

# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2024:3499-1  
Rating: important  
References:

  * bsc#1196018
  * bsc#1196823
  * bsc#1202346
  * bsc#1209636
  * bsc#1209799
  * bsc#1210629
  * bsc#1216834
  * bsc#1220185
  * bsc#1220186
  * bsc#1222251
  * bsc#1222728
  * bsc#1223948
  * bsc#1225109
  * bsc#1225584
  * bsc#1227942
  * bsc#1227969
  * bsc#1227985
  * bsc#1228002
  * bsc#1228015
  * bsc#1228114
  * bsc#1228516
  * bsc#1228576
  * bsc#1228959
  * bsc#1229400
  * bsc#1229454
  * bsc#1229500
  * bsc#1229503
  * bsc#1229510
  * bsc#1229512
  * bsc#1229607
  * bsc#1229630
  * bsc#1229641
  * bsc#1229657
  * bsc#1229707

  
Cross-References:

  * CVE-2022-0854
  * CVE-2022-20368
  * CVE-2022-28748
  * CVE-2022-2964
  * CVE-2022-48686
  * CVE-2022-48791
  * CVE-2022-48802
  * CVE-2022-48805
  * CVE-2022-48839
  * CVE-2022-48853
  * CVE-2022-48872
  * CVE-2022-48873
  * CVE-2022-48901
  * CVE-2022-48912
  * CVE-2022-48919
  * CVE-2022-48925
  * CVE-2023-1582
  * CVE-2023-2176
  * CVE-2023-52854
  * CVE-2024-26583
  * CVE-2024-26584
  * CVE-2024-26800
  * CVE-2024-41011
  * CVE-2024-41062
  * CVE-2024-42077
  * CVE-2024-42232
  * CVE-2024-42271
  * CVE-2024-43861
  * CVE-2024-43882
  * CVE-2024-43883
  * CVE-2024-44947

  
CVSS scores:

  * CVE-2022-0854 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2022-0854 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2022-20368 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-20368 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-28748 ( SUSE ):  3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
  * CVE-2022-2964 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-2964 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-48686 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-48686 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-48791 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-48791 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-48802 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-48805 ( SUSE ):  6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-48839 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-48839 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-48853 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-48853 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2022-48872 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-48872 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-48873 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-48873 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-48901 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-48901 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-48912 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-48912 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-48919 ( SUSE ):  7.1
    CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  * CVE-2022-48919 ( SUSE ):  6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-48919 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-48925 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-48925 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-1582 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-1582 ( NVD ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-2176 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-2176 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-52854 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-26583 ( SUSE ):  5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-26583 ( NVD ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-26584 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-26584 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-26800 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-41011 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-41011 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-41062 ( SUSE ):  7.3
    CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  * CVE-2024-41062 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-42077 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-42077 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-42232 ( SUSE ):  7.3
    CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  * CVE-2024-42232 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-42232 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-42271 ( SUSE ):  7.3
    CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  * CVE-2024-42271 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-42271 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-43861 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-43861 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-43882 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-43882 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-43883 ( SUSE ):  5.4
    CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  * CVE-2024-43883 ( SUSE ):  6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-44947 ( SUSE ):  6.8
    CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
  * CVE-2024-44947 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2024-44947 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

  
Affected Products:

  * SUSE Linux Enterprise High Availability Extension 15 SP2
  * SUSE Linux Enterprise High Performance Computing 15 SP2
  * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
  * SUSE Linux Enterprise Live Patching 15-SP2
  * SUSE Linux Enterprise Server 15 SP2
  * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2
  * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
  * SUSE Linux Enterprise Server for SAP Applications 15 SP2
  * SUSE Manager Proxy 4.1
  * SUSE Manager Retail Branch Server 4.1
  * SUSE Manager Server 4.1

  
  
An update that solves 31 vulnerabilities and has three security fixes can now be
installed.

## Description:

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security
bugfixes.

