Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-42070 (GCVE-0-2024-42070)
Vulnerability from cvelistv5
Published
2024-07-29 15:52
Modified
2025-11-03 22:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers
register store validation for NFT_DATA_VALUE is conditional, however,
the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This
only requires a new helper function to infer the register type from the
set datatype so this conditional check can be removed. Otherwise,
pointer to chain object can be leaked through the registers.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 96518518cc417bb0a8c80b9fb736202e28acdf96 Version: 96518518cc417bb0a8c80b9fb736202e28acdf96 Version: 96518518cc417bb0a8c80b9fb736202e28acdf96 Version: 96518518cc417bb0a8c80b9fb736202e28acdf96 Version: 96518518cc417bb0a8c80b9fb736202e28acdf96 Version: 96518518cc417bb0a8c80b9fb736202e28acdf96 Version: 96518518cc417bb0a8c80b9fb736202e28acdf96 Version: 96518518cc417bb0a8c80b9fb736202e28acdf96 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:01:06.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42070",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:19:46.237204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:08.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/netfilter/nf_tables.h",
"net/netfilter/nf_tables_api.c",
"net/netfilter/nft_lookup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "40188a25a9847dbeb7ec67517174a835a677752f",
"status": "affected",
"version": "96518518cc417bb0a8c80b9fb736202e28acdf96",
"versionType": "git"
},
{
"lessThan": "23752737c6a618e994f9a310ec2568881a6b49c4",
"status": "affected",
"version": "96518518cc417bb0a8c80b9fb736202e28acdf96",
"versionType": "git"
},
{
"lessThan": "5d43d789b57943720dca4181a05f6477362b94cf",
"status": "affected",
"version": "96518518cc417bb0a8c80b9fb736202e28acdf96",
"versionType": "git"
},
{
"lessThan": "461302e07f49687ffe7d105fa0a330c07c7646d8",
"status": "affected",
"version": "96518518cc417bb0a8c80b9fb736202e28acdf96",
"versionType": "git"
},
{
"lessThan": "efb27ad05949403848f487823b597ed67060e007",
"status": "affected",
"version": "96518518cc417bb0a8c80b9fb736202e28acdf96",
"versionType": "git"
},
{
"lessThan": "952bf8df222599baadbd4f838a49c4fef81d2564",
"status": "affected",
"version": "96518518cc417bb0a8c80b9fb736202e28acdf96",
"versionType": "git"
},
{
"lessThan": "41a6375d48deaf7f730304b5153848bfa1c2980f",
"status": "affected",
"version": "96518518cc417bb0a8c80b9fb736202e28acdf96",
"versionType": "git"
},
{
"lessThan": "7931d32955e09d0a11b1fe0b6aac1bfa061c005c",
"status": "affected",
"version": "96518518cc417bb0a8c80b9fb736202e28acdf96",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/netfilter/nf_tables.h",
"net/netfilter/nf_tables_api.c",
"net/netfilter/nft_lookup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.13"
},
{
"lessThan": "3.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers\n\nregister store validation for NFT_DATA_VALUE is conditional, however,\nthe datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This\nonly requires a new helper function to infer the register type from the\nset datatype so this conditional check can be removed. Otherwise,\npointer to chain object can be leaked through the registers."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:22:18.843Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f"
},
{
"url": "https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4"
},
{
"url": "https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf"
},
{
"url": "https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8"
},
{
"url": "https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007"
},
{
"url": "https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564"
},
{
"url": "https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f"
},
{
"url": "https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c"
}
],
"title": "netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42070",
"datePublished": "2024-07-29T15:52:34.061Z",
"dateReserved": "2024-07-29T15:50:41.168Z",
"dateUpdated": "2025-11-03T22:01:06.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-42070\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-07-29T16:15:06.540\",\"lastModified\":\"2025-11-03T22:17:35.020\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers\\n\\nregister store validation for NFT_DATA_VALUE is conditional, however,\\nthe datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This\\nonly requires a new helper function to infer the register type from the\\nset datatype so this conditional check can be removed. Otherwise,\\npointer to chain object can be leaked through the registers.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: netfilter: nf_tables: validar completamente NFT_DATA_VALUE en la tienda para registros de datos. La validaci\u00f3n de la tienda para NFT_DATA_VALUE es condicional; sin embargo, el tipo de datos siempre es NFT_DATA_VALUE o NFT_DATA_VERDICT. Esto solo requiere una nueva funci\u00f3n auxiliar para inferir el tipo de registro a partir del tipo de datos establecido para que se pueda eliminar esta verificaci\u00f3n condicional. De lo contrario, el puntero al objeto de la cadena se puede filtrar a trav\u00e9s de los registros.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.13\",\"matchCriteriaId\":\"E37CAD46-6582-4D99-9D51-C217F9083FC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.14\",\"versionEndExcluding\":\"4.19.317\",\"matchCriteriaId\":\"94AD7CE0-1AB3-4F0C-9642-209112A5ECB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.279\",\"matchCriteriaId\":\"F4E38E58-1B9F-4DF2-AD3D-A8BEAA2959D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.221\",\"matchCriteriaId\":\"659E1520-6345-41AF-B893-A7C0647585A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.162\",\"matchCriteriaId\":\"10A39ACC-3005-40E8-875C-98A372D1FFD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.97\",\"matchCriteriaId\":\"748B6C4B-1F61-47F9-96CC-8899B8412D84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.37\",\"matchCriteriaId\":\"D72E033B-5323-4C4D-8818-36E1EBC3535F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.9.8\",\"matchCriteriaId\":\"E95105F2-32E3-4C5F-9D18-7AEFD0E6275C\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T04:54:31.272Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-42070\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T16:19:46.237204Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:14.709Z\"}}], \"cna\": {\"title\": \"netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"96518518cc417bb0a8c80b9fb736202e28acdf96\", \"lessThan\": \"40188a25a9847dbeb7ec67517174a835a677752f\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"96518518cc417bb0a8c80b9fb736202e28acdf96\", \"lessThan\": \"23752737c6a618e994f9a310ec2568881a6b49c4\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"96518518cc417bb0a8c80b9fb736202e28acdf96\", \"lessThan\": \"5d43d789b57943720dca4181a05f6477362b94cf\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"96518518cc417bb0a8c80b9fb736202e28acdf96\", \"lessThan\": \"461302e07f49687ffe7d105fa0a330c07c7646d8\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"96518518cc417bb0a8c80b9fb736202e28acdf96\", \"lessThan\": \"efb27ad05949403848f487823b597ed67060e007\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"96518518cc417bb0a8c80b9fb736202e28acdf96\", \"lessThan\": \"952bf8df222599baadbd4f838a49c4fef81d2564\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"96518518cc417bb0a8c80b9fb736202e28acdf96\", \"lessThan\": \"41a6375d48deaf7f730304b5153848bfa1c2980f\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"96518518cc417bb0a8c80b9fb736202e28acdf96\", \"lessThan\": \"7931d32955e09d0a11b1fe0b6aac1bfa061c005c\", \"versionType\": \"git\"}], \"programFiles\": [\"include/net/netfilter/nf_tables.h\", \"net/netfilter/nf_tables_api.c\", \"net/netfilter/nft_lookup.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.13\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"3.13\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.19.317\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.279\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.221\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.162\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.97\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.37\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.9.8\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.9.*\"}, {\"status\": \"unaffected\", \"version\": \"6.10\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"include/net/netfilter/nf_tables.h\", \"net/netfilter/nf_tables_api.c\", \"net/netfilter/nft_lookup.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f\"}, {\"url\": \"https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4\"}, {\"url\": \"https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf\"}, {\"url\": \"https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8\"}, {\"url\": \"https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007\"}, {\"url\": \"https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564\"}, {\"url\": \"https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f\"}, {\"url\": \"https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers\\n\\nregister store validation for NFT_DATA_VALUE is conditional, however,\\nthe datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This\\nonly requires a new helper function to infer the register type from the\\nset datatype so this conditional check can be removed. Otherwise,\\npointer to chain object can be leaked through the registers.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.317\", \"versionStartIncluding\": \"3.13\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.279\", \"versionStartIncluding\": \"3.13\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.221\", \"versionStartIncluding\": \"3.13\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.162\", \"versionStartIncluding\": \"3.13\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.97\", \"versionStartIncluding\": \"3.13\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.37\", \"versionStartIncluding\": \"3.13\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.9.8\", \"versionStartIncluding\": \"3.13\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.10\", \"versionStartIncluding\": \"3.13\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T09:22:18.843Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-42070\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T09:22:18.843Z\", \"dateReserved\": \"2024-07-29T15:50:41.168Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-07-29T15:52:34.061Z\", \"assignerShortName\": \"Linux\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
suse-su-2024:2901-1
Vulnerability from csaf_suse
Published
2024-08-14 07:24
Modified
2024-08-14 07:24
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
- CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633).
- CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729).
- CVE-2021-47619: i40e: Fix queues reservation for XDP (bsc#1226645).
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743).
- CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705).
- CVE-2024-42223: media: dvb-frontends: tda10048: Fix integer overflow (bsc#1228726).
- CVE-2024-42119: drm/amd/display: Skip finding free audio for unknown engine_id (bsc#1228584).
