1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2024:0977-1

[SUSE-SU-2024:0977-1] Security update for the Linux Kernel

Severity Important
Affected Packages 4
CVEs 49
Info Packages References Vulnerabilities

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
  • CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
  • CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
  • CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
  • CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469).
  • CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917).
  • CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
  • CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
  • CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216).
  • CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
  • CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827).
  • CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
  • CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
  • CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
  • CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
  • CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
  • CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
  • CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
  • CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
  • CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
  • CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350).
  • CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
  • CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
  • CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433).
  • CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
  • CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
  • CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
  • CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797).
  • CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
  • CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
  • CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933).
  • CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
  • CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
  • CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
  • CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
  • CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
  • CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
  • CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146).
  • CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
  • CVE-2024-26586: Fixed stack corruption (bsc#1220243).
  • CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
  • CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254).
  • CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
  • CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
  • CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
  • CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
  • CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
  • CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
  • CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).

The following non-security bugs were fixed:

  • bpf: fix verification of indirect var-off stack access (git-fixes).
  • bpf: guard stack limits against 32bit overflow (git-fixes).
  • drop 2 git-fixes patches which are suspicious to introduce regression reported in bsc#1219073
  • fix unresolved hunks in readme.branch
  • kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes).
  • kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes).
  • nfs: avoid infinite loop in pnfs_update_layout (bsc#1219633).
  • nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515).
  • nvme: remove nvme_alloc_request and nvme_alloc_request_qid (bsc#1214064).
  • nvme: start keep-alive after admin queue setup (bsc#1211515).
  • readme.branch: use correct mail for roy
  • rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into -devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created.
  • x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes).
  • x86/bugs: add asm helpers for executing verw (git-fixes).
  • x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add the removed mds_user_clear symbol to kabi severities as it is exposed just for kvm module and is generally a core kernel component so removing it is low risk.
