[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2024:0476-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":52,"duplicates":53,"related":54,"reserved_at":9,"published_at":74,"modified_at":75,"state":9,"summary":76,"references_raw":78,"kevs":304,"epss":9,"epss_history":305,"metrics":306,"affected":307},"SUSE-SU-2024:0476-1","Security update for the Linux Kernel\n\nThe SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689).\n- CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608).\n- CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429).\n- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).\n- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).\n- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).\n- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).\n- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).\n- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).\n- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).\n- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).\n- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).\n- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).\n- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).\n- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).\n- CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916).\n- CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).\n- CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).\n- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).\n\nThe following non-security bugs were fixed:\n\n- Store the old kernel changelog entries in kernel-docs package (bsc#1218713).\n- bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes).\n- bcache: Remove unnecessary NULL point check in node allocations (git-fixes).\n- bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes).\n- bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes).\n- bcache: avoid oversize memory allocation by small stripe_size (git-fixes).\n- bcache: check return value from btree_node_alloc_replacement() (git-fixes).\n- bcache: fixup btree_cache_wait list damage (git-fixes).\n- bcache: fixup init dirty data errors (git-fixes).\n- bcache: fixup lock c->root error (git-fixes).\n- bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes).\n- bcache: prevent potential division by zero error (git-fixes).\n- bcache: remove redundant assignment to variable cur_idx (git-fixes).\n- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes).\n- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).\n- block: Fix kabi header include (bsc#1218929).\n- block: free the extended dev_t minor later (bsc#1218930).\n- clocksource: Skip watchdog check for large watchdog intervals (bsc#1217217).\n- clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885).\n- dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes).\n- dm cache: add cond_resched() to various workqueue loops (git-fixes).\n- dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes).\n- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).\n- dm crypt: avoid accessing uninitialized tasklet (git-fixes).\n- dm flakey: do not corrupt the zero page (git-fixes).\n- dm flakey: fix a crash with invalid table line (git-fixes).\n- dm flakey: fix logic when corrupting a bio (git-fixes).\n- dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes).\n- dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes).\n- dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes).\n- dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes).\n- dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes).\n- dm stats: check for and propagate alloc_percpu failure (git-fixes).\n- dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes).\n- dm thin metadata: check fail_io before using data_sm (git-fixes).\n- dm thin: add cond_resched() to various workqueue loops (git-fixes).\n- dm thin: fix deadlock when swapping to thin device (bsc#1177529).\n- dm verity: do not perform FEC for failed readahead IO (git-fixes).\n- dm verity: fix error handling for check_at_most_once on FEC (git-fixes).\n- dm verity: skip redundant verity_handle_err() on I/O errors (git-fixes).\n- dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes).\n- dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes).\n- dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes).\n- dm-verity: align struct dm_verity_fec_io properly (git-fixes).\n- dm: add cond_resched() to dm_wq_work() (git-fixes).\n- dm: do not lock fs when the map is NULL during suspend or resume (git-fixes).\n- dm: do not lock fs when the map is NULL in process of resume (git-fixes).\n- dm: remove flush_scheduled_work() during local_exit() (git-fixes).\n- dm: send just one event on resize, not two (git-fixes).\n- doc/README.KSYMS: Add to repo.\n- hv_netvsc: rndis_filter needs to select NLS (git-fixes).\n- intel_idle: add Emerald Rapids Xeon support (bsc#1216016).