- CVE-2024-42120: drm/amd/display: Check pipe offset before setting vblank (bsc#1228588).
- CVE-2024-41095: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (bsc#1228662).
- CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723).
- CVE-2024-41072: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (bsc#1228626).
- CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565).
- CVE-2024-40995: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
- CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530).
- CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640).
- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
- CVE-2024-41089: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (bsc#1228658).
- CVE-2024-41060: drm/radeon: check bo_va->bo is non-NULL before using it (bsc#1228567).
- CVE-2022-48829: NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (bsc#1228055).
- CVE-2022-48828: NFSD: Fix ia_size underflow (bsc#1228054).
- CVE-2022-48827: NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1228037).
- CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655).
- CVE-2024-41071: wifi: mac80211: Avoid address calculations via out of bounds array indexing (bsc#1228625).
- CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599).
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
- CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617).
- CVE-2024-40978: scsi: qedi: Fix crash while reading debugfs attribute (bsc#1227929).
- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228013).
- CVE-2022-48823: scsi: qedf: Fix refcount issue when LOGO is received during TMF (bsc#1228045).
- CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649).
- CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866).
- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
- CVE-2024-40987: drm/amdgpu: fix UBSAN warning in kv_dpm.c (bsc#1228235).
- CVE-2022-48826: drm/vc4: Fix deadlock on DSI device attach error (bsc#1227975)
- CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625).
- CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409).
- CVE-2024-41016: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410).
- CVE-2024-41063: bluetooth: hci_core: cancel all works upon hci_unregister_dev() (bsc#1228580).
- CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470).
- CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581).
- CVE-2021-47405: HID: usbhid: free raw_report buffers in usbhid_stop (bsc#1225238).
- CVE-2024-40988: drm/radeon: fix UBSAN warning in kv_dpm.c (bsc#1227957).
- CVE-2024-40932: drm/exynos/vidi: fix memory leak in .get_modes() (bsc#1227828).
- CVE-2021-47403: ipack: ipoctal: fix module reference leak (bsc#1225241).
- CVE-2021-47388: mac80211: fix use-after-free in CCMP/GCMP RX (bsc#1225214).
- CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408).
- CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327).
- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
- CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913).
- CVE-2024-35837: net: mvpp2: clear BM pool before initialization (bsc#1224500).
- CVE-2021-47588: sit: do not call ipip6_dev_free() from sit_init_net() (bsc#1226568).
- CVE-2022-48804: vt_ioctl: fix array_index_nospec in vt_setactivate (bsc#1227968).
- CVE-2024-40967: serial: imx: Introduce timeout when waiting on transmitter empty (bsc#1227891).
- CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886).
- CVE-2022-48850: net-sysfs: add check for netdevice being present to speed_show (bsc#1228071).
- CVE-2021-47582: usb: core: Do not hold the device lock while sleeping in do_proc_control() (bsc#1226559).
- CVE-2024-40982: ssb: fix potential NULL pointer dereference in ssb_device_uevent() (bsc#1227865).
- CVE-2021-47468: isdn: mISDN: Fix sleeping function called from invalid context (bsc#1225346).
- CVE-2021-47395: mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (bsc#1225326).
- CVE-2022-48810: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path (bsc#1227936).
- CVE-2023-52594: Fixed potential array-index-out-of-bounds read in ath9k_htc_txstatus() (bsc#1221045).
- CVE-2022-48855: sctp: fix kernel-infoleak for SCTP sockets (bsc#1228003).
- CVE-2021-47580: scsi: scsi_debug: Fix type in min_t to avoid stack OOB (bsc#1226550).
- CVE-2024-26735: ipv6: sr: fix possible use-after-free and null-ptr-deref (bsc#1222372).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
- CVE-2022-48811: ibmvnic: do not release napi in __ibmvnic_open() (bsc#1227928).
- CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bsc#1186463).
- CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing that could permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (bsc#1179610).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
- CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730).
- CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786).
- CVE-2024-40941: wifi: iwlwifi: mvm: do not read past the mfuart notifcation (bsc#1227771).
- CVE-2022-48860: ethernet: Fix error handling in xemaclite_of_probe (bsc#1228008).
- CVE-2022-48863: mISDN: Fix memory leak in dsp_pipeline_build() (bsc#1228063).
- CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806).
- CVE-2024-39499: vmci: prevent speculation leaks by sanitizing event in event_deliver() (bsc#1227725).
- CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573)
- CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641)
- CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884).
- CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512)
- CVE-2021-47441: mlxsw: thermal: Fix out-of-bounds memory accesses (bsc#1225224)
- CVE-2021-47194: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (bsc#1222829).
- CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815)
- CVE-2022-48775: Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (bsc#1227924).
- CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813)
- CVE-2024-40929: wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (bsc#1227774).
- CVE-2024-40912: wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (bsc#1227790).
- CVE-2024-40942: wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (bsc#1227770).
- CVE-2022-48857: NFC: port100: fix use-after-free in port100_send_complete (bsc#1228005).
- CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719).
- CVE-2021-47606: net: netlink: af_netlink: Prevent empty skb by adding a check on len. (bsc#1226555).
- CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove administratively set MAC (bsc#1223012).
- CVE-2021-47516: nfp: Fix memory leak in nfp_cpp_area_cache_add() (bsc#1225427).
- CVE-2021-47501: i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc (bsc#1225361).
- CVE-2024-39501: drivers: core: synchronize really_probe() and dev_uevent() (bsc#1227754).
- CVE-2023-52743: ice: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1225003)
- CVE-2021-47542: net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (bsc#1225455).
- CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711)
- CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545)
- CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778)
- CVE-2021-47599: btrfs: use latest_dev in btrfs_show_devname (bsc#1226571).
- CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138).
- CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326).
- CVE-2021-47597: inet_diag: fix kernel-infoleak for UDP sockets (bsc#1226553).
- CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626).
- CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783).
- CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942).
- CVE-2023-52619: Fixed possible crash when setting number of cpus to an odd number in pstore/ram (bsc#1221618).
- CVE-2024-26659: Fixed wrong handling of isoc Babble and Buffer Overrun events in xhci (bsc#1222317).
- CVE-2024-35978: Bluetooth: Fix memory leak in hci_req_sync_complete() (bsc#1224571).
- CVE-2023-52669: crypto: s390/aes - Fix buffer overread in CTR mode (bsc#1224637).
- CVE-2023-52615: Fixed page fault dead lock on mmap-ed hwrng (bsc#1221614).
- CVE-2023-52612: Fixed req->dst buffer overflow in crypto/scomp (bsc#1221616).
- CVE-2024-35995: ACPI: CPPC: Use access_width over bit_width for system memory accesses (bsc#1224557).
- CVE-2023-52623: Fixed suspicious RCU usage in SUNRPC (bsc#1222060).
- CVE-2021-47295: net: sched: fix memory leak in tcindex_partial_destroy_work (bsc#1224975)
- CVE-2023-52693: ACPI: video: check for error while searching for backlight device parent (bsc#1224686).
- CVE-2023-52683: ACPI: LPIT: Avoid u32 multiplication overflow (bsc#1224627).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2024-39475: fbdev: savage: Handle err return when savagefb_check_var failed (bsc#1227435)
- CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431).
- CVE-2024-36941: wifi: nl80211: do not free NULL coalescing rule (bsc#1225835).
- CVE-2021-47145: btrfs: do not BUG_ON in link_to_fixup_dir (bsc#1222005).
- CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound (bsc#1225505).
- CVE-2023-52817: drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (bsc#1225569).
- CVE-2023-52819: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (bsc#1225532).
- CVE-2023-52818: drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (bsc#1225530).
- CVE-2023-52753: drm/amd/display: Avoid NULL dereference of timing generator (bsc#1225478).
- CVE-2024-36014: drm/arm/malidp: fix a possible null pointer dereference (bsc#1225593).
- CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659).
- CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656).
- CVE-2024-35828: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (bsc#1224622).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757).
- CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743).
- CVE-2024-26880: dm: call the resume method on internal suspend (bsc#1223188).
- CVE-2021-47498: dm rq: do not queue request to blk-mq during DM suspend (bsc#1225357).
- CVE-2021-47275: bcache: avoid oversized read request in cache missing code path (bsc#1224965).
- CVE-2024-38619: usb-storage: alauda: Check whether the media is initialized (bsc#1226861).
- CVE-2021-47201: iavf: free q_vectors before queues in iavf_disable_vf (bsc#1222792).
- CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021).
- CVE-2024-38630: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger (bsc#1226908).
- CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).
- CVE-2021-47559: net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk() (bsc#1225396).
The following non-security bugs were fixed:
- Fix spurious WARNING caused by a qxl driver patch (bsc#1227213,bsc#1227191)
- KVM: PPC: Book3S HV: Do not take kvm->lock around kvm_for_each_vcpu (bsc#1065729).
- KVM: PPC: Book3S HV: remove extraneous asterisk from rm_host_ipi_action() comment (bsc#1065729).
- KVM: PPC: Book3S PR: Exiting split hack mode needs to fixup both PC and LR (bsc#1065729).
- KVM: PPC: Book3S: Fix some RCU-list locks (git-fixes).
- KVM: PPC: Book3S: Only report KVM_CAP_SPAPR_TCE_VFIO on powernv machines (bsc#1065729).
- KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list (bsc#1065729).
- KVM: PPC: Inform the userspace about TCE update failures (bsc#1065729).
- KVM: PPC: Move and undef TRACE_INCLUDE_PATH/FILE (bsc#1065729).
- PCI: Fix resource double counting on remove & rescan (git-fixes).
- PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes).
- PM: hibernate: x86: Use crc32 instead of md5 for hibernation e820 integrity check (git-fixes).
- SUNRPC: Fix gss_free_in_token_pages() (git-fixes).
- SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git-fixes).
- Tools: hv: kvp: eliminate 'may be used uninitialized' warning (git-fixes).
- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (git-fixes).
- btrfs: fix 64bit compat send ioctl arguments not initializing version member (bsc#1228030).
- btrfs: fix send ioctl on 32bit with 64bit kernel (bsc#1228030).
- btrfs: incremental send, fix emission of invalid clone operations (bsc#1228030).
- btrfs: remove unused members dir_path from recorded_ref (bsc#1228030).
- btrfs: send, improve clone range (bsc#1228030).
- btrfs: send: add new command FILEATTR for file attributes (bsc#1228030).
- btrfs: send: add stream v2 definitions (bsc#1228030).
- btrfs: send: always use the rbtree based inode ref management infrastructure (bsc#1228030).
- btrfs: send: avoid copying file data (bsc#1228030).
- btrfs: send: explicitly number commands and attributes (bsc#1228030).
- btrfs: send: fix failures when processing inodes with no links (bsc#1228030).
- btrfs: send: fix send failure of a subcase of orphan inodes (bsc#1228030).
- btrfs: send: fix sending link commands for existing file paths (bsc#1228030).
- btrfs: send: get rid of i_size logic in send_write() (bsc#1228030).
- btrfs: send: introduce recorded_ref_alloc and recorded_ref_free (bsc#1228030).
- btrfs: send: prepare for v2 protocol (bsc#1228030).
- btrfs: send: refactor arguments of get_inode_info() (bsc#1228030).
- btrfs: send: remove stale code when checking for shared extents (bsc#1228030).
- btrfs: send: remove unused found_type parameter to lookup_dir_item_inode() (bsc#1228030).
- btrfs: send: remove unused send_ctx::{total,cmd}_send_size (bsc#1228030).
- btrfs: send: use boolean types for current inode status (bsc#1228030).
- btrfs: silence maybe-uninitialized warning in clone_range (bsc#1228030).
- drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (git-fixes).
- drm/vc4: dsi: Only register our component once a DSI device is (bsc#1227975)
- hv_netvsc: rndis_filter needs to select NLS (git-fixes).
- ipv6: sr: fix incorrect unregister order (git-fixes).
- kgdb: Add kgdb_has_hit_break function (git-fixes).
- kgdb: Move the extern declaration kgdb_has_hit_break() to generic kgdb.h (git-fixes).
- net: hsr: fix placement of logical operator in a multi-line statement (bsc#1223021).
- net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes).
- net: mana: select PAGE_POOL (git-fixes).
- net_sched: add a temporary refcnt for struct tcindex_data (bsc#1224975).
- net_sched: fix a memory leak in cls_tcindex (bsc#1224975).
- net_sched: fix a missing refcnt in tcindex_init() (bsc#1224975).
- net_sched: hold rtnl lock in tcindex_partial_destroy_work() (bsc#1224975)
- nfs: Handle error of rpc_proc_register() in nfs_net_init() (git-fixes).
- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
- ocfs2: remove redundant assignment to variable free_space (bsc#1228409).
- ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410).
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
- sched/deadline: Fix BUG_ON condition for deboosted tasks (bsc#1227407).
- scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850).
- scsi: qla2xxx: Complete command early within lock (bsc#1228850).
- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
- scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850).
- scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850).
- scsi: qla2xxx: Fix flash read failure (bsc#1228850).
- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
- scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850).
- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
- scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850).
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850).
- scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850).
- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
- signal: Introduce clear_siginfo (git-fixes).
- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850).
- sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
- tools lib: Fix builds when glibc contains strlcpy() (git-fixes).
- tools: hv: fix KVP and VSS daemons exit code (git-fixes).
- usb: add a hcd_uses_dma helper (git-fixes).
- usb: atm: cxacru: fix endpoint checking in cxacru_bind() (git-fixes).
- usb: musb: da8xx: fix a resource leak in probe() (git-fixes).
- x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys (git-fixes).
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes).
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes).
- x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
- x86/fpu: Return proper error codes from user access functions (git-fixes).
- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
- x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes).
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes).
- x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes (git-fixes).
- x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes).
- xfs: check that dir block entries do not off the end of the buffer (git-fixes).
- xfs: refactor xfs_verifier_error and xfs_buf_ioerror (git-fixes).
- xfs: remove XFS_WANT_CORRUPTED_RETURN from dir3 data verifiers (git-fixes).
- xhci: Poll for U0 after disabling USB2 LPM (git-fixes).
Patchnames
SUSE-2024-2901,SUSE-SLE-SERVER-12-SP5-2024-2901
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2024-39494: ima: Fix use-after-free on a dentry\u0027s dname.name (bsc#1227716).\n- CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633).\n- CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729).\n- CVE-2021-47619: i40e: Fix queues reservation for XDP (bsc#1226645).\n- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743).\n- CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705).\n- CVE-2024-42223: media: dvb-frontends: tda10048: Fix integer overflow (bsc#1228726).\n- CVE-2024-42119: drm/amd/display: Skip finding free audio for unknown engine_id (bsc#1228584).\n- CVE-2024-42120: drm/amd/display: Check pipe offset before setting vblank (bsc#1228588).\n- CVE-2024-41095: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (bsc#1228662).\n- CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723).\n- CVE-2024-41072: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (bsc#1228626).\n- CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565).\n- CVE-2024-40995: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).\n- CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530).\n- CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640).\n- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).\n- CVE-2024-41089: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (bsc#1228658).\n- CVE-2024-41060: drm/radeon: check bo_va-\u003ebo is non-NULL before using it (bsc#1228567).\n- CVE-2022-48829: NFSD: Fix NFSv3 SETATTR/CREATE\u0027s handling of large file sizes (bsc#1228055).\n- CVE-2022-48828: NFSD: Fix ia_size underflow (bsc#1228054).\n- CVE-2022-48827: NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1228037).\n- CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655).\n- CVE-2024-41071: wifi: mac80211: Avoid address calculations via out of bounds array indexing (bsc#1228625).\n- CVE-2024-41064: powerpc/eeh: avoid possible crash when edev-\u003epdev changes (bsc#1228599).\n- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).\n- CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617).\n- CVE-2024-40978: scsi: qedi: Fix crash while reading debugfs attribute (bsc#1227929).\n- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228013).\n- CVE-2022-48823: scsi: qedf: Fix refcount issue when LOGO is received during TMF (bsc#1228045).\n- CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649).\n- CVE-2024-40998: ext4: fix uninitialized ratelimit_state-\u003elock access in __ext4_fill_super() (bsc#1227866).\n- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).\n- CVE-2024-40987: drm/amdgpu: fix UBSAN warning in kv_dpm.c (bsc#1228235).\n- CVE-2022-48826: drm/vc4: Fix deadlock on DSI device attach error (bsc#1227975)\n- CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625).\n- CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409).\n- CVE-2024-41016: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410).\n- CVE-2024-41063: bluetooth: hci_core: cancel all works upon hci_unregister_dev() (bsc#1228580).\n- CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470).\n- CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581).\n- CVE-2021-47405: HID: usbhid: free raw_report buffers in usbhid_stop (bsc#1225238).\n- CVE-2024-40988: drm/radeon: fix UBSAN warning in kv_dpm.c (bsc#1227957).\n- CVE-2024-40932: drm/exynos/vidi: fix memory leak in .get_modes() (bsc#1227828).\n- CVE-2021-47403: ipack: ipoctal: fix module reference leak (bsc#1225241).\n- CVE-2021-47388: mac80211: fix use-after-free in CCMP/GCMP RX (bsc#1225214).\n- CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408).\n- CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327).\n- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).\n- CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913).\n- CVE-2024-35837: net: mvpp2: clear BM pool before initialization (bsc#1224500).\n- CVE-2021-47588: sit: do not call ipip6_dev_free() from sit_init_net() (bsc#1226568).\n- CVE-2022-48804: vt_ioctl: fix array_index_nospec in vt_setactivate (bsc#1227968).\n- CVE-2024-40967: serial: imx: Introduce timeout when waiting on transmitter empty (bsc#1227891).\n- CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886).\n- CVE-2022-48850: net-sysfs: add check for netdevice being present to speed_show (bsc#1228071).\n- CVE-2021-47582: usb: core: Do not hold the device lock while sleeping in do_proc_control() (bsc#1226559).\n- CVE-2024-40982: ssb: fix potential NULL pointer dereference in ssb_device_uevent() (bsc#1227865).\n- CVE-2021-47468: isdn: mISDN: Fix sleeping function called from invalid context (bsc#1225346).\n- CVE-2021-47395: mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (bsc#1225326).\n- CVE-2022-48810: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path (bsc#1227936).\n- CVE-2023-52594: Fixed potential array-index-out-of-bounds read in ath9k_htc_txstatus() (bsc#1221045).\n- CVE-2022-48855: sctp: fix kernel-infoleak for SCTP sockets (bsc#1228003).\n- CVE-2021-47580: scsi: scsi_debug: Fix type in min_t to avoid stack OOB (bsc#1226550).