SUSE-SU-2025:0643-1

Опубликовано: 21 фев. 2025

Источник: suse-cvrf

Описание

Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-150600_8 fixes several issues.

The following security issues were fixed:

CVE-2024-35789: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (bsc#1227320).
CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1228585).
CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP6

kernel-livepatch-6_4_0-150600_8-rt-10-150600.3.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20250643-1/
Link for SUSE-SU-2025:0643-1
https://lists.suse.com/pipermail/sle-security-updates/2025-February/020412.html
E-Mail link for SUSE-SU-2025:0643-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1227320
SUSE Bug 1227320
https://bugzilla.suse.com/1228585
SUSE Bug 1228585
https://bugzilla.suse.com/1236783
SUSE Bug 1236783
https://www.suse.com/security/cve/CVE-2024-35789/
SUSE CVE CVE-2024-35789 page
https://www.suse.com/security/cve/CVE-2024-40956/
SUSE CVE CVE-2024-40956 page
https://www.suse.com/security/cve/CVE-2024-53104/
SUSE CVE CVE-2024-53104 page

Описание

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, the fast_rx entry still holds a pointer to the VLAN's netdev, which can cause use-after-free bugs. Fix this by immediately calling ieee80211_check_fast_rx after the VLAN change.

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_8-rt-10-150600.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-35789.html
CVE-2024-35789
https://bugzilla.suse.com/1224749
SUSE Bug 1224749
https://bugzilla.suse.com/1227320
SUSE Bug 1227320

Описание

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list Use list_for_each_entry_safe() to allow iterating through the list and deleting the entry in the iteration process. The descriptor is freed via idxd_desc_complete() and there's a slight chance may cause issue for the list iterator when the descriptor is reused by another thread without it being deleted from the list.

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_8-rt-10-150600.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40956.html
CVE-2024-40956
https://bugzilla.suse.com/1227810
SUSE Bug 1227810
https://bugzilla.suse.com/1228585
SUSE Bug 1228585

Описание

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_8-rt-10-150600.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-53104.html
CVE-2024-53104
https://bugzilla.suse.com/1234025
SUSE Bug 1234025
https://bugzilla.suse.com/1236783
SUSE Bug 1236783

SUSE-SU-2025:0643-1

Описание

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP6

Ссылки

Уязвимость: CVE-2024-35789

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2024-40956

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2024-53104

Описание

Затронутые продукты

Ссылки