1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2024:2385-1

[SUSE-SU-2024:2385-1] Security update for the Linux Kernel

Severity Important
CVEs 27
Info References Vulnerabilities

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467).
  • CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
  • CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
  • CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696).
  • CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
  • CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
  • CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
  • CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
  • CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
  • CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
  • CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
  • CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
  • CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
  • CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
  • CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
  • CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
  • CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
  • CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
  • CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
  • CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587).
  • CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
  • CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
  • CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
  • CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789).
  • CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634).

The following non-security bugs were fixed:

  • Revert 'build initrd without systemd' (bsc#1195775)
  • cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254).
  • cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254).
  • cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).
  • cgroup: Remove unnecessary list_empty() (bsc#1222254).
  • cgroup: preserve KABI of cgroup_root (bsc#1222254).
  • mkspec-dtb: add toplevel symlinks also on arm
  • ocfs2: adjust enabling place for la window (bsc#1219224).
  • ocfs2: fix sparse warnings (bsc#1219224).
  • ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
  • ocfs2: speed up chain-list searching (bsc#1219224).
  • random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953).
  • rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212) Some builds do not just create an iso9660 image, but also mount it during build.
  • rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211) docker needs more networking modules, even legacy iptable_nat and _filter.
  • rpm/kernel-obs-build.spec.in: Include algif_hash, aegis128 and xts modules afgif_hash is needed by some packages (e.g. iwd) for tests, xts is used for LUKS2 volumes by default and aegis128 is useful as AEAD cipher for LUKS2. Wrap the long line to make it readable.
  • rpm/mkspec-dtb: dtbs have moved to vendor sub-directories in 6.5 By commit 724ba6751532 ('ARM: dts: Move .dts files to vendor sub-directories'). So switch to them.
  • scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1216124).
  • smb: client: ensure to try all targets when finding nested links (bsc#1224020).
  • smb: client: guarantee refcounted children from parent session (bsc#1224679).
  • x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
  • xfs: do not include bnobt blocks when reserving free block pool (bsc#1226270).
ID
SUSE-SU-2024:2385-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2024/suse-su-20242385-1/
Published
2024-07-10T13:03:41
(2 months ago)
Modified
2024-07-10T13:03:41
(2 months ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_2385-1.json
Suse URL for SUSE-SU-2024:2385-1 https://www.suse.com/support/update/announcement/2024/suse-su-20242385-1/
Suse E-Mail link for SUSE-SU-2024:2385-1 https://lists.suse.com/pipermail/sle-updates/2024-July/035905.html
Bugzilla SUSE Bug 1195775 https://bugzilla.suse.com/1195775
Bugzilla SUSE Bug 1216124 https://bugzilla.suse.com/1216124
Bugzilla SUSE Bug 1218148 https://bugzilla.suse.com/1218148
Bugzilla SUSE Bug 1219224 https://bugzilla.suse.com/1219224
Bugzilla SUSE Bug 1220492 https://bugzilla.suse.com/1220492
