Описание
Security update for the Linux Kernel (Live Patch 56 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122_216 fixes several issues.
The following security issues were fixed:
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231204).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233679).
- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228017).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229640).
- CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354)
Список пакетов
SUSE Linux Enterprise Live Patching 12 SP5
Ссылки
- Link for SUSE-SU-2025:0892-1
- E-Mail link for SUSE-SU-2025:0892-1
- SUSE Security Ratings
- SUSE Bug 1227656
- SUSE Bug 1228017
- SUSE Bug 1229640
- SUSE Bug 1231204
- SUSE Bug 1233679
- SUSE CVE CVE-2021-47496 page
- SUSE CVE CVE-2022-48792 page
- SUSE CVE CVE-2022-48911 page
- SUSE CVE CVE-2024-46818 page
- SUSE CVE CVE-2024-50302 page
Описание
In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix flipped sign in tls_err_abort() calls sk->sk_err appears to expect a positive value, a convention that ktls doesn't always follow and that leads to memory corruption in other code. For instance, [kworker] tls_encrypt_done(..., err=<negative error from crypto request>) tls_err_abort(.., err) sk->sk_err = err; [task] splice_from_pipe_feed ... tls_sw_do_sendpage if (sk->sk_err) { ret = -sk->sk_err; // ret is positive splice_from_pipe_feed (continued) ret = actor(...) // ret is still positive and interpreted as bytes // written, resulting in underflow of buf->len and // sd->len, leading to huge buf->offset and bogus // addresses computed in later calls to actor() Fix all tls_err_abort() callers to pass a negative error code consistently and centralize the error-prone sign flip there, throwing in a warning to catch future misuse and uninlining the function so it really does only warn once.
Затронутые продукты
Ссылки
- CVE-2021-47496
- SUSE Bug 1225354
- SUSE Bug 1227656
Описание
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task Currently a use-after-free may occur if a sas_task is aborted by the upper layer before we handle the I/O completion in mpi_ssp_completion() or mpi_sata_completion(). In this case, the following are the two steps in handling those I/O completions: - Call complete() to inform the upper layer handler of completion of the I/O. - Release driver resources associated with the sas_task in pm8001_ccb_task_free() call. When complete() is called, the upper layer may free the sas_task. As such, we should not touch the associated sas_task afterwards, but we do so in the pm8001_ccb_task_free() call. Fix by swapping the complete() and pm8001_ccb_task_free() calls ordering.
Затронутые продукты
Ссылки
- CVE-2022-48792
- SUSE Bug 1228013
- SUSE Bug 1228017
Описание
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: fix possible use-after-free Eric Dumazet says: The sock_hold() side seems suspect, because there is no guarantee that sk_refcnt is not already 0. On failure, we cannot queue the packet and need to indicate an error. The packet will be dropped by the caller. v2: split skb prefetch hunk into separate change
Затронутые продукты
Ссылки
- CVE-2022-48911
- SUSE Bug 1229633
- SUSE Bug 1229640
Описание
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check gpio_id before used as array index [WHY & HOW] GPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore should be checked in advance. This fixes 5 OVERRUN issues reported by Coverity.
Затронутые продукты
Ссылки
- CVE-2024-46818
- SUSE Bug 1231203
- SUSE Bug 1231204
Описание
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.
Затронутые продукты
Ссылки
- CVE-2024-50302
- SUSE Bug 1233491
- SUSE Bug 1233679