\n- CVE-2024-26735: ipv6: sr: fix possible use-after-free and null-ptr-deref (bsc#1222372).\n- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).\n- CVE-2022-48811: ibmvnic: do not release napi in __ibmvnic_open() (bsc#1227928).\n- CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bsc#1186463).\n- CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing that could permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (bsc#1179610).\n- CVE-2024-40937: gve: Clear napi-\u003eskb before dev_kfree_skb_any() (bsc#1227836).\n- CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730).\n- CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786).\n- CVE-2024-40941: wifi: iwlwifi: mvm: do not read past the mfuart notifcation (bsc#1227771).\n- CVE-2022-48860: ethernet: Fix error handling in xemaclite_of_probe (bsc#1228008).\n- CVE-2022-48863: mISDN: Fix memory leak in dsp_pipeline_build() (bsc#1228063).\n- CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806).\n- CVE-2024-39499: vmci: prevent speculation leaks by sanitizing event in event_deliver() (bsc#1227725).\n- CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573)\n- CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641)\n- CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884).\n- CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512)\n- CVE-2021-47441: mlxsw: thermal: Fix out-of-bounds memory accesses (bsc#1225224)\n- CVE-2021-47194: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (bsc#1222829).\n- CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815)\n- CVE-2022-48775: Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (bsc#1227924).\n- CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813)\n- CVE-2024-40929: wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (bsc#1227774).\n- CVE-2024-40912: wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (bsc#1227790).\n- CVE-2024-40942: wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (bsc#1227770).\n- CVE-2022-48857: NFC: port100: fix use-after-free in port100_send_complete (bsc#1228005).\n- CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719).\n- CVE-2021-47606: net: netlink: af_netlink: Prevent empty skb by adding a check on len. (bsc#1226555).\n- CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762).\n- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).\n- CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove administratively set MAC (bsc#1223012).\n- CVE-2021-47516: nfp: Fix memory leak in nfp_cpp_area_cache_add() (bsc#1225427).\n- CVE-2021-47501: i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc (bsc#1225361).\n- CVE-2024-39501: drivers: core: synchronize really_probe() and dev_uevent() (bsc#1227754).\n- CVE-2023-52743: ice: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1225003)\n- CVE-2021-47542: net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (bsc#1225455).\n- CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711)\n- CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545)\n- CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778)\n- CVE-2021-47599: btrfs: use latest_dev in btrfs_show_devname (bsc#1226571).\n- CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138).\n- CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326).\n- CVE-2021-47597: inet_diag: fix kernel-infoleak for UDP sockets (bsc#1226553).\n- CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626).\n- CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783).\n- CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942).\n- CVE-2023-52619: Fixed possible crash when setting number of cpus to an odd number in pstore/ram (bsc#1221618).\n- CVE-2024-26659: Fixed wrong handling of isoc Babble and Buffer Overrun events in xhci (bsc#1222317).\n- CVE-2024-35978: Bluetooth: Fix memory leak in hci_req_sync_complete() (bsc#1224571).\n- CVE-2023-52669: crypto: s390/aes - Fix buffer overread in CTR mode (bsc#1224637).\n- CVE-2023-52615: Fixed page fault dead lock on mmap-ed hwrng (bsc#1221614).\n- CVE-2023-52612: Fixed req-\u003edst buffer overflow in crypto/scomp (bsc#1221616).\n- CVE-2024-35995: ACPI: CPPC: Use access_width over bit_width for system memory accesses (bsc#1224557).\n- CVE-2023-52623: Fixed suspicious RCU usage in SUNRPC (bsc#1222060).\n- CVE-2021-47295: net: sched: fix memory leak in tcindex_partial_destroy_work (bsc#1224975)\n- CVE-2023-52693: ACPI: video: check for error while searching for backlight device parent (bsc#1224686).\n- CVE-2023-52683: ACPI: LPIT: Avoid u32 multiplication overflow (bsc#1224627).\n- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).\n- CVE-2024-39475: fbdev: savage: Handle err return when savagefb_check_var failed (bsc#1227435)\n- CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431).\n- CVE-2024-36941: wifi: nl80211: do not free NULL coalescing rule (bsc#1225835).\n- CVE-2021-47145: btrfs: do not BUG_ON in link_to_fixup_dir (bsc#1222005).\n- CVE-2021-47547: net: tulip: de4x5: fix the problem that the array \u0027lp-\u003ephy\u0027 may be out of bound (bsc#1225505).\n- CVE-2023-52817: drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (bsc#1225569).\n- CVE-2023-52819: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (bsc#1225532).\n- CVE-2023-52818: drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (bsc#1225530).\n- CVE-2023-52753: drm/amd/display: Avoid NULL dereference of timing generator (bsc#1225478).\n- CVE-2024-36014: drm/arm/malidp: fix a possible null pointer dereference (bsc#1225593).\n- CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659).\n- CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656).\n- CVE-2024-35828: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (bsc#1224622).\n- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).\n- CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757).\n- CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743).\n- CVE-2024-26880: dm: call the resume method on internal suspend (bsc#1223188).\n- CVE-2021-47498: dm rq: do not queue request to blk-mq during DM suspend (bsc#1225357).\n- CVE-2021-47275: bcache: avoid oversized read request in cache missing code path (bsc#1224965).\n- CVE-2024-38619: usb-storage: alauda: Check whether the media is initialized (bsc#1226861).\n- CVE-2021-47201: iavf: free q_vectors before queues in iavf_disable_vf (bsc#1222792).\n- CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021).\n- CVE-2024-38630: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger (bsc#1226908).\n- CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).\n- CVE-2021-47559: net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk() (bsc#1225396).\n\nThe following non-security bugs were fixed:\n\n- Fix spurious WARNING caused by a qxl driver patch (bsc#1227213,bsc#1227191)\n- KVM: PPC: Book3S HV: Do not take kvm-\u003elock around kvm_for_each_vcpu (bsc#1065729).\n- KVM: PPC: Book3S HV: remove extraneous asterisk from rm_host_ipi_action() comment (bsc#1065729).\n- KVM: PPC: Book3S PR: Exiting split hack mode needs to fixup both PC and LR (bsc#1065729).\n- KVM: PPC: Book3S: Fix some RCU-list locks (git-fixes).\n- KVM: PPC: Book3S: Only report KVM_CAP_SPAPR_TCE_VFIO on powernv machines (bsc#1065729).\n- KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list (bsc#1065729).\n- KVM: PPC: Inform the userspace about TCE update failures (bsc#1065729).\n- KVM: PPC: Move and undef TRACE_INCLUDE_PATH/FILE (bsc#1065729).\n- PCI: Fix resource double counting on remove \u0026 rescan (git-fixes).\n- PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes).\n- PM: hibernate: x86: Use crc32 instead of md5 for hibernation e820 integrity check (git-fixes).\n- SUNRPC: Fix gss_free_in_token_pages() (git-fixes).\n- SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git-fixes).\n- Tools: hv: kvp: eliminate \u0027may be used uninitialized\u0027 warning (git-fixes).\n- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (git-fixes).\n- btrfs: fix 64bit compat send ioctl arguments not initializing version member (bsc#1228030).\n- btrfs: fix send ioctl on 32bit with 64bit kernel (bsc#1228030).\n- btrfs: incremental send, fix emission of invalid clone operations (bsc#1228030).\n- btrfs: remove unused members dir_path from recorded_ref (bsc#1228030).\n- btrfs: send, improve clone range (bsc#1228030).\n- btrfs: send: add new command FILEATTR for file attributes (bsc#1228030).\n- btrfs: send: add stream v2 definitions (bsc#1228030).\n- btrfs: send: always use the rbtree based inode ref management infrastructure (bsc#1228030).\n- btrfs: send: avoid copying file data (bsc#1228030).\n- btrfs: send: explicitly number commands and attributes (bsc#1228030).\n- btrfs: send: fix failures when processing inodes with no links (bsc#1228030).\n- btrfs: send: fix send failure of a subcase of orphan inodes (bsc#1228030).\n- btrfs: send: fix sending link commands for existing file paths (bsc#1228030).\n- btrfs: send: get rid of i_size logic in send_write() (bsc#1228030).\n- btrfs: send: introduce recorded_ref_alloc and recorded_ref_free (bsc#1228030).\n- btrfs: send: prepare for v2 protocol (bsc#1228030).\n- btrfs: send: refactor arguments of get_inode_info() (bsc#1228030).\n- btrfs: send: remove stale code when checking for shared extents (bsc#1228030).\n- btrfs: send: remove unused found_type parameter to lookup_dir_item_inode() (bsc#1228030).\n- btrfs: send: remove unused send_ctx::{total,cmd}_send_size (bsc#1228030).\n- btrfs: send: use boolean types for current inode status (bsc#1228030).\n- btrfs: silence maybe-uninitialized warning in clone_range (bsc#1228030).\n- drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (git-fixes).\n- drm/vc4: dsi: Only register our component once a DSI device is (bsc#1227975)\n- hv_netvsc: rndis_filter needs to select NLS (git-fixes).\n- ipv6: sr: fix incorrect unregister order (git-fixes).\n- kgdb: Add kgdb_has_hit_break function (git-fixes).\n- kgdb: Move the extern declaration kgdb_has_hit_break() to generic kgdb.h (git-fixes).\n- net: hsr: fix placement of logical operator in a multi-line statement (bsc#1223021).\n- net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes).\n- net: mana: select PAGE_POOL (git-fixes).\n- net_sched: add a temporary refcnt for struct tcindex_data (bsc#1224975).\n- net_sched: fix a memory leak in cls_tcindex (bsc#1224975).\n- net_sched: fix a missing refcnt in tcindex_init() (bsc#1224975).\n- net_sched: hold rtnl lock in tcindex_partial_destroy_work() (bsc#1224975)\n- nfs: Handle error of rpc_proc_register() in nfs_net_init() (git-fixes).\n- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).\n- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).\n- ocfs2: remove redundant assignment to variable free_space (bsc#1228409).\n- ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410).