The following security bugs were fixed:

  * CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)
  * CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate
    (bsc#1229454).
  * CVE-2022-48919: Fix double free race when mount fails in cifs_get_root()
    (bsc#1229657).
  * CVE-2023-52854: Fix refcnt handling in padata_free_shell() (bsc#1225584).
  * CVE-2024-43883: Do not drop references before new references are gained
    (bsc#1229707).
  * CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
  * CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
  * CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage.
    (bsc#1229503)
  * CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
  * CVE-2022-48872: Fix use-after-free race condition for maps (bsc#1229510).
  * CVE-2022-48873: Do not remove map on creater_process and device_release
    (bsc#1229512).
  * CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
  * CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop().
    (bsc#1228959)
  * CVE-2022-48686: Fixed UAF when detecting digest errors (bsc#1223948).

The following non-security bugs were fixed:

  * Bluetooth: L2CAP: Fix deadlock (git-fixes).
  * powerpc: Remove support for PowerPC 601 (Remove unused and malformed
    assembly causing build error).
  * sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799
    bsc#1225109).
  * scsi: pm80xx: Fix TMF task completion race condition (bsc#1228002)

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Live Patching 15-SP2  
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-3499=1

  * SUSE Linux Enterprise High Availability Extension 15 SP2  
    zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2024-3499=1

  * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3499=1

  * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3499=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP2  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3499=1

## Package List:

  * SUSE Linux Enterprise Live Patching 15-SP2 (nosrc)
    * kernel-default-5.3.18-150200.24.203.1
  * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64)
    * kernel-default-livepatch-devel-5.3.18-150200.24.203.1
    * kernel-default-debuginfo-5.3.18-150200.24.203.1
    * kernel-livepatch-SLE15-SP2_Update_52-debugsource-1-150200.5.3.1
    * kernel-livepatch-5_3_18-150200_24_203-default-1-150200.5.3.1
    * kernel-livepatch-5_3_18-150200_24_203-default-debuginfo-1-150200.5.3.1
    * kernel-default-debugsource-5.3.18-150200.24.203.1
    * kernel-default-livepatch-5.3.18-150200.24.203.1
  * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le
    s390x x86_64)
    * dlm-kmp-default-debuginfo-5.3.18-150200.24.203.1
    * ocfs2-kmp-default-debuginfo-5.3.18-150200.24.203.1
    * kernel-default-debuginfo-5.3.18-150200.24.203.1
    * dlm-kmp-default-5.3.18-150200.24.203.1
    * kernel-default-debugsource-5.3.18-150200.24.203.1
    * gfs2-kmp-default-5.3.18-150200.24.203.1
    * cluster-md-kmp-default-5.3.18-150200.24.203.1
    * ocfs2-kmp-default-5.3.18-150200.24.203.1
    * cluster-md-kmp-default-debuginfo-5.3.18-150200.24.203.1
    * gfs2-kmp-default-debuginfo-5.3.18-150200.24.203.1
  * SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc)
    * kernel-default-5.3.18-150200.24.203.1
  * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
    nosrc x86_64)
    * kernel-preempt-5.3.18-150200.24.203.1
    * kernel-default-5.3.18-150200.24.203.1
  * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
    x86_64)
    * kernel-preempt-devel-debuginfo-5.3.18-150200.24.203.1
