Описание
Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-150500_55_62 fixes several issues.
The following security issues were fixed:
- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1228585).
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1227371).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP3
SUSE Linux Enterprise Live Patching 15 SP5
Ссылки
- Link for SUSE-SU-2025:0703-1
- E-Mail link for SUSE-SU-2025:0703-1
- SUSE Security Ratings
- SUSE Bug 1227371
- SUSE Bug 1228585
- SUSE Bug 1236783
- SUSE CVE CVE-2024-36974 page
- SUSE CVE CVE-2024-40956 page
- SUSE CVE CVE-2024-53104 page
Описание
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_parse_mqprio_opt() must validate it, or userspace can inject arbitrary data to the kernel, the second time taprio_change() is called. First call (with valid attributes) sets dev->num_tc to a non zero value. Second call (with arbitrary mqprio attributes) returns early from taprio_parse_mqprio_opt() and bad things can happen.
Затронутые продукты
Ссылки
- CVE-2024-36974
- SUSE Bug 1226519
- SUSE Bug 1227371
Описание
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list Use list_for_each_entry_safe() to allow iterating through the list and deleting the entry in the iteration process. The descriptor is freed via idxd_desc_complete() and there's a slight chance may cause issue for the list iterator when the descriptor is reused by another thread without it being deleted from the list.
Затронутые продукты
Ссылки
- CVE-2024-40956
- SUSE Bug 1227810
- SUSE Bug 1228585
Описание
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.
Затронутые продукты
Ссылки
- CVE-2024-53104
- SUSE Bug 1234025
- SUSE Bug 1236783