\n- kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).\n- kernel-source: Fix description typo\n- loop: suppress uevents while reconfiguring the device (git-fixes).\n- nbd: Fix debugfs_create_dir error checking (git-fixes).\n- nbd: fix incomplete validation of ioctl arg (git-fixes).\n- nbd: use the correct block_device in nbd_bdev_reset (git-fixes).\n- nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349).\n- nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).\n- null_blk: Always check queue mode setting from configfs (git-fixes).\n- powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes).\n- rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (git-fixes).\n- rbd: decouple header read-in from updating rbd_dev->header (git-fixes).\n- rbd: decouple parent info read-in from updating rbd_dev (git-fixes).\n- rbd: get snapshot context after exclusive lock is ensured to be held (git-fixes).\n- rbd: harden get_lock_owner_info() a bit (git-fixes).\n- rbd: make get_lock_owner_info() return a single locker or NULL (git-fixes).\n- rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting (git-fixes).\n- rbd: move rbd_dev_refresh() definition (git-fixes).\n- rbd: prevent busy loop when requesting exclusive lock (git-fixes).\n- rbd: retrieve and check lock owner twice before blocklisting (git-fixes).\n- rbd: take header_rwsem in rbd_dev_refresh() only when updating (git-fixes).\n- sched/isolation: add cpu_is_isolated() API (bsc#1217895).\n- scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097).\n- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097).\n- trace,smp: Add tracepoints around remotelly called functions (bsc#1217895).\n- vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50],{"_key":15},"CVE-2021-33631",{"_key":17},"CVE-2023-46838",{"_key":19},"CVE-2023-47233",{"_key":21},"CVE-2023-51042",{"_key":23},"CVE-2023-51043",{"_key":25},"CVE-2023-51780",{"_key":27},"CVE-2023-51782",{"_key":29},"CVE-2023-6040",{"_key":31},"CVE-2023-6356",{"_key":33},"CVE-2023-6535",{"_key":35},"CVE-2023-6536",{"_key":37},"CVE-2023-6915",{"_key":39},"CVE-2024-0340",{"_key":41},"CVE-2024-0565",{"_key":43},"CVE-2024-0641",{"_key":45},"CVE-2024-0775",{"_key":47},"CVE-2024-1085",{"_key":49},"CVE-2024-1086",{"_key":51},"CVE-2024-24860",[],[],[55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},"2024-02-14T18:35:28Z","2026-02-04T03:38:51.673441Z",{"cisa_kev":77,"cisa_ransomware":77,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[79,86,91,95,99,103,107,111,115,119,123,127,131,135,139,143,147,151,155,159,163,167,171,175,179,183,187,191,195,199,203,207,211,215,219,223,227,232,236,240,244,248,252,256,260,264,268,272,276,280,284,288,292,296,300],{"url":80,"sources":81,"tags":84},"https://www.suse.com/support/update/announcement/2024/suse-su-20240476-1/",[82,83],"osv_suse","osv_opensuse",[85],"Advisory",{"url":87,"sources":88,"tags":89},"https://bugzilla.suse.com/1108281",[82,83],[90],"REPORT",{"url":92,"sources":93,"tags":94},"https://bugzilla.suse.com/1177529",[82,83],[90],{"url":96,"sources":97,"tags":98},"https://bugzilla.suse.com/1209834",[82,83],[90],{"url":100,"sources":101,"tags":102},"https://bugzilla.suse.com/1212091",[82,83],[90],{"url":104,"sources":105,"tags":106},"https://bugzilla.suse.com/1215885",[82,83],[90],{"url":108,"sources":109,"tags":110},"https://bugzilla.suse.com/1216016",[82,83],[90],{"url":112,"sources":113,"tags":114},"https://bugzilla.suse.com/1216702",[82,83],[90],{"url":116,"sources":117,"tags":118},"https://bugzilla.suse.com/1217217",[82,83],[90],{"url":120,"sources":121,"tags":122},"https://bugzilla.suse.com/1217670",[82,83],[90],{"url":124,"sources":125,"tags":126},"https://bugzilla.suse.com/1217895",[82,83],[90],{"url":128,"sources":129,"tags":130},"https://bugzilla.suse.com/1217987",[82,83],[90],{"url":132,"sources":133,"tags":134},"https://bugzilla.suse.com/1217988",[82,83],[90],{"url":136,"sources":137,"tags":138},"https://bugzilla.suse.com/1217989",[82,83],[90],{"url":140,"sources":141,"tags":142},"https://bugzilla.suse.com/1218689",[82,83],[90],{"url":144,"sources":145,"tags":146},"https://bugzilla.suse.com/1218713",[82,83],[90],{"url":148,"sources":149,"tags":150},"https://bugzilla.suse.com/1218730",[82,83],[90],{"url":152,"sources":153,"tags":154},"https://bugzilla.suse.com/1218752",[82,83],[90],{"url":156,"sources":157,"tags":158},"https://bugzilla.suse.com/1218757",[82,83],[90],{"url":160,"sources":161,"tags":162},"https://bugzilla.suse.com/1218768",[82,83],[90],{"url":164,"sources":165,"tags":166},"https://bugzilla.suse.com/1218804",[82,83],[90],{"url":168,"sources":169,"tags":170},"https://bugzilla.suse.com/1218832",[82,83],[90],{"url":172,"sources":173,"tags":174},"https://bugzilla.suse.com/1218836",[82,83],[90],{"url":176,"sources":177,"tags":178},"https://bugzilla.suse.com/1218916",[82,83],[90],{"url":180,"sources":181,"tags":182},"https://bugzilla.suse.com/1218929",[82,83],