error return code of orangefs_revalidate_lookup() (git-fixes).\n- fs: ratelimit __find_get_block_slow() failure message (git-fixes).\n- fs: warn about impending deprecation of mandatory locks (git-fixes).\n- gfs2: Allow lock_nolock mount to specify jid=X (git-fixes).\n- gfs2: Check sb_bsize_shift after reading superblock (git-fixes).\n- gfs2: Do not call dlm after protocol is unmounted (git-fixes).\n- gfs2: Do not set GFS2_RDF_UPTODATE when the lvb is updated (git-fixes).\n- gfs2: Do not skip dlm unlock if glock had an lvb (git-fixes).\n- gfs2: Fix inode height consistency check (git-fixes).\n- gfs2: Fix lru_count going negative (git-fixes).\n- gfs2: Fix marking bitmaps non-full (git-fixes).\n- gfs2: Fix possible data races in gfs2_show_options() (git-fixes).\n- gfs2: Fix sign extension bug in gfs2_update_stats (git-fixes).\n- gfs2: Fix use-after-free in gfs2_glock_shrink_scan (git-fixes).\n- gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free (git-fixes).\n- gfs2: Make sure FITRIM minlen is rounded up to fs block size (git-fixes).\n- gfs2: Special-case rindex for gfs2_grow (git-fixes).\n- gfs2: Wake up when sd_glock_disposal becomes zero (git-fixes).\n- gfs2: add validation checks for size of superblock (git-fixes).\n- gfs2: assign rgrp glock before compute_bitstructs (git-fixes).\n- gfs2: check for empty rgrp tree in gfs2_ri_update (git-fixes).\n- gfs2: check for live vs. read-only file system in gfs2_fitrim (git-fixes).\n- gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps (git-fixes).\n- gfs2: fix use-after-free on transaction ail lists (git-fixes).\n- gfs2: ignore negated quota changes (git-fixes).\n- gfs2: initialize transaction tr_ailX_lists earlier (git-fixes).\n- gfs2: report 'already frozen/thawed' errors (git-fixes).\n- gfs2: take jdata unstuff into account in do_grow (git-fixes).\n- gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache (git-fixes).\n- gtp: change NET_UDP_TUNNEL dependency to select (git-fixes).\n- help_next should increase position index (git-fixes).\n- iomap: sub-block dio needs to zeroout beyond EOF (git-fixes).\n- kernfs: Separate kernfs_pr_cont_buf and rename_lock (git-fixes).\n- kernfs: bring names in comments in line with code (git-fixes).\n- kernfs: fix use-after-free in __kernfs_remove (git-fixes).\n- libceph: use kernel_connect() (bsc#1219446).\n- libnvdimm/btt: Fix LBA masking during 'free list' population (git-fixes).\n- libnvdimm/btt: Fix a kmemdup failure check (git-fixes).\n- libnvdimm/btt: Remove unnecessary code in btt_freelist_init (git-fixes).\n- libnvdimm/btt: fix variable 'rc' set but not used (git-fixes).\n- libnvdimm/namespace: Fix a potential NULL pointer dereference (git-fixes).\n- libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (git-fixes).\n- libnvdimm/pmem: Delete include of nd-core.h (git-fixes).\n- libnvdimm/pmem: fix a possible OOB access when read and write pmem (git-fixes).\n- libnvdimm/region: Fix label activation vs errors (git-fixes).\n- libnvdimm: Fix compilation warnings with W=1 (git-fixes).\n- libnvdimm: Out of bounds read in __nd_ioctl() (git-fixes).\n- libnvdimm: Validate command family indices (git-fixes).\n- libnvdimm: cover up changes in struct nvdimm_bus_descriptor (git-fixes).\n- locks: print a warning when mount fails due to lack of 'mand' support (git-fixes).\n- mce: fix set_mce_nospec to always unmap the whole page (git-fixes).\n- mlxsw: spectrum: Avoid -Wformat-truncation warnings (git-fixes).\n- mlxsw: spectrum: Properly cleanup LAG uppers when removing port from LAG (git-fixes).\n- mlxsw: spectrum: Set LAG port collector only when active (git-fixes).\n- mm,mremap: bail out earlier in mremap_to under map pressure (bsc#1123986).\n- net: (cpts) fix a missing check of clk_prepare (git-fixes).