\n- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).\n- sched/deadline: Fix BUG_ON condition for deboosted tasks (bsc#1227407).\n- scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850).\n- scsi: qla2xxx: Complete command early within lock (bsc#1228850).\n- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).\n- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).\n- scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850).\n- scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850).\n- scsi: qla2xxx: Fix flash read failure (bsc#1228850).\n- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).\n- scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850).\n- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).\n- scsi: qla2xxx: Remove unused struct \u0027scsi_dif_tuple\u0027 (bsc#1228850).\n- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850).\n- scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850).\n- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).\n- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).\n- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).\n- signal: Introduce clear_siginfo (git-fixes).\n- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850).\n- sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).\n- tools lib: Fix builds when glibc contains strlcpy() (git-fixes).\n- tools: hv: fix KVP and VSS daemons exit code (git-fixes).\n- usb: add a hcd_uses_dma helper (git-fixes).\n- usb: atm: cxacru: fix endpoint checking in cxacru_bind() (git-fixes).\n- usb: musb: da8xx: fix a resource leak in probe() (git-fixes).\n- x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys (git-fixes).\n- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).\n- x86/boot/e820: Fix typo in e820.c comment (git-fixes).\n- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes).\n- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes).\n- x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).\n- x86/fpu: Return proper error codes from user access functions (git-fixes).\n- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).\n- x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes).\n- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes).\n- x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes (git-fixes).\n- x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).\n- x86: __memcpy_flushcache: fix wrong alignment if size \u003e 2^32 (git-fixes).\n- xfs: check that dir block entries do not off the end of the buffer (git-fixes).\n- xfs: refactor xfs_verifier_error and xfs_buf_ioerror (git-fixes).\n- xfs: remove XFS_WANT_CORRUPTED_RETURN from dir3 data verifiers (git-fixes).\n- xhci: Poll for U0 after disabling USB2 LPM (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-2901,SUSE-SLE-SERVER-12-SP5-2024-2901",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_2901-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:2901-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242901-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:2901-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-August/036444.html"
},
{
"category": "self",
"summary": "SUSE Bug 1065729",
"url": "https://bugzilla.suse.com/1065729"
},
{
"category": "self",
"summary": "SUSE Bug 1088701",
"url": "https://bugzilla.suse.com/1088701"
},
{
"category": "self",
"summary": "SUSE Bug 1149446",
"url": "https://bugzilla.suse.com/1149446"
},
{
"category": "self",
"summary": "SUSE Bug 1179610",
"url": "https://bugzilla.suse.com/1179610"
},
{
"category": "self",
"summary": "SUSE Bug 1186463",
"url": "https://bugzilla.suse.com/1186463"
},
{
"category": "self",
"summary": "SUSE Bug 1196018",
"url": "https://bugzilla.suse.com/1196018"
},
{
"category": "self",
"summary": "SUSE Bug 1202346",
"url": "https://bugzilla.suse.com/1202346"
},
{
"category": "self",
"summary": "SUSE Bug 1215420",
"url": "https://bugzilla.suse.com/1215420"
},
{
"category": "self",
"summary": "SUSE Bug 1216834",
"url": "https://bugzilla.suse.com/1216834"
},
{
"category": "self",
"summary": "SUSE Bug 1220138",
"url": "https://bugzilla.suse.com/1220138"
},
{
"category": "self",
"summary": "SUSE Bug 1220833",
"url": "https://bugzilla.suse.com/1220833"
},
{
"category": "self",
"summary": "SUSE Bug 1220942",
"url": "https://bugzilla.suse.com/1220942"
},
{
"category": "self",
"summary": "SUSE Bug 1221045",
"url": "https://bugzilla.suse.com/1221045"
},
{
"category": "self",
"summary": "SUSE Bug 1221614",
"url": "https://bugzilla.suse.com/1221614"
},
{
"category": "self",
"summary": "SUSE Bug 1221616",
"url": "https://bugzilla.suse.com/1221616"
},
{
"category": "self",
"summary": "SUSE Bug 1221618",
"url": "https://bugzilla.suse.com/1221618"
},
{
"category": "self",
"summary": "SUSE Bug 1221656",
"url": "https://bugzilla.suse.com/1221656"
},
{
"category": "self",
"summary": "SUSE Bug 1221659",
"url": "https://bugzilla.suse.com/1221659"
},
{
"category": "self",
"summary": "SUSE Bug 1222005",
"url": "https://bugzilla.suse.com/1222005"
},
{
"category": "self",
"summary": "SUSE Bug 1222060",
"url": "https://bugzilla.suse.com/1222060"
},
{
"category": "self",
"summary": "SUSE Bug 1222317",
"url": "https://bugzilla.suse.com/1222317"
},
{
"category": "self",
"summary": "SUSE Bug 1222326",
"url": "https://bugzilla.suse.com/1222326"
},
{
"category": "self",
"summary": "SUSE Bug 1222372",
"url": "https://bugzilla.suse.com/1222372"
},
{
"category": "self",
"summary": "SUSE Bug 1222625",
"url": "https://bugzilla.suse.com/1222625"
},
{
"category": "self",
"summary": "SUSE Bug 1222776",
"url": "https://bugzilla.suse.com/1222776"
},
{
"category": "self",
"summary": "SUSE Bug 1222792",
"url": "https://bugzilla.suse.com/1222792"
},
{
"category": "self",
"summary": "SUSE Bug 1222824",
"url": "https://bugzilla.suse.com/1222824"
},
{
"category": "self",
"summary": "SUSE Bug 1222829",
"url": "https://bugzilla.suse.com/1222829"
},
{
"category": "self",
"summary": "SUSE Bug 1222866",
"url": "https://bugzilla.suse.com/1222866"
},
{
"category": "self",
"summary": "SUSE Bug 1223012",
"url": "https://bugzilla.suse.com/1223012"
},
{
"category": "self",
"summary": "SUSE Bug 1223021",
"url": "https://bugzilla.suse.com/1223021"
},
{
"category": "self",
"summary": "SUSE Bug 1223188",
"url": "https://bugzilla.suse.com/1223188"
},
{
"category": "self",
"summary": "SUSE Bug 1223778",
"url": "https://bugzilla.suse.com/1223778"
},
{
"category": "self",
"summary": "SUSE Bug 1223813",
"url": "https://bugzilla.suse.com/1223813"
},
{
"category": "self",
"summary": "SUSE Bug 1223815",
"url": "https://bugzilla.suse.com/1223815"
},
{
"category": "self",
"summary": "SUSE Bug 1224500",
"url": "https://bugzilla.suse.com/1224500"
},
{
"category": "self",
"summary": "SUSE Bug 1224512",
"url": "https://bugzilla.suse.com/1224512"
},
{
"category": "self",
"summary": "SUSE Bug 1224545",
"url": "https://bugzilla.suse.com/1224545"
},
{
"category": "self",
"summary": "SUSE Bug 1224557",
"url": "https://bugzilla.suse.com/1224557"
},
{
"category": "self",
"summary": "SUSE Bug 1224571",
"url": "https://bugzilla.suse.com/1224571"
},
{
"category": "self",
"summary": "SUSE Bug 1224576",
"url": "https://bugzilla.suse.com/1224576"
},
{
"category": "self",
"summary": "SUSE Bug 1224587",
"url": "https://bugzilla.suse.com/1224587"
},
{
"category": "self",
"summary": "SUSE Bug 1224622",
"url": "https://bugzilla.suse.com/1224622"
},
{
"category": "self",
"summary": "SUSE Bug 1224627",
"url": "https://bugzilla.suse.com/1224627"
},
{
"category": "self",
"summary": "SUSE Bug 1224637",
"url": "https://bugzilla.suse.com/1224637"
},
{
"category": "self",
"summary": "SUSE Bug 1224641",
"url": "https://bugzilla.suse.com/1224641"
},
{
"category": "self",
"summary": "SUSE Bug 1224647",
"url": "https://bugzilla.suse.com/1224647"
},
{
"category": "self",
"summary": "SUSE Bug 1224663",
"url": "https://bugzilla.suse.com/1224663"
},
{
"category": "self",
"summary": "SUSE Bug 1224683",
"url": "https://bugzilla.suse.com/1224683"
},
{
"category": "self",
"summary": "SUSE Bug 1224686",
"url": "https://bugzilla.suse.com/1224686"
},
{
"category": "self",
"summary": "SUSE Bug 1224699",
"url": "https://bugzilla.suse.com/1224699"
},
{
"category": "self",
"summary": "SUSE Bug 1224700",
"url": "https://bugzilla.suse.com/1224700"
},
{
"category": "self",
"summary": "SUSE Bug 1224743",
"url": "https://bugzilla.suse.com/1224743"
},
{
"category": "self",
"summary": "SUSE Bug 1224965",
"url": "https://bugzilla.suse.com/1224965"
},
{
"category": "self",
"summary": "SUSE Bug 1224975",
"url": "https://bugzilla.suse.com/1224975"
},
{
"category": "self",
"summary": "SUSE Bug 1225003",
"url": "https://bugzilla.suse.com/1225003"
},
{
"category": "self",
"summary": "SUSE Bug 1225214",
"url": "https://bugzilla.suse.com/1225214"
},
{
"category": "self",
"summary": "SUSE Bug 1225224",
"url": "https://bugzilla.suse.com/1225224"
},
{
"category": "self",
"summary": "SUSE Bug 1225229",
"url": "https://bugzilla.suse.com/1225229"
},
{
"category": "self",
"summary": "SUSE Bug 1225238",
"url": "https://bugzilla.suse.com/1225238"
},
{
"category": "self",
"summary": "SUSE Bug 1225241",
"url": "https://bugzilla.suse.com/1225241"
},
{
"category": "self",
"summary": "SUSE Bug 1225326",
"url": "https://bugzilla.suse.com/1225326"
},
{
"category": "self",
"summary": "SUSE Bug 1225328",
"url": "https://bugzilla.suse.com/1225328"
},
{
"category": "self",
"summary": "SUSE Bug 1225346",
"url": "https://bugzilla.suse.com/1225346"
},
{
"category": "self",
"summary": "SUSE Bug 1225357",
"url": "https://bugzilla.suse.com/1225357"
},
{
"category": "self",
"summary": "SUSE Bug 1225361",
"url": "https://bugzilla.suse.com/1225361"
},
{
"category": "self",
"summary": "SUSE Bug 1225396",
"url": "https://bugzilla.suse.com/1225396"
},
{
"category": "self",
"summary": "SUSE Bug 1225427",
"url": "https://bugzilla.suse.com/1225427"
},
{
"category": "self",
"summary": "SUSE Bug 1225431",
"url": "https://bugzilla.suse.com/1225431"
},
{
"category": "self",
"summary": "SUSE Bug 1225455",
"url": "https://bugzilla.suse.com/1225455"
},
{
"category": "self",
"summary": "SUSE Bug 1225478",
"url": "https://bugzilla.suse.com/1225478"
},
{
"category": "self",
"summary": "SUSE Bug 1225505",
"url": "https://bugzilla.suse.com/1225505"
},
{
"category": "self",
"summary": "SUSE Bug 1225530",
"url": "https://bugzilla.suse.com/1225530"
},
{
"category": "self",
"summary": "SUSE Bug 1225532",
"url": "https://bugzilla.suse.com/1225532"
},
{
"category": "self",
"summary": "SUSE Bug 1225569",
"url": "https://bugzilla.suse.com/1225569"
},
{
"category": "self",
"summary": "SUSE Bug 1225593",
"url": "https://bugzilla.suse.com/1225593"
},
{
"category": "self",
"summary": "SUSE Bug 1225711",
"url": "https://bugzilla.suse.com/1225711"
},
{
"category": "self",
"summary": "SUSE Bug 1225719",
"url": "https://bugzilla.suse.com/1225719"
},
{