    * kernel-default-devel-debuginfo-5.3.18-150200.24.203.1
    * kernel-default-debuginfo-5.3.18-150200.24.203.1
    * kernel-preempt-debuginfo-5.3.18-150200.24.203.1
    * kernel-preempt-debugsource-5.3.18-150200.24.203.1
    * kernel-default-base-5.3.18-150200.24.203.1.150200.9.105.1
    * kernel-preempt-devel-5.3.18-150200.24.203.1
    * kernel-syms-5.3.18-150200.24.203.1
    * kernel-obs-build-5.3.18-150200.24.203.1
    * kernel-default-devel-5.3.18-150200.24.203.1
    * kernel-default-debugsource-5.3.18-150200.24.203.1
    * kernel-obs-build-debugsource-5.3.18-150200.24.203.1
  * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
    * kernel-source-5.3.18-150200.24.203.1
    * kernel-devel-5.3.18-150200.24.203.1
    * kernel-macros-5.3.18-150200.24.203.1
  * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch
    nosrc)
    * kernel-docs-5.3.18-150200.24.203.1
  * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
    x86_64 nosrc)
    * kernel-default-5.3.18-150200.24.203.1
  * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
    x86_64)
    * kernel-default-devel-debuginfo-5.3.18-150200.24.203.1
    * kernel-default-debuginfo-5.3.18-150200.24.203.1
    * kernel-default-base-5.3.18-150200.24.203.1.150200.9.105.1
    * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.203.1
    * reiserfs-kmp-default-5.3.18-150200.24.203.1
    * kernel-syms-5.3.18-150200.24.203.1
    * kernel-obs-build-5.3.18-150200.24.203.1
    * kernel-default-devel-5.3.18-150200.24.203.1
    * kernel-default-debugsource-5.3.18-150200.24.203.1
    * kernel-obs-build-debugsource-5.3.18-150200.24.203.1
  * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
    * kernel-source-5.3.18-150200.24.203.1
    * kernel-devel-5.3.18-150200.24.203.1
    * kernel-macros-5.3.18-150200.24.203.1
  * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc)
    * kernel-docs-5.3.18-150200.24.203.1
  * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
    * kernel-preempt-5.3.18-150200.24.203.1
  * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
    * kernel-preempt-debuginfo-5.3.18-150200.24.203.1
    * kernel-preempt-debugsource-5.3.18-150200.24.203.1
    * kernel-preempt-devel-debuginfo-5.3.18-150200.24.203.1
    * kernel-preempt-devel-5.3.18-150200.24.203.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le
    x86_64)
    * kernel-default-5.3.18-150200.24.203.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
    * kernel-default-devel-debuginfo-5.3.18-150200.24.203.1
    * kernel-default-debuginfo-5.3.18-150200.24.203.1
    * kernel-default-base-5.3.18-150200.24.203.1.150200.9.105.1
    * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.203.1
    * reiserfs-kmp-default-5.3.18-150200.24.203.1
    * kernel-syms-5.3.18-150200.24.203.1
    * kernel-obs-build-5.3.18-150200.24.203.1
    * kernel-default-devel-5.3.18-150200.24.203.1
    * kernel-default-debugsource-5.3.18-150200.24.203.1
    * kernel-obs-build-debugsource-5.3.18-150200.24.203.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
    * kernel-source-5.3.18-150200.24.203.1
    * kernel-devel-5.3.18-150200.24.203.1
    * kernel-macros-5.3.18-150200.24.203.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc)
    * kernel-docs-5.3.18-150200.24.203.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64)
    * kernel-preempt-5.3.18-150200.24.203.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64)
    * kernel-preempt-debuginfo-5.3.18-150200.24.203.1
    * kernel-preempt-debugsource-5.3.18-150200.24.203.1
    * kernel-preempt-devel-debuginfo-5.3.18-150200.24.203.1
    * kernel-preempt-devel-5.3.18-150200.24.203.1