[90],{"url":184,"sources":185,"tags":186},"https://bugzilla.suse.com/1218930",[82,83],[90],{"url":188,"sources":189,"tags":190},"https://bugzilla.suse.com/1218968",[82,83],[90],{"url":192,"sources":193,"tags":194},"https://bugzilla.suse.com/1219053",[82,83],[90],{"url":196,"sources":197,"tags":198},"https://bugzilla.suse.com/1219120",[82,83],[90],{"url":200,"sources":201,"tags":202},"https://bugzilla.suse.com/1219128",[82,83],[90],{"url":204,"sources":205,"tags":206},"https://bugzilla.suse.com/1219349",[82,83],[90],{"url":208,"sources":209,"tags":210},"https://bugzilla.suse.com/1219412",[82,83],[90],{"url":212,"sources":213,"tags":214},"https://bugzilla.suse.com/1219429",[82,83],[90],{"url":216,"sources":217,"tags":218},"https://bugzilla.suse.com/1219434",[82,83],[90],{"url":220,"sources":221,"tags":222},"https://bugzilla.suse.com/1219490",[82,83],[90],{"url":224,"sources":225,"tags":226},"https://bugzilla.suse.com/1219608",[82,83],[90],{"url":228,"sources":229,"tags":230},"https://www.suse.com/security/cve/CVE-2021-33631",[82,83],[231],"WEB",{"url":233,"sources":234,"tags":235},"https://www.suse.com/security/cve/CVE-2023-46838",[82,83],[231],{"url":237,"sources":238,"tags":239},"https://www.suse.com/security/cve/CVE-2023-47233",[82,83],[231],{"url":241,"sources":242,"tags":243},"https://www.suse.com/security/cve/CVE-2023-51042",[82,83],[231],{"url":245,"sources":246,"tags":247},"https://www.suse.com/security/cve/CVE-2023-51043",[82,83],[231],{"url":249,"sources":250,"tags":251},"https://www.suse.com/security/cve/CVE-2023-51780",[82,83],[231],{"url":253,"sources":254,"tags":255},"https://www.suse.com/security/cve/CVE-2023-51782",[82,83],[231],{"url":257,"sources":258,"tags":259},"https://www.suse.com/security/cve/CVE-2023-6040",[82,83],[231],{"url":261,"sources":262,"tags":263},"https://www.suse.com/security/cve/CVE-2023-6356",[82,83],[231],{"url":265,"sources":266,"tags":267},"https://www.suse.com/security/cve/CVE-2023-6535",[82,83],[231],{"url":269,"sources":270,"tags":271},"https://www.suse.com/security/cve/CVE-2023-6536",[82,83],[231],{"url":273,"sources":274,"tags":275},"https://www.suse.com/security/cve/CVE-2023-6915",[82,83],[231],{"url":277,"sources":278,"tags":279},"https://www.suse.com/security/cve/CVE-2024-0340",[82,83],[231],{"url":281,"sources":282,"tags":283},"https://www.suse.com/security/cve/CVE-2024-0565",[82,83],[231],{"url":285,"sources":286,"tags":287},"https://www.suse.com/security/cve/CVE-2024-0641",[82,83],[231],{"url":289,"sources":290,"tags":291},"https://www.suse.com/security/cve/CVE-2024-0775",[82,83],[231],{"url":293,"sources":294,"tags":295},"https://www.suse.com/security/cve/CVE-2024-1085",[82,83],[231],{"url":297,"sources":298,"tags":299},"https://www.suse.com/security/cve/CVE-2024-1086",[82,83],[231],{"url":301,"sources":302,"tags":303},"https://www.suse.com/security/cve/CVE-2024-24860",[82,83],[231],[],[],[],[308,321,325,334,338],{"ecosystem":309,"name":310,"vendor":311,"product":312,"cpe_part":9,"purl_type":313,"purl_namespace":311,"purl_name":312,"source":9,"versions":314},"openSUSE","kernel-rt","opensuse","kernel-rt&distro=openSUSE Leap Micro 5.3","rpm",[315],{"version":316,"is_range":317,"range_type":318,"version_start":9,"version_start_type":9,"version_end":319,"version_end_type":320,"fixed_in":9},"lt5_14_21_150400_15_68_1",true,"ecosystem","5.14.21-150400.15.68.1","excluding",{"ecosystem":309,"name":310,"vendor":311,"product":322,"cpe_part":9,"purl_type":313,"purl_namespace":311,"purl_name":322,"source":9,"versions":323},"kernel-rt&distro=openSUSE Leap Micro 5.4",[324],{"version":316,"is_range":317,"range_type":318,"version_start":9,"version_start_type":9,"version_end":319,"version_end_type":320,"fixed_in":9},{"ecosystem":326,"name":327,"vendor":328,"product":329,"cpe_part":9,"purl_type":313,"purl_namespace":328,"purl_name":329,"source":9,"versions":330},"SUSE Linux Enterprise","kernel-livepatch-SLE15-SP4-RT_Update_18","suse","kernel-livepatch-SLE15-SP4-RT_Update_18&distro=SUSE Linux Enterprise Live Patching 15 SP4",[331],{"version":332,"is_range":317,"range_type":318,"version_start":9,"version_start_type":9,"version_end":333,"version_end_type":320,"fixed_in":9},"lt1_150400_1_3_1","1-150400.1.3.1",{"ecosystem":326,"name":310,"vendor":328,"product":335,"cpe_part":9,"purl_type":313,"purl_namespace":328,"purl_name":335,"source":9,"versions":336},"kernel-rt&distro=SUSE Linux Enterprise Micro 5.3",[337],{"version":316,"is_range":317,"range_type":318,"version_start":9,"version_start_type":9,"version_end":319,"version_end_type":320,"fixed_in":9},{"ecosystem":326,"name":310,"vendor":328,"product":339,"cpe_part":9,"purl_type":313,"purl_namespace":328,"purl_name":339,"source":9,"versions":340},"kernel-rt&distro=SUSE Linux Enterprise Micro 5.4",[341],{"version":316,"is_range":317,"range_type":318,"version_start":9,"version_start_type":9,"version_end":319,"version_end_type":320,"fixed_in":9}]