Bugzilla SUSE Bug 1222015 https://bugzilla.suse.com/1222015
Bugzilla SUSE Bug 1222254 https://bugzilla.suse.com/1222254
Bugzilla SUSE Bug 1222678 https://bugzilla.suse.com/1222678
Bugzilla SUSE Bug 1224020 https://bugzilla.suse.com/1224020
Bugzilla SUSE Bug 1224679 https://bugzilla.suse.com/1224679
Bugzilla SUSE Bug 1224696 https://bugzilla.suse.com/1224696
Bugzilla SUSE Bug 1224703 https://bugzilla.suse.com/1224703
Bugzilla SUSE Bug 1224749 https://bugzilla.suse.com/1224749
Bugzilla SUSE Bug 1224764 https://bugzilla.suse.com/1224764
Bugzilla SUSE Bug 1224765 https://bugzilla.suse.com/1224765
Bugzilla SUSE Bug 1224766 https://bugzilla.suse.com/1224766
Bugzilla SUSE Bug 1224935 https://bugzilla.suse.com/1224935
Bugzilla SUSE Bug 1225098 https://bugzilla.suse.com/1225098
Bugzilla SUSE Bug 1225467 https://bugzilla.suse.com/1225467
Bugzilla SUSE Bug 1225487 https://bugzilla.suse.com/1225487
Bugzilla SUSE Bug 1225518 https://bugzilla.suse.com/1225518
Bugzilla SUSE Bug 1225611 https://bugzilla.suse.com/1225611
Bugzilla SUSE Bug 1225732 https://bugzilla.suse.com/1225732
Bugzilla SUSE Bug 1225737 https://bugzilla.suse.com/1225737
Bugzilla SUSE Bug 1225749 https://bugzilla.suse.com/1225749
Bugzilla SUSE Bug 1225840 https://bugzilla.suse.com/1225840
Bugzilla SUSE Bug 1225866 https://bugzilla.suse.com/1225866
Bugzilla SUSE Bug 1226145 https://bugzilla.suse.com/1226145
Bugzilla SUSE Bug 1226211 https://bugzilla.suse.com/1226211
Bugzilla SUSE Bug 1226212 https://bugzilla.suse.com/1226212
Bugzilla SUSE Bug 1226270 https://bugzilla.suse.com/1226270
Bugzilla SUSE Bug 1226587 https://bugzilla.suse.com/1226587
Bugzilla SUSE Bug 1226595 https://bugzilla.suse.com/1226595
Bugzilla SUSE Bug 1226634 https://bugzilla.suse.com/1226634
Bugzilla SUSE Bug 1226785 https://bugzilla.suse.com/1226785
Bugzilla SUSE Bug 1226786 https://bugzilla.suse.com/1226786
Bugzilla SUSE Bug 1226789 https://bugzilla.suse.com/1226789
Bugzilla SUSE Bug 1226953 https://bugzilla.suse.com/1226953
Bugzilla SUSE Bug 1226962 https://bugzilla.suse.com/1226962
CVE SUSE CVE CVE-2021-47555 page https://www.suse.com/security/cve/CVE-2021-47555/
CVE SUSE CVE CVE-2021-47571 page https://www.suse.com/security/cve/CVE-2021-47571/
CVE SUSE CVE CVE-2023-24023 page https://www.suse.com/security/cve/CVE-2023-24023/
CVE SUSE CVE CVE-2023-52670 page https://www.suse.com/security/cve/CVE-2023-52670/
CVE SUSE CVE CVE-2023-52752 page https://www.suse.com/security/cve/CVE-2023-52752/
CVE SUSE CVE CVE-2023-52837 page https://www.suse.com/security/cve/CVE-2023-52837/
CVE SUSE CVE CVE-2023-52846 page https://www.suse.com/security/cve/CVE-2023-52846/
CVE SUSE CVE CVE-2023-52881 page https://www.suse.com/security/cve/CVE-2023-52881/
CVE SUSE CVE CVE-2024-26745 page https://www.suse.com/security/cve/CVE-2024-26745/
CVE SUSE CVE CVE-2024-35789 page https://www.suse.com/security/cve/CVE-2024-35789/
CVE SUSE CVE CVE-2024-35861 page https://www.suse.com/security/cve/CVE-2024-35861/
CVE SUSE CVE CVE-2024-35862 page https://www.suse.com/security/cve/CVE-2024-35862/
CVE SUSE CVE CVE-2024-35864 page https://www.suse.com/security/cve/CVE-2024-35864/
CVE SUSE CVE CVE-2024-35869 page https://www.suse.com/security/cve/CVE-2024-35869/
CVE SUSE CVE CVE-2024-35950 page https://www.suse.com/security/cve/CVE-2024-35950/
CVE SUSE CVE CVE-2024-36894 page https://www.suse.com/security/cve/CVE-2024-36894/
CVE SUSE CVE CVE-2024-36899 page https://www.suse.com/security/cve/CVE-2024-36899/
CVE SUSE CVE CVE-2024-36904 page https://www.suse.com/security/cve/CVE-2024-36904/
CVE SUSE CVE CVE-2024-36940 page https://www.suse.com/security/cve/CVE-2024-36940/
CVE SUSE CVE CVE-2024-36964 page https://www.suse.com/security/cve/CVE-2024-36964/
CVE SUSE CVE CVE-2024-36971 page https://www.suse.com/security/cve/CVE-2024-36971/
CVE SUSE CVE CVE-2024-38541 page https://www.suse.com/security/cve/CVE-2024-38541/
CVE SUSE CVE CVE-2024-38545 page https://www.suse.com/security/cve/CVE-2024-38545/
CVE SUSE CVE CVE-2024-38559 page https://www.suse.com/security/cve/CVE-2024-38559/
CVE SUSE CVE CVE-2024-38560 page https://www.suse.com/security/cve/CVE-2024-38560/
CVE SUSE CVE CVE-2024-38564 page https://www.suse.com/security/cve/CVE-2024-38564/
CVE SUSE CVE CVE-2024-38578 page https://www.suse.com/security/cve/CVE-2024-38578/
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date