## References:

  * https://www.suse.com/security/cve/CVE-2022-0854.html
  * https://www.suse.com/security/cve/CVE-2022-20368.html
  * https://www.suse.com/security/cve/CVE-2022-28748.html
  * https://www.suse.com/security/cve/CVE-2022-2964.html
  * https://www.suse.com/security/cve/CVE-2022-48686.html
  * https://www.suse.com/security/cve/CVE-2022-48791.html
  * https://www.suse.com/security/cve/CVE-2022-48802.html
  * https://www.suse.com/security/cve/CVE-2022-48805.html
  * https://www.suse.com/security/cve/CVE-2022-48839.html
  * https://www.suse.com/security/cve/CVE-2022-48853.html
  * https://www.suse.com/security/cve/CVE-2022-48872.html
  * https://www.suse.com/security/cve/CVE-2022-48873.html
  * https://www.suse.com/security/cve/CVE-2022-48901.html
  * https://www.suse.com/security/cve/CVE-2022-48912.html
  * https://www.suse.com/security/cve/CVE-2022-48919.html
  * https://www.suse.com/security/cve/CVE-2022-48925.html
  * https://www.suse.com/security/cve/CVE-2023-1582.html
  * https://www.suse.com/security/cve/CVE-2023-2176.html
  * https://www.suse.com/security/cve/CVE-2023-52854.html
  * https://www.suse.com/security/cve/CVE-2024-26583.html
  * https://www.suse.com/security/cve/CVE-2024-26584.html
  * https://www.suse.com/security/cve/CVE-2024-26800.html
  * https://www.suse.com/security/cve/CVE-2024-41011.html
  * https://www.suse.com/security/cve/CVE-2024-41062.html
  * https://www.suse.com/security/cve/CVE-2024-42077.html
  * https://www.suse.com/security/cve/CVE-2024-42232.html
  * https://www.suse.com/security/cve/CVE-2024-42271.html
  * https://www.suse.com/security/cve/CVE-2024-43861.html
  * https://www.suse.com/security/cve/CVE-2024-43882.html
  * https://www.suse.com/security/cve/CVE-2024-43883.html
  * https://www.suse.com/security/cve/CVE-2024-44947.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1196018
  * https://bugzilla.suse.com/show_bug.cgi?id=1196823
  * https://bugzilla.suse.com/show_bug.cgi?id=1202346
  * https://bugzilla.suse.com/show_bug.cgi?id=1209636
  * https://bugzilla.suse.com/show_bug.cgi?id=1209799
  * https://bugzilla.suse.com/show_bug.cgi?id=1210629
  * https://bugzilla.suse.com/show_bug.cgi?id=1216834
  * https://bugzilla.suse.com/show_bug.cgi?id=1220185
  * https://bugzilla.suse.com/show_bug.cgi?id=1220186
  * https://bugzilla.suse.com/show_bug.cgi?id=1222251
  * https://bugzilla.suse.com/show_bug.cgi?id=1222728
  * https://bugzilla.suse.com/show_bug.cgi?id=1223948
  * https://bugzilla.suse.com/show_bug.cgi?id=1225109
  * https://bugzilla.suse.com/show_bug.cgi?id=1225584
  * https://bugzilla.suse.com/show_bug.cgi?id=1227942
  * https://bugzilla.suse.com/show_bug.cgi?id=1227969
  * https://bugzilla.suse.com/show_bug.cgi?id=1227985
  * https://bugzilla.suse.com/show_bug.cgi?id=1228002
  * https://bugzilla.suse.com/show_bug.cgi?id=1228015
  * https://bugzilla.suse.com/show_bug.cgi?id=1228114
  * https://bugzilla.suse.com/show_bug.cgi?id=1228516
  * https://bugzilla.suse.com/show_bug.cgi?id=1228576
  * https://bugzilla.suse.com/show_bug.cgi?id=1228959
  * https://bugzilla.suse.com/show_bug.cgi?id=1229400
  * https://bugzilla.suse.com/show_bug.cgi?id=1229454
  * https://bugzilla.suse.com/show_bug.cgi?id=1229500
  * https://bugzilla.suse.com/show_bug.cgi?id=1229503
  * https://bugzilla.suse.com/show_bug.cgi?id=1229510
  * https://bugzilla.suse.com/show_bug.cgi?id=1229512
  * https://bugzilla.suse.com/show_bug.cgi?id=1229607
  * https://bugzilla.suse.com/show_bug.cgi?id=1229630
  * https://bugzilla.suse.com/show_bug.cgi?id=1229641
  * https://bugzilla.suse.com/show_bug.cgi?id=1229657
  * https://bugzilla.suse.com/show_bug.cgi?id=1229707

SUSE: 2024:3499-1 important: the Linux Kernel Security Advisory Updates

September 30, 2024

* bsc#1196018 * bsc#1196823 * bsc#1202346 * bsc#1209636 * bsc#1209799

Summary

## The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002) * CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454). * CVE-2022-48919: Fix double free race when mount fails in cifs_get_root() (bsc#1229657). * CVE-2023-52854: Fix refcnt handling in padata_free_shell() (bsc#1225584). * CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707). * CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). * CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500). * CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) * CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641) * CVE-2022-48872: Fix use-after-free race condition for maps (bsc#1229510). * CVE-2022-48873: Do not remove map on creater_process and device_release (bsc#1229512). * CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400) * CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959) * CVE-2022-48686: Fixed UAF when detecting digest errors (bsc#1223948). The following non-security bugs were fixed: * Bluetooth: L2CAP: Fix deadlock (git-fixes). * powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error). * sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799 bsc#1225109). * scsi: pm80xx: Fix TMF task completion race condition (bsc#1228002)

