SUSE-SU-2025:1088-1

Опубликовано: 01 апр. 2025

Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 56 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122_216 fixes several issues.

The following security issues were fixed:

CVE-2024-41062: Sync sock recv cb and release (bsc#1228578).
CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)

Список пакетов

SUSE Linux Enterprise Live Patching 12 SP5

kgraft-patch-4_12_14-122_216-default-13-2.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20251088-1/
Link for SUSE-SU-2025:1088-1
https://lists.suse.com/pipermail/sle-security-updates/2025-April/020635.html
E-Mail link for SUSE-SU-2025:1088-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1228012
SUSE Bug 1228012
https://bugzilla.suse.com/1228578
SUSE Bug 1228578
https://www.suse.com/security/cve/CVE-2022-48791/
SUSE CVE CVE-2022-48791 page
https://www.suse.com/security/cve/CVE-2024-41062/
SUSE CVE CVE-2024-41062 page

Описание

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sas_task Currently a use-after-free may occur if a TMF sas_task is aborted before we handle the IO completion in mpi_ssp_completion(). The abort occurs due to timeout. When the timeout occurs, the SAS_TASK_STATE_ABORTED flag is set and the sas_task is freed in pm8001_exec_internal_tmf_task(). However, if the I/O completion occurs later, the I/O completion still thinks that the sas_task is available. Fix this by clearing the ccb->task if the TMF times out - the I/O completion handler does nothing if this pointer is cleared.

Затронутые продукты

SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_216-default-13-2.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-48791.html
CVE-2022-48791
https://bugzilla.suse.com/1228002
SUSE Bug 1228002
https://bugzilla.suse.com/1228012
SUSE Bug 1228012

Описание

In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: sync sock recv cb and release The problem occurs between the system call to close the sock and hci_rx_work, where the former releases the sock and the latter accesses it without lock protection. CPU0 CPU1 ---- ---- sock_close hci_rx_work l2cap_sock_release hci_acldata_packet l2cap_sock_kill l2cap_recv_frame sk_free l2cap_conless_channel l2cap_sock_recv_cb If hci_rx_work processes the data that needs to be received before the sock is closed, then everything is normal; Otherwise, the work thread may access the released sock when receiving data. Add a chan mutex in the rx callback of the sock to achieve synchronization between the sock release and recv cb. Sock is dead, so set chan data to NULL, avoid others use invalid sock pointer.

Затронутые продукты

SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_216-default-13-2.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-41062.html
CVE-2024-41062
https://bugzilla.suse.com/1228576
SUSE Bug 1228576
https://bugzilla.suse.com/1228578
SUSE Bug 1228578

SUSE-SU-2025:1088-1

Описание

Список пакетов

SUSE Linux Enterprise Live Patching 12 SP5

Ссылки

Уязвимость: CVE-2022-48791

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2024-41062

Описание

Затронутые продукты

Ссылки