Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
- CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
- CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within
nf_tables_newtablefunction (bsc#1218752). - CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).
- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275).
- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).
The following non-security bugs were fixed:
- build: Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281).
- docs: Store the old kernel changelog entries in kernel-docs package (bsc#1218713)
- mkspec: Include constraints for both multibuild and plain package always
- rpm/kernel-docs.spec.in: fix build with 6.8 Since upstream commit f061c9f7d058
- rpm/kernel-source.rpmlintrc: add action-ebpf Upstream commit a79d8ba734bd
- rpm/mkspec: use kernel-source: prefix for constraints on multibuild Otherwise the constraints are not applied with multibuild enabled.
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
Список пакетов
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
SUSE Linux Enterprise High Availability Extension 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
SUSE Linux Enterprise Live Patching 15 SP2
SUSE Linux Enterprise Server 15 SP2-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP2
Ссылки
- Link for SUSE-SU-2024:0478-1
- E-Mail link for SUSE-SU-2024:0478-1
- SUSE Security Ratings
- SUSE Bug 1108281
- SUSE Bug 1193285
- SUSE Bug 1215275
- SUSE Bug 1216702
- SUSE Bug 1217987
- SUSE Bug 1217988
- SUSE Bug 1217989
- SUSE Bug 1218713
- SUSE Bug 1218730
- SUSE Bug 1218752
- SUSE Bug 1218757
- SUSE Bug 1218768
- SUSE Bug 1218804
- SUSE Bug 1218832
- SUSE Bug 1218836
- SUSE Bug 1219053
- SUSE Bug 1219120
Описание
Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.
Затронутые продукты
Ссылки
- CVE-2021-33631
- SUSE Bug 1219412
Описание
Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code.
Затронутые продукты
Ссылки
- CVE-2023-46838
- SUSE Bug 1218836
Описание
The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.
Затронутые продукты
Ссылки
- CVE-2023-47233
- SUSE Bug 1216702
- SUSE Bug 1224592
Описание
A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.
Затронутые продукты
Ссылки
- CVE-2023-4921
- SUSE Bug 1215275
- SUSE Bug 1215300
- SUSE Bug 1217444
- SUSE Bug 1217531
- SUSE Bug 1220906
- SUSE Bug 1223091
- SUSE Bug 1224418
Описание
In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload.
Затронутые продукты
Ссылки
- CVE-2023-51043
- SUSE Bug 1219120
Описание
An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.
Затронутые продукты
Ссылки
- CVE-2023-51780
- SUSE Bug 1218730
- SUSE Bug 1218733
- SUSE Bug 1220191
- SUSE Bug 1221578
- SUSE Bug 1221598
- SUSE Bug 1224298
- SUSE Bug 1224878
Описание
An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition.
Затронутые продукты
Ссылки
- CVE-2023-51782
- SUSE Bug 1218757
Описание
An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.
Затронутые продукты
Ссылки
- CVE-2023-6040
- SUSE Bug 1218752
Описание
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.
Затронутые продукты
Ссылки
- CVE-2023-6356
- SUSE Bug 1217987
Описание
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.
Затронутые продукты
Ссылки
- CVE-2023-6535
- SUSE Bug 1217988
Описание
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.
Затронутые продукты
Ссылки
- CVE-2023-6536
- SUSE Bug 1217989
Описание
A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.
Затронутые продукты
Ссылки
- CVE-2023-6915
- SUSE Bug 1218804
Описание
An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.
Затронутые продукты
Ссылки
- CVE-2024-0565
- SUSE Bug 1218832
- SUSE Bug 1219078
Описание
A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.
Затронутые продукты
Ссылки
- CVE-2024-0775
- SUSE Bug 1219053
- SUSE Bug 1219082
- SUSE Bug 1224298
- SUSE Bug 1224878
Описание
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Затронутые продукты
Ссылки
- CVE-2024-1086
- SUSE Bug 1219434
- SUSE Bug 1219435
- SUSE Bug 1224298
- SUSE Bug 1224878
- SUSE Bug 1226066