References

* bsc#1196018

* bsc#1196823

* bsc#1202346

* bsc#1209636

* bsc#1209799

* bsc#1210629

* bsc#1216834

* bsc#1220185

* bsc#1220186

* bsc#1222251

* bsc#1222728

* bsc#1223948

* bsc#1225109

* bsc#1225584

* bsc#1227942

* bsc#1227969

* bsc#1227985

* bsc#1228002

* bsc#1228015

* bsc#1228114

* bsc#1228516

* bsc#1228576

* bsc#1228959

* bsc#1229400

* bsc#1229454

* bsc#1229500

* bsc#1229503

* bsc#1229510

* bsc#1229512

* bsc#1229607

* bsc#1229630

* bsc#1229641

* bsc#1229657

* bsc#1229707

Cross-

* CVE-2022-0854

* CVE-2022-20368

* CVE-2022-28748

* CVE-2022-2964

* CVE-2022-48686

* CVE-2022-48791

* CVE-2022-48802

* CVE-2022-48805

* CVE-2022-48839

* CVE-2022-48853

* CVE-2022-48872

* CVE-2022-48873

* CVE-2022-48901

* CVE-2022-48912

* CVE-2022-48919

* CVE-2022-48925

* CVE-2023-1582

* CVE-2023-2176

* CVE-2023-52854

* CVE-2024-26583

* CVE-2024-26584

* CVE-2024-26800

* CVE-2024-41011

* CVE-2024-41062

* CVE-2024-42077

* CVE-2024-42232

* CVE-2024-42271

* CVE-2024-43861

* CVE-2024-43882

* CVE-2024-43883

* CVE-2024-44947

CVSS scores:

* CVE-2022-0854 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2022-0854 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2022-20368 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2022-20368 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2022-28748 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

* CVE-2022-2964 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2022-2964 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2022-48686 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2022-48686 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2022-48791 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2022-48791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2022-48802 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2022-48805 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2022-48839 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2022-48839 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2022-48853 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2022-48853 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2022-48872 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2022-48872 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2022-48873 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2022-48873 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2022-48901 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2022-48901 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2022-48912 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2022-48912 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2022-48919 ( SUSE ): 7.1

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2022-48919 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

* CVE-2022-48919 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2022-48925 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2022-48925 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-1582 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-1582 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-52854 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-26583 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-26583 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-26584 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-26584 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-26800 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-41011 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-41011 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-41062 ( SUSE ): 7.3

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2024-41062 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-42077 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-42077 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-42232 ( SUSE ): 7.3

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2024-42232 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-42232 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-42271 ( SUSE ): 7.3

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2024-42271 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-42271 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-43882 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-43882 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-43883 ( SUSE ): 5.4

CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2024-43883 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-44947 ( SUSE ): 6.8

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

* CVE-2024-44947 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-44947 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* SUSE Linux Enterprise High Availability Extension 15 SP2

* SUSE Linux Enterprise High Performance Computing 15 SP2

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2

* SUSE Linux Enterprise Live Patching 15-SP2

* SUSE Linux Enterprise Server 15 SP2

* SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2

* SUSE Linux Enterprise Server for SAP Applications 15 SP2

* SUSE Manager Proxy 4.1

* SUSE Manager Retail Branch Server 4.1

* SUSE Manager Server 4.1

An update that solves 31 vulnerabilities and has three security fixes can now be

installed.