\n- net: dsa: bcm_sf2: Propagate error value from mdio_write (git-fixes).\n- net: dsa: mv88e6xxx: Work around mv886e6161 SERDES missing MII_PHYSID2 (git-fixes).\n- net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0 (git-fixed).\n- net: dsa: qca8k: Enable delay for RGMII_ID mode (git-fixes).\n- net: ethernet: ti: fix possible object reference leak (git-fixes).\n- net: fec: Do not use netdev messages too early (git-fixes).\n- net: ks8851: Delay requesting IRQ until opened (git-fixes).\n- net: ks8851: Reassert reset pin if chip ID check fails (git-fixes).\n- net: ks8851: Set initial carrier state to down (git-fixes).\n- net: macb: Add null check for PCLK and HCLK (git-fixed).\n- net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() (git-fixes).\n- net: phy: sfp: warn the user when no tx_disable pin is available (git-fixes).\n- net: phylink: avoid resolving link state too early (git-fixes).\n- net: sfp: do not probe SFP module before we're attached (git-fixes).\n- net: stmmac: Disable EEE mode earlier in XMIT callback (git-fixes).\n- net: stmmac: Fallback to Platform Data clock in Watchdog conversion (git-fixes).\n- net: stmmac: do not overwrite discard_frame status (git-fixes).\n- net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup() (git-fixes).\n- net: stmmac: dwmac1000: Clear unused address entries (git-fixed).\n- net: stmmac: dwmac1000: fix out-of-bounds mac address reg setting (git-fixes).\n- net: stmmac: dwmac4/5: Clear unused address entries (git-fixes).\n- net: systemport: Fix reception of BPDUs (git-fixes).\n- net: xilinx: fix possible object reference leak (git-fixed).\n- nfs: NFS 4.0 LOCK calls getting constant NFS4ERR_BAD_SEQID (bsc#1218968).\n- nfsd: drop st_mutex and rp_mutex before calling move_to_close_lru() (bsc#1217525).\n- nvdimm/btt: do not call del_gendisk() if not needed (git-fixes).\n- nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes).\n- nvdimm: Fix badblocks clear off-by-one error (git-fixes).\n- nvmet-tcp: fix a crash in nvmet_req_complete() (git-fixes).\n- orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() (git-fixes).\n- orangefs: Fix sysfs not cleanup when dev init failed (git-fixes).\n- orangefs: fix orangefs df output (git-fixes).\n- orangefs: rate limit the client not running info message (git-fixes).\n- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).\n- powerpc/powernv: Add a null pointer check in opal_powercap_init() (bsc#1181674 ltc#189159 git-fixes).\n- powerpc/pseries/memhotplug: Quieten some DLPAR operations (bsc#1065729).\n- powerpc/pseries/memhp: Fix access beyond end of drmem array (bsc#1065729).\n- powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1065729).\n- preserve KABI for struct plat_stmmacenet_data (git-fixes).\n- preserve KABI for struct sfp_socket_ops (git-fixes).\n- proc: fix /proc/*/map_files lookup (git-fixes).\n- pstore/ram: Check start of empty przs during init (git-fixes).\n- pstore/ram: Fix error return code in ramoops_probe() (git-fixes).\n- pstore/ram: Run without kernel crash dump region (git-fixes).\n- pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes).\n- pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (git-fixes).\n- reiserfs: Check the return value from __getblk() (git-fixes).\n- reiserfs: Replace 1-element array with C99 style flex-array (git-fixes).\n- s390/dasd: fix double module refcount decrement (bsc#1141539).\n- scsi: qedf: fc_rport_priv reference counting fixes (bsc#1212152). \n- scsi: qla0xxx: Fix system crash due to bad pointer access (git-fixes).\n- sfc: initialise found bitmap in efx_ef10_mtd_probe (git-fixes).\n- statfs: enforce statfs[64] structure initialization (git-fixes).\n- tracing/trigger: Fix to return error if failed to alloc snapshot (git-fixes).\n- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).