SUSE-SU-2024:2893-1
Vulnerability Summary
Timeline
Description
Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743). - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2023-52885: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (bsc#1227750). - CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228013). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1224918). - CVE-2021-47126: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions (bsc#1221539). - CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114). - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). - CVE-2021-47580: scsi: scsi_debug: Fix type in min_t to avoid stack OOB (bsc#1226550). - CVE-2021-47219: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (bsc#1222824). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2022-48821: misc: fastrpc: avoid double fput() on failed usercopy (bsc#1227976). - CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). The following non-security bugs were fixed: - Fix spurious WARNING caused by a qxl driver patch (bsc#1227213) - NFS: Clean up directory array handling (bsc#1226662). - NFS: Clean up nfs_readdir_page_filler() (bsc#1226662). - NFS: Clean up readdir struct nfs_cache_array (bsc#1226662). - NFS: Do not discard readdir results (bsc#1226662). - NFS: Do not overfill uncached readdir pages (bsc#1226662). - NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662). - NFS: Ensure contents of struct nfs_open_dir_context are consistent (bsc#1226662). - NFS: Fix up directory verifier races (bsc#1226662). - NFS: Further optimisations for 'ls -l' (bsc#1226662). - NFS: More readdir cleanups (bsc#1226662). - NFS: Reduce number of RPC calls when doing uncached readdir (bsc#1226662). - NFS: Reduce use of uncached readdir (bsc#1226662). - NFS: Support larger readdir buffers (bsc#1226662). - NFS: Use the 64-bit server readdir cookies when possible (bsc#1226662). - NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362) - X.509: Fix the parser of extended key usage for length (bsc#1218820 bsc#1226666). - nfs: optimise readdir cache page invalidation (bsc#1226662). - ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - powerpc/rtas: clean up includes (bsc#1227487).
Affected Systems
- suse•kernel-rt&distro=SUSE Linux Enterprise Micro 5.1
< 5.3.18-150300.178.1
- suse•kernel-rt&distro=SUSE Linux Enterprise Micro 5.2
< 5.3.18-150300.178.1
- suse•kernel-source-rt&distro=SUSE Linux Enterprise Micro 5.1
< 5.3.18-150300.178.1
- suse•kernel-source-rt&distro=SUSE Linux Enterprise Micro 5.2
< 5.3.18-150300.178.1
References (53)
- https://www.suse.com/support/update/announcement/2024/suse-su-20242893-1/
- https://bugzilla.suse.com/1216834
- https://bugzilla.suse.com/1218820
- https://bugzilla.suse.com/1220185
- https://bugzilla.suse.com/1220186
- https://bugzilla.suse.com/1221539
- https://bugzilla.suse.com/1222728
- https://bugzilla.suse.com/1222824
- https://bugzilla.suse.com/1223863
- https://bugzilla.suse.com/1224918
- https://bugzilla.suse.com/1225431
- https://bugzilla.suse.com/1226519
- https://bugzilla.suse.com/1226550
- https://bugzilla.suse.com/1226574
- https://bugzilla.suse.com/1226662
- https://bugzilla.suse.com/1226666
- https://bugzilla.suse.com/1227213
- https://bugzilla.suse.com/1227362
- https://bugzilla.suse.com/1227487
- https://bugzilla.suse.com/1227716
- https://bugzilla.suse.com/1227750
- https://bugzilla.suse.com/1227810
- https://bugzilla.suse.com/1227836
- https://bugzilla.suse.com/1227976
- https://bugzilla.suse.com/1228013
- https://bugzilla.suse.com/1228040
- https://bugzilla.suse.com/1228114
- https://bugzilla.suse.com/1228328
- https://bugzilla.suse.com/1228561
- https://bugzilla.suse.com/1228644
- https://bugzilla.suse.com/1228743
- https://www.suse.com/security/cve/CVE-2021-47126
- https://www.suse.com/security/cve/CVE-2021-47219
- https://www.suse.com/security/cve/CVE-2021-47291
- https://www.suse.com/security/cve/CVE-2021-47520
- https://www.suse.com/security/cve/CVE-2021-47580
- https://www.suse.com/security/cve/CVE-2021-47598
- https://www.suse.com/security/cve/CVE-2022-48792
- https://www.suse.com/security/cve/CVE-2022-48821
- https://www.suse.com/security/cve/CVE-2022-48822
- https://www.suse.com/security/cve/CVE-2023-52885
- https://www.suse.com/security/cve/CVE-2024-26583
- https://www.suse.com/security/cve/CVE-2024-26584
- https://www.suse.com/security/cve/CVE-2024-26800
- https://www.suse.com/security/cve/CVE-2024-36974
- https://www.suse.com/security/cve/CVE-2024-39494
- https://www.suse.com/security/cve/CVE-2024-40937
- https://www.suse.com/security/cve/CVE-2024-40956
- https://www.suse.com/security/cve/CVE-2024-41011
- https://www.suse.com/security/cve/CVE-2024-41059
- https://www.suse.com/security/cve/CVE-2024-41069
- https://www.suse.com/security/cve/CVE-2024-41090
- https://www.suse.com/security/cve/CVE-2024-42145