"category": "self",
"summary": "SUSE Bug 1225767",
"url": "https://bugzilla.suse.com/1225767"
},
{
"category": "self",
"summary": "SUSE Bug 1225820",
"url": "https://bugzilla.suse.com/1225820"
},
{
"category": "self",
"summary": "SUSE Bug 1225835",
"url": "https://bugzilla.suse.com/1225835"
},
{
"category": "self",
"summary": "SUSE Bug 1225838",
"url": "https://bugzilla.suse.com/1225838"
},
{
"category": "self",
"summary": "SUSE Bug 1225898",
"url": "https://bugzilla.suse.com/1225898"
},
{
"category": "self",
"summary": "SUSE Bug 1226550",
"url": "https://bugzilla.suse.com/1226550"
},
{
"category": "self",
"summary": "SUSE Bug 1226553",
"url": "https://bugzilla.suse.com/1226553"
},
{
"category": "self",
"summary": "SUSE Bug 1226555",
"url": "https://bugzilla.suse.com/1226555"
},
{
"category": "self",
"summary": "SUSE Bug 1226559",
"url": "https://bugzilla.suse.com/1226559"
},
{
"category": "self",
"summary": "SUSE Bug 1226568",
"url": "https://bugzilla.suse.com/1226568"
},
{
"category": "self",
"summary": "SUSE Bug 1226571",
"url": "https://bugzilla.suse.com/1226571"
},
{
"category": "self",
"summary": "SUSE Bug 1226645",
"url": "https://bugzilla.suse.com/1226645"
},
{
"category": "self",
"summary": "SUSE Bug 1226757",
"url": "https://bugzilla.suse.com/1226757"
},
{
"category": "self",
"summary": "SUSE Bug 1226783",
"url": "https://bugzilla.suse.com/1226783"
},
{
"category": "self",
"summary": "SUSE Bug 1226786",
"url": "https://bugzilla.suse.com/1226786"
},
{
"category": "self",
"summary": "SUSE Bug 1226834",
"url": "https://bugzilla.suse.com/1226834"
},
{
"category": "self",
"summary": "SUSE Bug 1226861",
"url": "https://bugzilla.suse.com/1226861"
},
{
"category": "self",
"summary": "SUSE Bug 1226908",
"url": "https://bugzilla.suse.com/1226908"
},
{
"category": "self",
"summary": "SUSE Bug 1226994",
"url": "https://bugzilla.suse.com/1226994"
},
{
"category": "self",
"summary": "SUSE Bug 1227191",
"url": "https://bugzilla.suse.com/1227191"
},
{
"category": "self",
"summary": "SUSE Bug 1227213",
"url": "https://bugzilla.suse.com/1227213"
},
{
"category": "self",
"summary": "SUSE Bug 1227407",
"url": "https://bugzilla.suse.com/1227407"
},
{
"category": "self",
"summary": "SUSE Bug 1227435",
"url": "https://bugzilla.suse.com/1227435"
},
{
"category": "self",
"summary": "SUSE Bug 1227487",
"url": "https://bugzilla.suse.com/1227487"
},
{
"category": "self",
"summary": "SUSE Bug 1227573",
"url": "https://bugzilla.suse.com/1227573"
},
{
"category": "self",
"summary": "SUSE Bug 1227618",
"url": "https://bugzilla.suse.com/1227618"
},
{
"category": "self",
"summary": "SUSE Bug 1227626",
"url": "https://bugzilla.suse.com/1227626"
},
{
"category": "self",
"summary": "SUSE Bug 1227716",
"url": "https://bugzilla.suse.com/1227716"
},
{
"category": "self",
"summary": "SUSE Bug 1227725",
"url": "https://bugzilla.suse.com/1227725"
},
{
"category": "self",
"summary": "SUSE Bug 1227729",
"url": "https://bugzilla.suse.com/1227729"
},
{
"category": "self",
"summary": "SUSE Bug 1227730",
"url": "https://bugzilla.suse.com/1227730"
},
{
"category": "self",
"summary": "SUSE Bug 1227733",
"url": "https://bugzilla.suse.com/1227733"
},
{
"category": "self",
"summary": "SUSE Bug 1227750",
"url": "https://bugzilla.suse.com/1227750"
},
{
"category": "self",
"summary": "SUSE Bug 1227754",
"url": "https://bugzilla.suse.com/1227754"
},
{
"category": "self",
"summary": "SUSE Bug 1227762",
"url": "https://bugzilla.suse.com/1227762"
},
{
"category": "self",
"summary": "SUSE Bug 1227770",
"url": "https://bugzilla.suse.com/1227770"
},
{
"category": "self",
"summary": "SUSE Bug 1227771",
"url": "https://bugzilla.suse.com/1227771"
},
{
"category": "self",
"summary": "SUSE Bug 1227772",
"url": "https://bugzilla.suse.com/1227772"
},
{
"category": "self",
"summary": "SUSE Bug 1227774",
"url": "https://bugzilla.suse.com/1227774"
},
{
"category": "self",
"summary": "SUSE Bug 1227786",
"url": "https://bugzilla.suse.com/1227786"
},
{
"category": "self",
"summary": "SUSE Bug 1227790",
"url": "https://bugzilla.suse.com/1227790"
},
{
"category": "self",
"summary": "SUSE Bug 1227806",
"url": "https://bugzilla.suse.com/1227806"
},
{
"category": "self",
"summary": "SUSE Bug 1227824",
"url": "https://bugzilla.suse.com/1227824"
},
{
"category": "self",
"summary": "SUSE Bug 1227828",
"url": "https://bugzilla.suse.com/1227828"
},
{
"category": "self",
"summary": "SUSE Bug 1227830",
"url": "https://bugzilla.suse.com/1227830"
},
{
"category": "self",
"summary": "SUSE Bug 1227836",
"url": "https://bugzilla.suse.com/1227836"
},
{
"category": "self",
"summary": "SUSE Bug 1227849",
"url": "https://bugzilla.suse.com/1227849"
},
{
"category": "self",
"summary": "SUSE Bug 1227865",
"url": "https://bugzilla.suse.com/1227865"
},
{
"category": "self",
"summary": "SUSE Bug 1227866",
"url": "https://bugzilla.suse.com/1227866"
},
{
"category": "self",
"summary": "SUSE Bug 1227884",
"url": "https://bugzilla.suse.com/1227884"
},
{
"category": "self",
"summary": "SUSE Bug 1227886",
"url": "https://bugzilla.suse.com/1227886"
},
{
"category": "self",
"summary": "SUSE Bug 1227891",
"url": "https://bugzilla.suse.com/1227891"
},
{
"category": "self",
"summary": "SUSE Bug 1227913",
"url": "https://bugzilla.suse.com/1227913"
},
{
"category": "self",
"summary": "SUSE Bug 1227924",
"url": "https://bugzilla.suse.com/1227924"
},
{
"category": "self",
"summary": "SUSE Bug 1227928",
"url": "https://bugzilla.suse.com/1227928"
},
{
"category": "self",
"summary": "SUSE Bug 1227929",
"url": "https://bugzilla.suse.com/1227929"
},
{
"category": "self",
"summary": "SUSE Bug 1227936",
"url": "https://bugzilla.suse.com/1227936"
},
{
"category": "self",
"summary": "SUSE Bug 1227957",
"url": "https://bugzilla.suse.com/1227957"
},
{
"category": "self",
"summary": "SUSE Bug 1227968",
"url": "https://bugzilla.suse.com/1227968"
},
{
"category": "self",
"summary": "SUSE Bug 1227969",
"url": "https://bugzilla.suse.com/1227969"
},
{
"category": "self",
"summary": "SUSE Bug 1227975",
"url": "https://bugzilla.suse.com/1227975"
},
{
"category": "self",
"summary": "SUSE Bug 1227985",
"url": "https://bugzilla.suse.com/1227985"
},
{
"category": "self",
"summary": "SUSE Bug 1227989",
"url": "https://bugzilla.suse.com/1227989"
},
{
"category": "self",
"summary": "SUSE Bug 1228003",
"url": "https://bugzilla.suse.com/1228003"
},
{
"category": "self",
"summary": "SUSE Bug 1228005",
"url": "https://bugzilla.suse.com/1228005"
},
{
"category": "self",
"summary": "SUSE Bug 1228008",
"url": "https://bugzilla.suse.com/1228008"
},
{
"category": "self",
"summary": "SUSE Bug 1228013",
"url": "https://bugzilla.suse.com/1228013"
},
{
"category": "self",
"summary": "SUSE Bug 1228025",
"url": "https://bugzilla.suse.com/1228025"
},
{
"category": "self",
"summary": "SUSE Bug 1228030",
"url": "https://bugzilla.suse.com/1228030"
},
{
"category": "self",
"summary": "SUSE Bug 1228037",
"url": "https://bugzilla.suse.com/1228037"
},
{
"category": "self",
"summary": "SUSE Bug 1228045",
"url": "https://bugzilla.suse.com/1228045"
},
{
"category": "self",
"summary": "SUSE Bug 1228054",
"url": "https://bugzilla.suse.com/1228054"
},
{
"category": "self",
"summary": "SUSE Bug 1228055",
"url": "https://bugzilla.suse.com/1228055"
},
{
"category": "self",
"summary": "SUSE Bug 1228063",
"url": "https://bugzilla.suse.com/1228063"
},
{
"category": "self",
"summary": "SUSE Bug 1228071",
"url": "https://bugzilla.suse.com/1228071"
},
{
"category": "self",
"summary": "SUSE Bug 1228235",
"url": "https://bugzilla.suse.com/1228235"
},
{
"category": "self",
"summary": "SUSE Bug 1228237",
"url": "https://bugzilla.suse.com/1228237"
},
{
"category": "self",
"summary": "SUSE Bug 1228327",
"url": "https://bugzilla.suse.com/1228327"
},
{
"category": "self",
"summary": "SUSE Bug 1228328",
"url": "https://bugzilla.suse.com/1228328"
},
{
"category": "self",
"summary": "SUSE Bug 1228408",
"url": "https://bugzilla.suse.com/1228408"
},
{
"category": "self",
"summary": "SUSE Bug 1228409",
"url": "https://bugzilla.suse.com/1228409"
},
{
"category": "self",
"summary": "SUSE Bug 1228410",
"url": "https://bugzilla.suse.com/1228410"
},
{
"category": "self",
"summary": "SUSE Bug 1228470",
"url": "https://bugzilla.suse.com/1228470"
},
{
"category": "self",
"summary": "SUSE Bug 1228530",
"url": "https://bugzilla.suse.com/1228530"
},
{
"category": "self",
"summary": "SUSE Bug 1228561",
"url": "https://bugzilla.suse.com/1228561"
},
{
"category": "self",
"summary": "SUSE Bug 1228565",
"url": "https://bugzilla.suse.com/1228565"
},
{
"category": "self",
"summary": "SUSE Bug 1228567",
"url": "https://bugzilla.suse.com/1228567"
},
{
"category": "self",
"summary": "SUSE Bug 1228580",
"url": "https://bugzilla.suse.com/1228580"
},
{
"category": "self",
"summary": "SUSE Bug 1228581",
"url": "https://bugzilla.suse.com/1228581"
},
{
"category": "self",
"summary": "SUSE Bug 1228584",
"url": "https://bugzilla.suse.com/1228584"
},
{
"category": "self",
"summary": "SUSE Bug 1228588",
"url": "https://bugzilla.suse.com/1228588"
},
{
"category": "self",
"summary": "SUSE Bug 1228599",
"url": "https://bugzilla.suse.com/1228599"
},
{
"category": "self",
"summary": "SUSE Bug 1228617",
"url": "https://bugzilla.suse.com/1228617"
},
{
"category": "self",
"summary": "SUSE Bug 1228625",
"url": "https://bugzilla.suse.com/1228625"
},
{
"category": "self",
"summary": "SUSE Bug 1228626",
"url": "https://bugzilla.suse.com/1228626"
},
{
"category": "self",
"summary": "SUSE Bug 1228633",
"url": "https://bugzilla.suse.com/1228633"
},
{
"category": "self",
"summary": "SUSE Bug 1228640",
"url": "https://bugzilla.suse.com/1228640"
},
{
"category": "self",
"summary": "SUSE Bug 1228649",
"url": "https://bugzilla.suse.com/1228649"
},
{
"category": "self",
"summary": "SUSE Bug 1228655",
"url": "https://bugzilla.suse.com/1228655"
},
{
"category": "self",
"summary": "SUSE Bug 1228658",
"url": "https://bugzilla.suse.com/1228658"
},
{
"category": "self",
"summary": "SUSE Bug 1228662",
"url": "https://bugzilla.suse.com/1228662"
},
{
"category": "self",
"summary": "SUSE Bug 1228680",
"url": "https://bugzilla.suse.com/1228680"
},
{
"category": "self",
"summary": "SUSE Bug 1228705",
"url": "https://bugzilla.suse.com/1228705"
},
{
"category": "self",
"summary": "SUSE Bug 1228723",
"url": "https://bugzilla.suse.com/1228723"
},
{
"category": "self",
"summary": "SUSE Bug 1228726",
"url": "https://bugzilla.suse.com/1228726"
},
{
"category": "self",
"summary": "SUSE Bug 1228743",
"url": "https://bugzilla.suse.com/1228743"
},
{
"category": "self",
"summary": "SUSE Bug 1228850",
"url": "https://bugzilla.suse.com/1228850"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26558 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-0129 page",
