SUSE-SU-2024:4313-1

Description

Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927). - CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224) - CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860). - CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919). - CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928). - CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907). - CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070) - CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293). - CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117). - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453). - CVE-2024-50267: USB: serial: io_edgeport: fix use after free in debug printk (bsc#1233456). - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468). - CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479). - CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233490). - CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491). - CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555). - CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557). The following non-security bugs were fixed: - Update config files (bsc#1218644). - e1000e: Correct NVM checksum verification flow (jsc#SLE-8100). - e1000e: Correct NVM checksum verification flow (jsc#SLE-8100). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198778). - ethernet: amazon: ena: A typo fix in the file ena_com.h (bsc#1198778). - initramfs: avoid filename buffer overrun (bsc#1232436). - kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1198778). - net: ena: Add debug prints for invalid req_id resets (bsc#1198778). - net: ena: Change ENI stats support check to use capabilities field (bsc#1198778). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198778). - net: ena: Change the name of bad_csum variable (bsc#1198778). - net: ena: Extract recurring driver reset code into a function (bsc#1198778). - net: ena: Flush XDP packets on error (bsc#1198778). - net: ena: Improve error logging in driver (bsc#1198778). - net: ena: Move reset completion print to the reset function (bsc#1198778). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198778). - net: ena: Remove module param and change message severity (bsc#1198778). - net: ena: Remove redundant return code check (bsc#1198778). - net: ena: Remove unused code (bsc#1198778). - net: ena: Set tx_info->xdpf value to NULL (bsc#1198778). - net: ena: Update XDP verdict upon failure (bsc#1198778). - net: ena: Use bitmask to indicate packet redirection (bsc#1198778). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198778). - net: ena: add device distinct log prefix to files (bsc#1198778). - net: ena: add jiffies of last napi call to stats (bsc#1198778). - net: ena: aggregate doorbell common operations into a function (bsc#1198778). - net: ena: aggregate stats increase into a function (bsc#1198778). - net: ena: fix DMA mapping function issues in XDP (bsc#1198778). - net: ena: fix coding style nits (bsc#1198778). - net: ena: fix inaccurate print type (bsc#1198778). - net: ena: introduce XDP redirect implementation (bsc#1198778). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198778). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198778). - net: ena: re-organize code to improve readability (bsc#1198778). - net: ena: remove extra words from comments (bsc#1198778). - net: ena: store values in their appropriate variables types (bsc#1198778). - net: ena: use build_skb() in RX path (bsc#1198778). - net: ena: use constant value for net_device allocation (bsc#1198778). - net: ena: use xdp_frame in XDP TX flow (bsc#1198778). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198778). - rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644) - tools headers: Grab copy of linux/const.h, needed by linux/bits.h (bsc#1154353).

Affected Systems

• suse•kernel-64kb&distro=SUSE Enterprise Storage 7.1

  < 5.3.18-150300.59.185.1

• suse•kernel-64kb&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

  < 5.3.18-150300.59.185.1

• suse•kernel-64kb&distro=SUSE Linux Enterprise Server 15 SP3-LTSS

  < 5.3.18-150300.59.185.1

• suse•kernel-default-base&distro=SUSE Enterprise Storage 7.1

  < 5.3.18-150300.59.185.1.150300.18.109.1

• suse•kernel-default-base&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

  < 5.3.18-150300.59.185.1.150300.18.109.1

• suse•kernel-default-base&distro=SUSE Linux Enterprise Micro 5.1

  < 5.3.18-150300.59.185.1.150300.18.109.1

• suse•kernel-default-base&distro=SUSE Linux Enterprise Micro 5.2

  < 5.3.18-150300.59.185.1.150300.18.109.1

• suse•kernel-default-base&distro=SUSE Linux Enterprise Server 15 SP3-LTSS

  < 5.3.18-150300.59.185.1.150300.18.109.1

• suse•kernel-default-base&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3

  < 5.3.18-150300.59.185.1.150300.18.109.1

• suse•kernel-default&distro=SUSE Enterprise Storage 7.1

  < 5.3.18-150300.59.185.1

• suse•kernel-default&distro=SUSE Linux Enterprise High Availability Extension 15 SP3

  < 5.3.18-150300.59.185.1

• suse•kernel-default&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

  < 5.3.18-150300.59.185.1

• suse•kernel-default&distro=SUSE Linux Enterprise Live Patching 15 SP3

  < 5.3.18-150300.59.185.1

• suse•kernel-default&distro=SUSE Linux Enterprise Micro 5.1

  < 5.3.18-150300.59.185.1

• suse•kernel-default&distro=SUSE Linux Enterprise Micro 5.2

  < 5.3.18-150300.59.185.1

• suse•kernel-default&distro=SUSE Linux Enterprise Server 15 SP3-LTSS

  < 5.3.18-150300.59.185.1

• suse•kernel-default&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3

  < 5.3.18-150300.59.185.1

• suse•kernel-docs&distro=SUSE Enterprise Storage 7.1

  < 5.3.18-150300.59.185.1

• suse•kernel-docs&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

  < 5.3.18-150300.59.185.1

• suse•kernel-docs&distro=SUSE Linux Enterprise Server 15 SP3-LTSS

  < 5.3.18-150300.59.185.1

• suse•kernel-docs&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3

  < 5.3.18-150300.59.185.1

• suse•kernel-livepatch-SLE15-SP3_Update_51&distro=SUSE Linux Enterprise Live Patching 15 SP3

