Описание
Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-150600_21 fixes several issues.
The following security issues were fixed:
- CVE-2024-35789: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (bsc#1227320).
- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1228585).
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1227371).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP3
SUSE Linux Enterprise Live Patching 15 SP4
SUSE Linux Enterprise Live Patching 15 SP5
SUSE Linux Enterprise Live Patching 15 SP6
Ссылки
- Link for SUSE-SU-2025:0681-1
- E-Mail link for SUSE-SU-2025:0681-1
- SUSE Security Ratings
- SUSE Bug 1227320
- SUSE Bug 1227371
- SUSE Bug 1228585
- SUSE Bug 1236783
- SUSE CVE CVE-2024-35789 page
- SUSE CVE CVE-2024-36974 page
- SUSE CVE CVE-2024-40956 page
- SUSE CVE CVE-2024-53104 page
Описание
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, the fast_rx entry still holds a pointer to the VLAN's netdev, which can cause use-after-free bugs. Fix this by immediately calling ieee80211_check_fast_rx after the VLAN change.
Затронутые продукты
Ссылки
- CVE-2024-35789
- SUSE Bug 1224749
- SUSE Bug 1227320
Описание
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_parse_mqprio_opt() must validate it, or userspace can inject arbitrary data to the kernel, the second time taprio_change() is called. First call (with valid attributes) sets dev->num_tc to a non zero value. Second call (with arbitrary mqprio attributes) returns early from taprio_parse_mqprio_opt() and bad things can happen.
Затронутые продукты
Ссылки
- CVE-2024-36974
- SUSE Bug 1226519
- SUSE Bug 1227371
Описание
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list Use list_for_each_entry_safe() to allow iterating through the list and deleting the entry in the iteration process. The descriptor is freed via idxd_desc_complete() and there's a slight chance may cause issue for the list iterator when the descriptor is reused by another thread without it being deleted from the list.
Затронутые продукты
Ссылки
- CVE-2024-40956
- SUSE Bug 1227810
- SUSE Bug 1228585
Описание
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.
Затронутые продукты
Ссылки
- CVE-2024-53104
- SUSE Bug 1234025
- SUSE Bug 1236783