SUSE-SU-2024:3040-1

Опубликовано: 27 авг. 2024

Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 47 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122_173 fixes one issue.

The following security issue was fixed:

CVE-2021-47378: Fixed use-after-free by destroying cm id before destroying qp (bsc#1225202).

Список пакетов

SUSE Linux Enterprise Live Patching 12 SP5

kgraft-patch-4_12_14-122_173-default-14-2.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20243040-1/
Link for SUSE-SU-2024:3040-1
https://lists.suse.com/pipermail/sle-updates/2024-August/036696.html
E-Mail link for SUSE-SU-2024:3040-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1225202
SUSE Bug 1225202
https://www.suse.com/security/cve/CVE-2021-47378/
SUSE CVE CVE-2021-47378 page

Описание

In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cm_id before destroy qp to avoid to get cma event after qp was destroyed, which may lead to use after free. In RDMA connection establishment error flow, don't destroy qp in cm event handler.Just report cm_error to upper level, qp will be destroy in nvme_rdma_alloc_queue() after destroy cm id.

Затронутые продукты

SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-14-2.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-47378.html
CVE-2021-47378
https://bugzilla.suse.com/1225201
SUSE Bug 1225201
https://bugzilla.suse.com/1225202
SUSE Bug 1225202

SUSE-SU-2024:3040-1

Описание

Список пакетов

SUSE Linux Enterprise Live Patching 12 SP5

Ссылки

Уязвимость: CVE-2021-47378

Описание

Затронутые продукты

Ссылки