SUSE-SU-2024:1391-1

Опубликовано: 23 апр. 2024

Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-150300_59_150 fixes one issue.

The following security issue was fixed:

CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828).

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP3

kernel-livepatch-5_3_18-150300_59_150-default-5-150300.2.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20241391-1/
Link for SUSE-SU-2024:1391-1
https://lists.suse.com/pipermail/sle-updates/2024-April/035057.html
E-Mail link for SUSE-SU-2024:1391-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1220828
SUSE Bug 1220828
https://www.suse.com/security/cve/CVE-2024-26622/
SUSE CVE CVE-2024-26622 page

Описание

In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Otherwise, concurrent write() requests can cause use-after-free-write and double-free problems.

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_150-default-5-150300.2.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-26622.html
CVE-2024-26622
https://bugzilla.suse.com/1220825
SUSE Bug 1220825
https://bugzilla.suse.com/1220828
SUSE Bug 1220828
https://bugzilla.suse.com/1224298
SUSE Bug 1224298
https://bugzilla.suse.com/1224878
SUSE Bug 1224878

SUSE-SU-2024:1391-1

Описание

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP3

Ссылки

Уязвимость: CVE-2024-26622

Описание

Затронутые продукты

Ссылки