  < 1-150300.7.3.1

• suse•kernel-obs-build&distro=SUSE Enterprise Storage 7.1

  < 5.3.18-150300.59.185.1

• suse•kernel-obs-build&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

  < 5.3.18-150300.59.185.1

• suse•kernel-obs-build&distro=SUSE Linux Enterprise Server 15 SP3-LTSS

  < 5.3.18-150300.59.185.1

• suse•kernel-obs-build&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3

  < 5.3.18-150300.59.185.1

• suse•kernel-preempt&distro=SUSE Enterprise Storage 7.1

  < 5.3.18-150300.59.185.1

• suse•kernel-preempt&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

  < 5.3.18-150300.59.185.1

• suse•kernel-preempt&distro=SUSE Linux Enterprise Server 15 SP3-LTSS

  < 5.3.18-150300.59.185.1

• suse•kernel-preempt&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3

  < 5.3.18-150300.59.185.1

• suse•kernel-source&distro=SUSE Enterprise Storage 7.1

  < 5.3.18-150300.59.185.1

• suse•kernel-source&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

  < 5.3.18-150300.59.185.1

• suse•kernel-source&distro=SUSE Linux Enterprise Server 15 SP3-LTSS

  < 5.3.18-150300.59.185.1

• suse•kernel-source&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3

  < 5.3.18-150300.59.185.1

• suse•kernel-syms&distro=SUSE Enterprise Storage 7.1

  < 5.3.18-150300.59.185.1

• suse•kernel-syms&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

  < 5.3.18-150300.59.185.1

• suse•kernel-syms&distro=SUSE Linux Enterprise Server 15 SP3-LTSS

  < 5.3.18-150300.59.185.1

• suse•kernel-syms&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3

  < 5.3.18-150300.59.185.1

• suse•kernel-zfcpdump&distro=SUSE Linux Enterprise Server 15 SP3-LTSS

  < 5.3.18-150300.59.185.1

References (59)

• https://www.suse.com/support/update/announcement/2024/suse-su-20244313-1/
• https://bugzilla.suse.com/1154353
• https://bugzilla.suse.com/1198778
• https://bugzilla.suse.com/1218644
• https://bugzilla.suse.com/1220927
• https://bugzilla.suse.com/1231939
• https://bugzilla.suse.com/1231940
• https://bugzilla.suse.com/1231958
• https://bugzilla.suse.com/1231962
• https://bugzilla.suse.com/1231991
• https://bugzilla.suse.com/1231992
• https://bugzilla.suse.com/1231995
• https://bugzilla.suse.com/1232006
• https://bugzilla.suse.com/1232163
• https://bugzilla.suse.com/1232172
• https://bugzilla.suse.com/1232224
• https://bugzilla.suse.com/1232436
• https://bugzilla.suse.com/1232860
• https://bugzilla.suse.com/1232907
• https://bugzilla.suse.com/1232919
• https://bugzilla.suse.com/1232928
• https://bugzilla.suse.com/1233070
• https://bugzilla.suse.com/1233117
• https://bugzilla.suse.com/1233293
• https://bugzilla.suse.com/1233453
• https://bugzilla.suse.com/1233456
• https://bugzilla.suse.com/1233468
• https://bugzilla.suse.com/1233479
• https://bugzilla.suse.com/1233490
• https://bugzilla.suse.com/1233491
• https://bugzilla.suse.com/1233555
• https://bugzilla.suse.com/1233557
• https://www.suse.com/security/cve/CVE-2022-48985
• https://www.suse.com/security/cve/CVE-2022-49006
• https://www.suse.com/security/cve/CVE-2022-49010
• https://www.suse.com/security/cve/CVE-2022-49011
• https://www.suse.com/security/cve/CVE-2022-49019
• https://www.suse.com/security/cve/CVE-2022-49021
• https://www.suse.com/security/cve/CVE-2022-49022
• https://www.suse.com/security/cve/CVE-2022-49029
• https://www.suse.com/security/cve/CVE-2022-49031
• https://www.suse.com/security/cve/CVE-2022-49032
• https://www.suse.com/security/cve/CVE-2023-52524
• https://www.suse.com/security/cve/CVE-2024-49925
• https://www.suse.com/security/cve/CVE-2024-50089
• https://www.suse.com/security/cve/CVE-2024-50115
• https://www.suse.com/security/cve/CVE-2024-50125
• https://www.suse.com/security/cve/CVE-2024-50127
• https://www.suse.com/security/cve/CVE-2024-50154
• https://www.suse.com/security/cve/CVE-2024-50205
• https://www.suse.com/security/cve/CVE-2024-50208
• https://www.suse.com/security/cve/CVE-2024-50264
• https://www.suse.com/security/cve/CVE-2024-50267
• https://www.suse.com/security/cve/CVE-2024-50279
• https://www.suse.com/security/cve/CVE-2024-50290
• https://www.suse.com/security/cve/CVE-2024-50301
• https://www.suse.com/security/cve/CVE-2024-50302
• https://www.suse.com/security/cve/CVE-2024-53061
• https://www.suse.com/security/cve/CVE-2024-53063