Security update for the Linux Kernel (Live Patch 60 for SLE 12 SP5)

Security update for the Linux Kernel

Security update for the Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: arm64/sve: Discard stale CPU state when handling SVE traps The logic for handling SVE traps manipulates saved FPSIMD/SVE state incorrectly, and a race with preemption can result in a task having TIF_SVE set and TIF_FOREIGN_FPSTATE clear even though the live CPU state is stale (e.g. with SVE traps enabled). This has been observed to result in warnings from do_sve_acc() where SVE traps are not expected while TIF_SVE is set: | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* SVE access shouldn't have trapped */ Warnings of this form have been reported intermittently, e.g. https://lore.kernel.org/linux-arm-kernel/CA+G9fYtEGe_DhY2Ms7+L7NKsLYUomGsgqpdBj+QwDLeSg=JhGg@mail.gmail.com/ https://lore.kernel.org/linux-arm-kernel/000000000000511e9a060ce5a45c@google.com/ The race can occur when the SVE trap handler is preempted before and after manipulating the saved FPSIMD/SVE state, start...

Уязвимость функции do_sve_acc() модуля arch/arm64/kernel/fpsimd.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)

Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)

Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP5)

Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP4)

Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)

Security update for the Linux Kernel (Live Patch 50 for SLE 15 SP3)

Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)

In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the i40e driver that leads to MAC/VLAN filters becoming corrupted and leaking. Address the issue that occurs under heavy load when multiple threads are concurrently modifying MAC/VLAN filters by setting mac and port VLAN. 1. Thread T0 allocates a filter in i40e_add_filter() within i40e_ndo_set_vf_port_vlan(). 2. Thread T1 concurrently frees the filter in __i40e_del_filter() within i40e_ndo_set_vf_mac(). 3. Subsequently, i40e_service_task() calls i40e_sync_vsi_filters(), which refers to the already freed filter memory, causing corruption. Reproduction steps: 1. Spawn multiple VFs. 2. Apply a concurrent heavy load by running parallel operations to change MAC addresses on the VFs and change port VLANs on the host. 3. Observe errors in dmesg: "Error I40E_AQ_RC_ENOSPC adding RX filters on VF XX,...

Уязвимость компонента i40e ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)

Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP6)

Security update for the Linux Kernel RT (Live Patch 4 for SLE 15 SP6)

Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP6)

Security update for the Linux Kernel

Security update for the Linux Kernel