  • x86/entry_32: add verw just before userspace transition (git-fixes).
  • x86/entry_64: Add VERW just before userspace transition (git-fixes).
Package Affected Version
pkg:rpm/suse/kernel-source-rt?arch=noarch&distro=slem-5 < 5.14.21-150400.15.71.1
pkg:rpm/suse/kernel-rt?arch=x86_64&distro=slem-5 < 5.14.21-150400.15.71.1
pkg:rpm/suse/kernel-rt?arch=x86_64&distro=opensuse-leap-micro-5.4 < 5.14.21-150400.15.71.1
pkg:rpm/suse/kernel-rt?arch=x86_64&distro=opensuse-leap-micro-5.3 < 5.14.21-150400.15.71.1
ID
SUSE-SU-2024:0977-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2024/suse-su-20240977-1/
Published
2024-03-22T14:33:44
(5 months ago)
Modified
2024-03-22T14:33:44
(5 months ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0977-1.json
Suse URL for SUSE-SU-2024:0977-1 https://www.suse.com/support/update/announcement/2024/suse-su-20240977-1/
Suse E-Mail link for SUSE-SU-2024:0977-1 https://lists.suse.com/pipermail/sle-security-updates/2024-March/018210.html
Bugzilla SUSE Bug 1211515 https://bugzilla.suse.com/1211515
Bugzilla SUSE Bug 1213456 https://bugzilla.suse.com/1213456
Bugzilla SUSE Bug 1214064 https://bugzilla.suse.com/1214064
Bugzilla SUSE Bug 1218195 https://bugzilla.suse.com/1218195
Bugzilla SUSE Bug 1218216 https://bugzilla.suse.com/1218216
Bugzilla SUSE Bug 1218562 https://bugzilla.suse.com/1218562
Bugzilla SUSE Bug 1218915 https://bugzilla.suse.com/1218915
Bugzilla SUSE Bug 1219073 https://bugzilla.suse.com/1219073
Bugzilla SUSE Bug 1219126 https://bugzilla.suse.com/1219126
Bugzilla SUSE Bug 1219127 https://bugzilla.suse.com/1219127
Bugzilla SUSE Bug 1219146 https://bugzilla.suse.com/1219146
Bugzilla SUSE Bug 1219295 https://bugzilla.suse.com/1219295
Bugzilla SUSE Bug 1219633 https://bugzilla.suse.com/1219633
Bugzilla SUSE Bug 1219653 https://bugzilla.suse.com/1219653
Bugzilla SUSE Bug 1219827 https://bugzilla.suse.com/1219827
Bugzilla SUSE Bug 1219835 https://bugzilla.suse.com/1219835
Bugzilla SUSE Bug 1220009 https://bugzilla.suse.com/1220009
Bugzilla SUSE Bug 1220140 https://bugzilla.suse.com/1220140
Bugzilla SUSE Bug 1220187 https://bugzilla.suse.com/1220187
Bugzilla SUSE Bug 1220238 https://bugzilla.suse.com/1220238
Bugzilla SUSE Bug 1220240 https://bugzilla.suse.com/1220240
Bugzilla SUSE Bug 1220241 https://bugzilla.suse.com/1220241
Bugzilla SUSE Bug 1220243 https://bugzilla.suse.com/1220243
Bugzilla SUSE Bug 1220250 https://bugzilla.suse.com/1220250
Bugzilla SUSE Bug 1220251 https://bugzilla.suse.com/1220251
Bugzilla SUSE Bug 1220253 https://bugzilla.suse.com/1220253
Bugzilla SUSE Bug 1220254 https://bugzilla.suse.com/1220254
Bugzilla SUSE Bug 1220255 https://bugzilla.suse.com/1220255
Bugzilla SUSE Bug 1220257 https://bugzilla.suse.com/1220257
Bugzilla SUSE Bug 1220326 https://bugzilla.suse.com/1220326
Bugzilla SUSE Bug 1220328 https://bugzilla.suse.com/1220328
Bugzilla SUSE Bug 1220330 https://bugzilla.suse.com/1220330
Bugzilla SUSE Bug 1220335 https://bugzilla.suse.com/1220335
Bugzilla SUSE Bug 1220344 https://bugzilla.suse.com/1220344
Bugzilla SUSE Bug 1220350 https://bugzilla.suse.com/1220350
Bugzilla SUSE Bug 1220364 https://bugzilla.suse.com/1220364
Bugzilla SUSE Bug 1220398 https://bugzilla.suse.com/1220398
Bugzilla SUSE Bug 1220409 https://bugzilla.suse.com/1220409
Bugzilla SUSE Bug 1220433 https://bugzilla.suse.com/1220433
Bugzilla SUSE Bug 1220444 https://bugzilla.suse.com/1220444
Bugzilla SUSE Bug 1220457 https://bugzilla.suse.com/1220457
Bugzilla SUSE Bug 1220459 https://bugzilla.suse.com/1220459
Bugzilla SUSE Bug 1220469 https://bugzilla.suse.com/1220469
Bugzilla SUSE Bug 1220649 https://bugzilla.suse.com/1220649
Bugzilla SUSE Bug 1220735 https://bugzilla.suse.com/1220735
Bugzilla SUSE Bug 1220736 https://bugzilla.suse.com/1220736
Bugzilla SUSE Bug 1220796 https://bugzilla.suse.com/1220796
Bugzilla SUSE Bug 1220797 https://bugzilla.suse.com/1220797
Bugzilla SUSE Bug 1220825 https://bugzilla.suse.com/1220825
Bugzilla SUSE Bug 1220845 https://bugzilla.suse.com/1220845
Bugzilla SUSE Bug 1220917 https://bugzilla.suse.com/1220917
Bugzilla SUSE Bug 1220930 https://bugzilla.suse.com/1220930
Bugzilla SUSE Bug 1220931 https://bugzilla.suse.com/1220931
Bugzilla SUSE Bug 1220933 https://bugzilla.suse.com/1220933
CVE SUSE CVE CVE-2019-25162 page https://www.suse.com/security/cve/CVE-2019-25162/
CVE SUSE CVE CVE-2021-46923 page https://www.suse.com/security/cve/CVE-2021-46923/
CVE SUSE CVE CVE-2021-46924 page https://www.suse.com/security/cve/CVE-2021-46924/