"url": "https://www.suse.com/security/cve/CVE-2021-0129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47145 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47191 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47191/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47194 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47197 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47201 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47219 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47219/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47275 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47275/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47295 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47295/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47388 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47388/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47395 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47399 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47399/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47403 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47403/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47405 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47405/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47438 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47438/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47441 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47441/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47468 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47498 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47501 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47501/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47516 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47516/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47520 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47520/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47542 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47542/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47547 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47559 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47580 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47582 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47582/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47588 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47588/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47597 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47599 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47599/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47606 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47619 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-20368 page",
"url": "https://www.suse.com/security/cve/CVE-2022-20368/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28748 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28748/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2964 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48775 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48792 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48794 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48804 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48805 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48805/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48810 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48811 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48823 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48826 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48827 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48828 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48829 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48836 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48839 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48850 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48855 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48857 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48860 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48863 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4244 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52435 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52435/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52507 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52507/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52594 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52594/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52612 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52612/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52615 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52619 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52623 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52623/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52669 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52683 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52693 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52743 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52753 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52817 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52818 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52819 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52885 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26615 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26635 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26636 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26659 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26663 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26735 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26830 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26863 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26880 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26880/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26920 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26924 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27019 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27020 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27025 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27025/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27437 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35805 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35805/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35806 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35819 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35828 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35837 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35887 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35893 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35934 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35949 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35966 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35967 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35978 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35995 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36004 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36004/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36014 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36288 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36592 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36901 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36901/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36902 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36919 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36924 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36939 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36939/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36941 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36941/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36952 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38558 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38560 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38560/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38598 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38598/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38619 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38630 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38630/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39301 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39475 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39475/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39487 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39488 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39490 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39494 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39499 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39501 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39501/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39506 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39507 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39507/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39509 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39509/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40901 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40901/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40904 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40912 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40923 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40929 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40932 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40937 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40941 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40941/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40942 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40942/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40943 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40953 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40959 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40966 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40967 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40978 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40982 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40987 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40988 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40990 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40990/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40995 