* https://www.suse.com/security/cve/CVE-2022-0854.html

* https://www.suse.com/security/cve/CVE-2022-20368.html

* https://www.suse.com/security/cve/CVE-2022-28748.html

* https://www.suse.com/security/cve/CVE-2022-2964.html

* https://www.suse.com/security/cve/CVE-2022-48686.html

* https://www.suse.com/security/cve/CVE-2022-48791.html

* https://www.suse.com/security/cve/CVE-2022-48802.html

* https://www.suse.com/security/cve/CVE-2022-48805.html

* https://www.suse.com/security/cve/CVE-2022-48839.html

* https://www.suse.com/security/cve/CVE-2022-48853.html

* https://www.suse.com/security/cve/CVE-2022-48872.html

* https://www.suse.com/security/cve/CVE-2022-48873.html

* https://www.suse.com/security/cve/CVE-2022-48901.html

* https://www.suse.com/security/cve/CVE-2022-48912.html

* https://www.suse.com/security/cve/CVE-2022-48919.html

* https://www.suse.com/security/cve/CVE-2022-48925.html

* https://www.suse.com/security/cve/CVE-2023-1582.html

* https://www.suse.com/security/cve/CVE-2023-2176.html

* https://www.suse.com/security/cve/CVE-2023-52854.html

* https://www.suse.com/security/cve/CVE-2024-26583.html

* https://www.suse.com/security/cve/CVE-2024-26584.html

* https://www.suse.com/security/cve/CVE-2024-26800.html

* https://www.suse.com/security/cve/CVE-2024-41011.html

* https://www.suse.com/security/cve/CVE-2024-41062.html

* https://www.suse.com/security/cve/CVE-2024-42077.html

* https://www.suse.com/security/cve/CVE-2024-42232.html

* https://www.suse.com/security/cve/CVE-2024-42271.html

* https://www.suse.com/security/cve/CVE-2024-43861.html

* https://www.suse.com/security/cve/CVE-2024-43882.html

* https://www.suse.com/security/cve/CVE-2024-43883.html

* https://www.suse.com/security/cve/CVE-2024-44947.html

* https://bugzilla.suse.com/show_bug.cgi?id=1196018

* https://bugzilla.suse.com/show_bug.cgi?id=1196823

* https://bugzilla.suse.com/show_bug.cgi?id=1202346

* https://bugzilla.suse.com/show_bug.cgi?id=1209636

* https://bugzilla.suse.com/show_bug.cgi?id=1209799

* https://bugzilla.suse.com/show_bug.cgi?id=1210629

* https://bugzilla.suse.com/show_bug.cgi?id=1216834

* https://bugzilla.suse.com/show_bug.cgi?id=1220185

* https://bugzilla.suse.com/show_bug.cgi?id=1220186

* https://bugzilla.suse.com/show_bug.cgi?id=1222251

* https://bugzilla.suse.com/show_bug.cgi?id=1222728

* https://bugzilla.suse.com/show_bug.cgi?id=1223948

* https://bugzilla.suse.com/show_bug.cgi?id=1225109

* https://bugzilla.suse.com/show_bug.cgi?id=1225584

* https://bugzilla.suse.com/show_bug.cgi?id=1227942

* https://bugzilla.suse.com/show_bug.cgi?id=1227969

* https://bugzilla.suse.com/show_bug.cgi?id=1227985

* https://bugzilla.suse.com/show_bug.cgi?id=1228002

* https://bugzilla.suse.com/show_bug.cgi?id=1228015

* https://bugzilla.suse.com/show_bug.cgi?id=1228114

* https://bugzilla.suse.com/show_bug.cgi?id=1228516

* https://bugzilla.suse.com/show_bug.cgi?id=1228576

* https://bugzilla.suse.com/show_bug.cgi?id=1228959

* https://bugzilla.suse.com/show_bug.cgi?id=1229400

* https://bugzilla.suse.com/show_bug.cgi?id=1229454

* https://bugzilla.suse.com/show_bug.cgi?id=1229500

* https://bugzilla.suse.com/show_bug.cgi?id=1229503

* https://bugzilla.suse.com/show_bug.cgi?id=1229510

* https://bugzilla.suse.com/show_bug.cgi?id=1229512

* https://bugzilla.suse.com/show_bug.cgi?id=1229607

* https://bugzilla.suse.com/show_bug.cgi?id=1229630

* https://bugzilla.suse.com/show_bug.cgi?id=1229641

* https://bugzilla.suse.com/show_bug.cgi?id=1229657

* https://bugzilla.suse.com/show_bug.cgi?id=1229707

Severity

Announcement ID: SUSE-SU-2024:3499-1

Rating: important

SUSE: 2024:3499-1 important: the Linux Kernel Security Advisory Updates

Summary

References

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By