\n- veth: Fixing transmit return status for dropped packets (git-fixes).\n- vfs: make freeze_super abort when sync_filesystem returns error (git-fixes).\n- writeback: Export inode_io_list_del() (bsc#1216989). \n- x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes).\n- x86/alternatives: Sync core before enabling interrupts (git-fixes).\n- x86/asm: Ensure asm/proto.h can be included stand-alone (git-fixes).\n- x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes).\n- x86/build: Treat R_386_PLT32 relocation as R_386_PC32 (git-fixes).\n- x86/build: Turn off -fcf-protection for realmode targets (git-fixes).\n- x86/cpu/hygon: Fix the CPU topology evaluation for real (git-fixes).\n- x86/cpu: Add another Alder Lake CPU to the Intel family (git-fixes).\n- x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes).\n- x86/kvm/lapic: always disable MMIO interface in x2APIC mode (git-fixes).\n- x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes).\n- x86/lib: Fix overflow when counting digits (git-fixes).\n- x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes).\n- x86/microcode/AMD: Track patch allocation size explicitly (git-fixes).\n- x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes).\n- x86/mm: Add a x86_has_pat_wp() helper (git-fixes).\n- x86/pat: Fix x86_has_pat_wp() (git-fixes).\n- x86/pat: Pass valid address to sanitize_phys() (git-fixes).\n- x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).\n- x86/pm: Fix false positive kmemleak report in msr_build_context() (git-fixes).\n- x86/purgatory: Do not generate debug info for purgatory.ro (git-fixes).\n- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).\n- x86/topology: Fix duplicated core ID within a package (git-fixes).\n- x86/topology: Fix multiple packages shown on a single-package system (git-fixes).\n- x86/unwind/orc: Fix unreliable stack dump with gcov (git-fixes).\n- x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (git-fixes).\n- x86: Clear .brk area at early boot (git-fixes).\n- x86: Fix __get_wchan() for !STACKTRACE (git-fixes).\n- x86: Fix get_wchan() to support the ORC unwinder (git-fixes).\n- x86: Mark stop_this_cpu() __noreturn (git-fixes).\n- x86: Pin task-stack in __get_wchan() (git-fixes).\n- x86: __always_inline __{rd,wr}msr() (git-fixes).\n",null,[],[],[],[14,16,18,20,22,24,26,28,30],{"_key":15},"CVE-2021-33631",{"_key":17},"CVE-2023-46838",{"_key":19},"CVE-2023-47233",{"_key":21},"CVE-2023-51043",{"_key":23},"CVE-2023-51780",{"_key":25},"CVE-2023-51782",{"_key":27},"CVE-2023-6040",{"_key":29},"CVE-2024-0775",{"_key":31},"CVE-2024-1086",[],[],[35,36,37,38,39,40,41,42,43],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},"2024-02-14T12:19:13Z","2026-02-04T02:33:36.362857Z",{"cisa_kev":47,"cisa_ransomware":47,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[49,55,60,64,68,72,76,80,84,88,92,96,100,104,108,112,116,120,124,128,132,136,140,144,148,152,157,161,165,169,173,177,181,185],{"url":50,"sources":51,"tags":53},"https://www.suse.com/support/update/announcement/2024/suse-su-20240468-1/",[52],"osv_suse",[54],"Advisory",{"url":56,"sources":57,"tags":58},"https://bugzilla.suse.com/1065729",[52],[59],"REPORT",{"url":61,"sources":62,"tags":63},"https://bugzilla.suse.com/1108281",[52],[59],{"url":65,"sources":66,"tags":67},"https://bugzilla.suse.com/1123986",[52],[59],{"url":69,"sources":70,"tags":71},"https://bugzilla.suse.com/1141539",[52],[59],{"url":73,"sources":74,"tags":75},"https://bugzilla.suse.com/1181674",[52],[59],{"url":77,"sources":78,"tags":79},"https://bugzilla.suse.com/1206889",[52],[59],{"url":81,"sources":82,"tags":83},"https://bugzilla.suse.com/1212152",[52],[59],{"url":85,"sources":86,"tags":87},"https://bugzilla.suse.com/1216702",[52],[59],{"url":89,"sources":90,"tags":91},"https://bugzilla.suse.com