CVE SUSE CVE CVE-2021-46932 page https://www.suse.com/security/cve/CVE-2021-46932/
CVE SUSE CVE CVE-2021-46934 page https://www.suse.com/security/cve/CVE-2021-46934/
CVE SUSE CVE CVE-2021-47083 page https://www.suse.com/security/cve/CVE-2021-47083/
CVE SUSE CVE CVE-2022-48627 page https://www.suse.com/security/cve/CVE-2022-48627/
CVE SUSE CVE CVE-2023-28746 page https://www.suse.com/security/cve/CVE-2023-28746/
CVE SUSE CVE CVE-2023-5197 page https://www.suse.com/security/cve/CVE-2023-5197/
CVE SUSE CVE CVE-2023-52340 page https://www.suse.com/security/cve/CVE-2023-52340/
CVE SUSE CVE CVE-2023-52429 page https://www.suse.com/security/cve/CVE-2023-52429/
CVE SUSE CVE CVE-2023-52439 page https://www.suse.com/security/cve/CVE-2023-52439/
CVE SUSE CVE CVE-2023-52443 page https://www.suse.com/security/cve/CVE-2023-52443/
CVE SUSE CVE CVE-2023-52445 page https://www.suse.com/security/cve/CVE-2023-52445/
CVE SUSE CVE CVE-2023-52447 page https://www.suse.com/security/cve/CVE-2023-52447/
CVE SUSE CVE CVE-2023-52448 page https://www.suse.com/security/cve/CVE-2023-52448/
CVE SUSE CVE CVE-2023-52449 page https://www.suse.com/security/cve/CVE-2023-52449/
CVE SUSE CVE CVE-2023-52451 page https://www.suse.com/security/cve/CVE-2023-52451/
CVE SUSE CVE CVE-2023-52452 page https://www.suse.com/security/cve/CVE-2023-52452/
CVE SUSE CVE CVE-2023-52456 page https://www.suse.com/security/cve/CVE-2023-52456/
CVE SUSE CVE CVE-2023-52457 page https://www.suse.com/security/cve/CVE-2023-52457/
CVE SUSE CVE CVE-2023-52463 page https://www.suse.com/security/cve/CVE-2023-52463/
CVE SUSE CVE CVE-2023-52464 page https://www.suse.com/security/cve/CVE-2023-52464/
CVE SUSE CVE CVE-2023-52467 page https://www.suse.com/security/cve/CVE-2023-52467/
CVE SUSE CVE CVE-2023-52475 page https://www.suse.com/security/cve/CVE-2023-52475/
CVE SUSE CVE CVE-2023-52478 page https://www.suse.com/security/cve/CVE-2023-52478/
CVE SUSE CVE CVE-2023-52482 page https://www.suse.com/security/cve/CVE-2023-52482/
CVE SUSE CVE CVE-2023-52484 page https://www.suse.com/security/cve/CVE-2023-52484/
CVE SUSE CVE CVE-2023-52530 page https://www.suse.com/security/cve/CVE-2023-52530/
CVE SUSE CVE CVE-2023-52531 page https://www.suse.com/security/cve/CVE-2023-52531/
CVE SUSE CVE CVE-2023-52559 page https://www.suse.com/security/cve/CVE-2023-52559/
CVE SUSE CVE CVE-2023-6270 page https://www.suse.com/security/cve/CVE-2023-6270/
CVE SUSE CVE CVE-2023-6817 page https://www.suse.com/security/cve/CVE-2023-6817/
CVE SUSE CVE CVE-2024-0607 page https://www.suse.com/security/cve/CVE-2024-0607/
CVE SUSE CVE CVE-2024-1151 page https://www.suse.com/security/cve/CVE-2024-1151/
CVE SUSE CVE CVE-2024-23849 page https://www.suse.com/security/cve/CVE-2024-23849/
CVE SUSE CVE CVE-2024-23850 page https://www.suse.com/security/cve/CVE-2024-23850/
CVE SUSE CVE CVE-2024-23851 page https://www.suse.com/security/cve/CVE-2024-23851/
CVE SUSE CVE CVE-2024-26585 page https://www.suse.com/security/cve/CVE-2024-26585/
CVE SUSE CVE CVE-2024-26586 page https://www.suse.com/security/cve/CVE-2024-26586/
CVE SUSE CVE CVE-2024-26589 page https://www.suse.com/security/cve/CVE-2024-26589/
CVE SUSE CVE CVE-2024-26591 page https://www.suse.com/security/cve/CVE-2024-26591/
CVE SUSE CVE CVE-2024-26593 page https://www.suse.com/security/cve/CVE-2024-26593/
CVE SUSE CVE CVE-2024-26595 page https://www.suse.com/security/cve/CVE-2024-26595/
CVE SUSE CVE CVE-2024-26598 page https://www.suse.com/security/cve/CVE-2024-26598/
CVE SUSE CVE CVE-2024-26602 page https://www.suse.com/security/cve/CVE-2024-26602/
CVE SUSE CVE CVE-2024-26603 page https://www.suse.com/security/cve/CVE-2024-26603/
CVE SUSE CVE CVE-2024-26607 page https://www.suse.com/security/cve/CVE-2024-26607/
CVE SUSE CVE CVE-2024-26622 page https://www.suse.com/security/cve/CVE-2024-26622/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/kernel-source-rt?arch=noarch&distro=slem-5 suse kernel-source-rt < 5.14.21-150400.15.71.1 slem-5 noarch
Affected pkg:rpm/suse/kernel-rt?arch=x86_64&distro=slem-5 suse kernel-rt < 5.14.21-150400.15.71.1 slem-5 x86_64
Affected pkg:rpm/suse/kernel-rt?arch=x86_64&distro=opensuse-leap-micro-5.4 suse kernel-rt < 5.14.21-150400.15.71.1 opensuse-leap-micro-5.4 x86_64
Affected pkg:rpm/suse/kernel-rt?arch=x86_64&distro=opensuse-leap-micro-5.3 suse kernel-rt < 5.14.21-150400.15.71.1 opensuse-leap-micro-5.3 x86_64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date