SUSE-SU-2024:3387-1

Опубликовано: 23 сент. 2024

Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-150600_23_17 fixes one issue.

The following security issue was fixed:

CVE-2024-40909: Fix a potential use-after-free in bpf_link_free() (bsc#1228349).

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP6

kernel-livepatch-6_4_0-150600_23_17-default-2-150600.13.6.3

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20243387-1/
Link for SUSE-SU-2024:3387-1
https://lists.suse.com/pipermail/sle-security-updates/2024-September/019495.html
E-Mail link for SUSE-SU-2024:3387-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1228349
SUSE Bug 1228349
https://www.suse.com/security/cve/CVE-2024-40909/
SUSE CVE CVE-2024-40909 page

Описание

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free in bpf_link_free() After commit 1a80dbcb2dba, bpf_link can be freed by link->ops->dealloc_deferred, but the code still tests and uses link->ops->dealloc afterward, which leads to a use-after-free as reported by syzbot. Actually, one of them should be sufficient, so just call one of them instead of both. Also add a WARN_ON() in case of any problematic implementation.

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_17-default-2-150600.13.6.3

Ссылки

https://www.suse.com/security/cve/CVE-2024-40909.html
CVE-2024-40909
https://bugzilla.suse.com/1227798
SUSE Bug 1227798
https://bugzilla.suse.com/1228349
SUSE Bug 1228349

SUSE-SU-2024:3387-1

Описание

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP6

Ссылки

Уязвимость: CVE-2024-40909

Описание

Затронутые продукты

Ссылки