/1216989",[52],[59],{"url":93,"sources":94,"tags":95},"https://bugzilla.suse.com/1217525",[52],[59],{"url":97,"sources":98,"tags":99},"https://bugzilla.suse.com/1218713",[52],[59],{"url":101,"sources":102,"tags":103},"https://bugzilla.suse.com/1218730",[52],[59],{"url":105,"sources":106,"tags":107},"https://bugzilla.suse.com/1218752",[52],[59],{"url":109,"sources":110,"tags":111},"https://bugzilla.suse.com/1218757",[52],[59],{"url":113,"sources":114,"tags":115},"https://bugzilla.suse.com/1218768",[52],[59],{"url":117,"sources":118,"tags":119},"https://bugzilla.suse.com/1218836",[52],[59],{"url":121,"sources":122,"tags":123},"https://bugzilla.suse.com/1218968",[52],[59],{"url":125,"sources":126,"tags":127},"https://bugzilla.suse.com/1219022",[52],[59],{"url":129,"sources":130,"tags":131},"https://bugzilla.suse.com/1219053",[52],[59],{"url":133,"sources":134,"tags":135},"https://bugzilla.suse.com/1219120",[52],[59],{"url":137,"sources":138,"tags":139},"https://bugzilla.suse.com/1219412",[52],[59],{"url":141,"sources":142,"tags":143},"https://bugzilla.suse.com/1219434",[52],[59],{"url":145,"sources":146,"tags":147},"https://bugzilla.suse.com/1219445",[52],[59],{"url":149,"sources":150,"tags":151},"https://bugzilla.suse.com/1219446",[52],[59],{"url":153,"sources":154,"tags":155},"https://www.suse.com/security/cve/CVE-2021-33631",[52],[156],"WEB",{"url":158,"sources":159,"tags":160},"https://www.suse.com/security/cve/CVE-2023-46838",[52],[156],{"url":162,"sources":163,"tags":164},"https://www.suse.com/security/cve/CVE-2023-47233",[52],[156],{"url":166,"sources":167,"tags":168},"https://www.suse.com/security/cve/CVE-2023-51043",[52],[156],{"url":170,"sources":171,"tags":172},"https://www.suse.com/security/cve/CVE-2023-51780",[52],[156],{"url":174,"sources":175,"tags":176},"https://www.suse.com/security/cve/CVE-2023-51782",[52],[156],{"url":178,"sources":179,"tags":180},"https://www.suse.com/security/cve/CVE-2023-6040",[52],[156],{"url":182,"sources":183,"tags":184},"https://www.suse.com/security/cve/CVE-2024-0775",[52],[156],{"url":186,"sources":187,"tags":188},"https://www.suse.com/security/cve/CVE-2024-1086",[52],[156],[],[],[],[193,206,211,216],{"ecosystem":194,"name":195,"vendor":196,"product":197,"cpe_part":9,"purl_type":198,"purl_namespace":196,"purl_name":197,"source":9,"versions":199},"SUSE Linux Enterprise","kernel-rt_debug","suse","kernel-rt_debug&distro=SUSE Linux Enterprise Real Time 12 SP5","rpm",[200],{"version":201,"is_range":202,"range_type":203,"version_start":9,"version_start_type":9,"version_end":204,"version_end_type":205,"fixed_in":9},"lt4_12_14_10_162_1",true,"ecosystem","4.12.14-10.162.1","excluding",{"ecosystem":194,"name":207,"vendor":196,"product":208,"cpe_part":9,"purl_type":198,"purl_namespace":196,"purl_name":208,"source":9,"versions":209},"kernel-rt","kernel-rt&distro=SUSE Linux Enterprise Real Time 12 SP5",[210],{"version":201,"is_range":202,"range_type":203,"version_start":9,"version_start_type":9,"version_end":204,"version_end_type":205,"fixed_in":9},{"ecosystem":194,"name":212,"vendor":196,"product":213,"cpe_part":9,"purl_type":198,"purl_namespace":196,"purl_name":213,"source":9,"versions":214},"kernel-source-rt","kernel-source-rt&distro=SUSE Linux Enterprise Real Time 12 SP5",[215],{"version":201,"is_range":202,"range_type":203,"version_start":9,"version_start_type":9,"version_end":204,"version_end_type":205,"fixed_in":9},{"ecosystem":194,"name":217,"vendor":196,"product":218,"cpe_part":9,"purl_type":198,"purl_namespace":196,"purl_name":218,"source":9,"versions":219},"kernel-syms-rt","kernel-syms-rt&distro=SUSE Linux Enterprise Real Time 12 SP5",[220],{"version":201,"is_range":202,"range_type":203,"version_start":9,"version_start_type":9,"version_end":204,"version_end_type":205,"fixed_in":9}]