SUSE: 2024:2495-1 important: the Linux Kernel Security Advisory Updates
Summary
## The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). * CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). * CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). * CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679). * CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). * CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). * CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). * CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,). * CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595) * CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). * CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587). * CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). * CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()(bsc#1224766). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). * CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696). * CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). * CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). * CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). * CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467). * CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148). * CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). The following non-security bugs were fixed: * Revert "build initrd without systemd" (bsc#1195775)" * cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). * cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). * cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). * cgroup: Remove unnecessary list_empty() (bsc#1222254). * cgroup: preserve KABI of cgroup_root (bsc#1222254). * ocfs2: adjust enabling place for la window (bsc#1219224). * ocfs2: fix sparse warnings (bsc#1219224). * ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). * ocfs2: speed up chain-list searching (bsc#1219224). * random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953). * rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212). * rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211). * scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1216124). * smb: client: ensure to try all targets when finding nested links (bsc#1224020). * x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). * xfs: do not include bnobt blocks when reserving free block pool (bsc#1226270).
References
* bsc#1195775
* bsc#1216124
* bsc#1218148
* bsc#1219224
* bsc#1220492
* bsc#1222015
* bsc#1222254
* bsc#1222678
* bsc#1223384
* bsc#1224020
* bsc#1224679
* bsc#1224696
* bsc#1224703
* bsc#1224749
* bsc#1224764
* bsc#1224765
* bsc#1224766
* bsc#1224935
* bsc#1225098
* bsc#1225467
* bsc#1225487
* bsc#1225518
* bsc#1225611
* bsc#1225732
* bsc#1225737
* bsc#1225749
* bsc#1225840
* bsc#1225866
* bsc#1226145
* bsc#1226211
* bsc#1226212
* bsc#1226270
* bsc#1226587
* bsc#1226595
* bsc#1226634
* bsc#1226758
* bsc#1226785
* bsc#1226786
* bsc#1226789
* bsc#1226953
* bsc#1226962
Cross-
* CVE-2021-47555
* CVE-2021-47571
* CVE-2023-24023
* CVE-2023-52670
* CVE-2023-52752
* CVE-2023-52837
* CVE-2023-52846
* CVE-2023-52881
* CVE-2024-26745
* CVE-2024-26923
* CVE-2024-35789
* CVE-2024-35861
* CVE-2024-35862
* CVE-2024-35864
* CVE-2024-35869
* CVE-2024-35950
* CVE-2024-36894
* CVE-2024-36899
* CVE-2024-36904
* CVE-2024-36940
* CVE-2024-36964
* CVE-2024-36971
* CVE-2024-38541
* CVE-2024-38545
* CVE-2024-38559
* CVE-2024-38560
* CVE-2024-38564
* CVE-2024-38578
CVSS scores:
* CVE-2021-47555 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
* CVE-2021-47571 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47571 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-24023 ( SUSE ): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-24023 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-52670 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52837 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52881 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L
* CVE-2024-26745 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35789 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35869 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36894 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36904 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36940 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36971 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36971 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-38541 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-38545 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-38559 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-38560 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-38564 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-38578 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves 28 vulnerabilities and has 13 security fixes can now be
installed.
##
* https://www.suse.com/security/cve/CVE-2021-47555.html
* https://www.suse.com/security/cve/CVE-2021-47571.html
* https://www.suse.com/security/cve/CVE-2023-24023.html
* https://www.suse.com/security/cve/CVE-2023-52670.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2023-52837.html
* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2023-52881.html
* https://www.suse.com/security/cve/CVE-2024-26745.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-35789.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://www.suse.com/security/cve/CVE-2024-35869.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36894.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36904.html
* https://www.suse.com/security/cve/CVE-2024-36940.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-36971.html
* https://www.suse.com/security/cve/CVE-2024-38541.html
* https://www.suse.com/security/cve/CVE-2024-38545.html
* https://www.suse.com/security/cve/CVE-2024-38559.html
* https://www.suse.com/security/cve/CVE-2024-38560.html
* https://www.suse.com/security/cve/CVE-2024-38564.html
* https://www.suse.com/security/cve/CVE-2024-38578.html
* https://bugzilla.suse.com/show_bug.cgi?id=1195775
* https://bugzilla.suse.com/show_bug.cgi?id=1216124
* https://bugzilla.suse.com/show_bug.cgi?id=1218148
* https://bugzilla.suse.com/show_bug.cgi?id=1219224
* https://bugzilla.suse.com/show_bug.cgi?id=1220492
* https://bugzilla.suse.com/show_bug.cgi?id=1222015
* https://bugzilla.suse.com/show_bug.cgi?id=1222254
* https://bugzilla.suse.com/show_bug.cgi?id=1222678
* https://bugzilla.suse.com/show_bug.cgi?id=1223384
* https://bugzilla.suse.com/show_bug.cgi?id=1224020
* https://bugzilla.suse.com/show_bug.cgi?id=1224679
* https://bugzilla.suse.com/show_bug.cgi?id=1224696
* https://bugzilla.suse.com/show_bug.cgi?id=1224703
* https://bugzilla.suse.com/show_bug.cgi?id=1224749
* https://bugzilla.suse.com/show_bug.cgi?id=1224764
* https://bugzilla.suse.com/show_bug.cgi?id=1224765
* https://bugzilla.suse.com/show_bug.cgi?id=1224766
* https://bugzilla.suse.com/show_bug.cgi?id=1224935
* https://bugzilla.suse.com/show_bug.cgi?id=1225098
* https://bugzilla.suse.com/show_bug.cgi?id=1225467
* https://bugzilla.suse.com/show_bug.cgi?id=1225487
* https://bugzilla.suse.com/show_bug.cgi?id=1225518
* https://bugzilla.suse.com/show_bug.cgi?id=1225611
* https://bugzilla.suse.com/show_bug.cgi?id=1225732
* https://bugzilla.suse.com/show_bug.cgi?id=1225737
* https://bugzilla.suse.com/show_bug.cgi?id=1225749
* https://bugzilla.suse.com/show_bug.cgi?id=1225840
* https://bugzilla.suse.com/show_bug.cgi?id=1225866
* https://bugzilla.suse.com/show_bug.cgi?id=1226145
* https://bugzilla.suse.com/show_bug.cgi?id=1226211
* https://bugzilla.suse.com/show_bug.cgi?id=1226212
* https://bugzilla.suse.com/show_bug.cgi?id=1226270
* https://bugzilla.suse.com/show_bug.cgi?id=1226587
* https://bugzilla.suse.com/show_bug.cgi?id=1226595
* https://bugzilla.suse.com/show_bug.cgi?id=1226634
* https://bugzilla.suse.com/show_bug.cgi?id=1226758
* https://bugzilla.suse.com/show_bug.cgi?id=1226785
* https://bugzilla.suse.com/show_bug.cgi?id=1226786
* https://bugzilla.suse.com/show_bug.cgi?id=1226789
* https://bugzilla.suse.com/show_bug.cgi?id=1226953
* https://bugzilla.suse.com/show_bug.cgi?id=1226962