Описание
Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-150600_23_14 fixes several issues.
The following security issues were fixed:
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1227371).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP6
Ссылки
- Link for SUSE-SU-2025:0669-1
- E-Mail link for SUSE-SU-2025:0669-1
- SUSE Security Ratings
- SUSE Bug 1227371
- SUSE Bug 1236783
- SUSE CVE CVE-2024-36974 page
- SUSE CVE CVE-2024-53104 page
Описание
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_parse_mqprio_opt() must validate it, or userspace can inject arbitrary data to the kernel, the second time taprio_change() is called. First call (with valid attributes) sets dev->num_tc to a non zero value. Second call (with arbitrary mqprio attributes) returns early from taprio_parse_mqprio_opt() and bad things can happen.
Затронутые продукты
Ссылки
- CVE-2024-36974
- SUSE Bug 1226519
- SUSE Bug 1227371
Описание
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.
Затронутые продукты
Ссылки
- CVE-2024-53104
- SUSE Bug 1234025
- SUSE Bug 1236783