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40998 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40999 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41014 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41015 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41015/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41016 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41044 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41048 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41048/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41059 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41060 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41064 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41066 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41066/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41070 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41070/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41071 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41072 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41078 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41081 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41081/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41089 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41090 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41091 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41095 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42070 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42070/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42093 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42096 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42119 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42120 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42124 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42145 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42223 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42223/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42224/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2024-08-14T07:24:46Z",
"generator": {
"date": "2024-08-14T07:24:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:2901-1",
"initial_release_date": "2024-08-14T07:24:46Z",
"revision_history": [
{
"date": "2024-08-14T07:24:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-azure-4.12.14-16.194.1.noarch",
"product": {
"name": "kernel-devel-azure-4.12.14-16.194.1.noarch",
"product_id": "kernel-devel-azure-4.12.14-16.194.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-azure-4.12.14-16.194.1.noarch",
"product": {
"name": "kernel-source-azure-4.12.14-16.194.1.noarch",
"product_id": "kernel-source-azure-4.12.14-16.194.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-4.12.14-16.194.1.x86_64",
"product": {
"name": "cluster-md-kmp-azure-4.12.14-16.194.1.x86_64",
"product_id": "cluster-md-kmp-azure-4.12.14-16.194.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-4.12.14-16.194.1.x86_64",
"product": {
"name": "dlm-kmp-azure-4.12.14-16.194.1.x86_64",
"product_id": "dlm-kmp-azure-4.12.14-16.194.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-4.12.14-16.194.1.x86_64",
"product": {
"name": "gfs2-kmp-azure-4.12.14-16.194.1.x86_64",
"product_id": "gfs2-kmp-azure-4.12.14-16.194.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-4.12.14-16.194.1.x86_64",
"product": {
"name": "kernel-azure-4.12.14-16.194.1.x86_64",
"product_id": "kernel-azure-4.12.14-16.194.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-base-4.12.14-16.194.1.x86_64",
"product": {
"name": "kernel-azure-base-4.12.14-16.194.1.x86_64",
"product_id": "kernel-azure-base-4.12.14-16.194.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-4.12.14-16.194.1.x86_64",
"product": {
"name": "kernel-azure-devel-4.12.14-16.194.1.x86_64",
"product_id": "kernel-azure-devel-4.12.14-16.194.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-4.12.14-16.194.1.x86_64",
"product": {
"name": "kernel-azure-extra-4.12.14-16.194.1.x86_64",
"product_id": "kernel-azure-extra-4.12.14-16.194.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-kgraft-devel-4.12.14-16.194.1.x86_64",
"product": {
"name": "kernel-azure-kgraft-devel-4.12.14-16.194.1.x86_64",
"product_id": "kernel-azure-kgraft-devel-4.12.14-16.194.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-4.12.14-16.194.1.x86_64",
"product": {
"name": "kernel-syms-azure-4.12.14-16.194.1.x86_64",
"product_id": "kernel-syms-azure-4.12.14-16.194.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-4.12.14-16.194.1.x86_64",
"product": {
"name": "kselftests-kmp-azure-4.12.14-16.194.1.x86_64",
"product_id": "kselftests-kmp-azure-4.12.14-16.194.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-4.12.14-16.194.1.x86_64",
"product": {
"name": "ocfs2-kmp-azure-4.12.14-16.194.1.x86_64",
"product_id": "ocfs2-kmp-azure-4.12.14-16.194.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-4.12.14-16.194.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64"
},
"product_reference": "kernel-azure-4.12.14-16.194.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-base-4.12.14-16.194.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64"
},
"product_reference": "kernel-azure-base-4.12.14-16.194.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-4.12.14-16.194.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64"
},
"product_reference": "kernel-azure-devel-4.12.14-16.194.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-4.12.14-16.194.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch"
},
"product_reference": "kernel-devel-azure-4.12.14-16.194.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-4.12.14-16.194.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch"
},
"product_reference": "kernel-source-azure-4.12.14-16.194.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-4.12.14-16.194.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
},
"product_reference": "kernel-syms-azure-4.12.14-16.194.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-4.12.14-16.194.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64"
},
"product_reference": "kernel-azure-4.12.14-16.194.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-base-4.12.14-16.194.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64"
},
"product_reference": "kernel-azure-base-4.12.14-16.194.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-4.12.14-16.194.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64"
},
"product_reference": "kernel-azure-devel-4.12.14-16.194.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-4.12.14-16.194.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch"
},
"product_reference": "kernel-devel-azure-4.12.14-16.194.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-4.12.14-16.194.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch"
},
"product_reference": "kernel-source-azure-4.12.14-16.194.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-4.12.14-16.194.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
},
"product_reference": "kernel-syms-azure-4.12.14-16.194.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-26558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26558"
}
],
"notes": [
{
"category": "general",
"text": "Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26558",
"url": "https://www.suse.com/security/cve/CVE-2020-26558"
},
{
"category": "external",
"summary": "SUSE Bug 1179610 for CVE-2020-26558",
"url": "https://bugzilla.suse.com/1179610"
},
{
"category": "external",
"summary": "SUSE Bug 1186463 for CVE-2020-26558",
"url": "https://bugzilla.suse.com/1186463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2020-26558"
},
{
"cve": "CVE-2021-0129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-0129"
}
],
"notes": [
{
"category": "general",
"text": "Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-0129",
"url": "https://www.suse.com/security/cve/CVE-2021-0129"
},
{
"category": "external",
"summary": "SUSE Bug 1186463 for CVE-2021-0129",
"url": "https://bugzilla.suse.com/1186463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-0129"
},
{
"cve": "CVE-2021-47145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON in link_to_fixup_dir\n\nWhile doing error injection testing I got the following panic\n\n kernel BUG at fs/btrfs/tree-log.c:1862!\n invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 1 PID: 7836 Comm: mount Not tainted 5.13.0-rc1+ #305\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014\n RIP: 0010:link_to_fixup_dir+0xd5/0xe0\n RSP: 0018:ffffb5800180fa30 EFLAGS: 00010216\n RAX: fffffffffffffffb RBX: 00000000fffffffb RCX: ffff8f595287faf0\n RDX: ffffb5800180fa37 RSI: ffff8f5954978800 RDI: 0000000000000000\n RBP: ffff8f5953af9450 R08: 0000000000000019 R09: 0000000000000001\n R10: 000151f408682970 R11: 0000000120021001 R12: ffff8f5954978800\n R13: ffff8f595287faf0 R14: ffff8f5953c77dd0 R15: 0000000000000065\n FS: 00007fc5284c8c40(0000) GS:ffff8f59bbd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fc5287f47c0 CR3: 000000011275e002 CR4: 0000000000370ee0\n Call Trace:\n replay_one_buffer+0x409/0x470\n ? btree_read_extent_buffer_pages+0xd0/0x110\n walk_up_log_tree+0x157/0x1e0\n walk_log_tree+0xa6/0x1d0\n btrfs_recover_log_trees+0x1da/0x360\n ? replay_one_extent+0x7b0/0x7b0\n open_ctree+0x1486/0x1720\n btrfs_mount_root.cold+0x12/0xea\n ? __kmalloc_track_caller+0x12f/0x240\n legacy_get_tree+0x24/0x40\n vfs_get_tree+0x22/0xb0\n vfs_kern_mount.part.0+0x71/0xb0\n btrfs_mount+0x10d/0x380\n ? vfs_parse_fs_string+0x4d/0x90\n legacy_get_tree+0x24/0x40\n vfs_get_tree+0x22/0xb0\n path_mount+0x433/0xa10\n __x64_sys_mount+0xe3/0x120\n do_syscall_64+0x3d/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nWe can get -EIO or any number of legitimate errors from\nbtrfs_search_slot(), panicing here is not the appropriate response. The\nerror path for this code handles errors properly, simply return the\nerror.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47145",
"url": "https://www.suse.com/security/cve/CVE-2021-47145"
},
{
"category": "external",
"summary": "SUSE Bug 1222005 for CVE-2021-47145",
"url": "https://bugzilla.suse.com/1222005"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47145"
},
{
"cve": "CVE-2021-47191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47191"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_debug: Fix out-of-bound read in resp_readcap16()\n\nThe following warning was observed running syzkaller:\n\n[ 3813.830724] sg_write: data in/out 65466/242 bytes for SCSI command 0x9e-- guessing data in;\n[ 3813.830724] program syz-executor not setting count and/or reply_len properly\n[ 3813.836956] ==================================================================\n[ 3813.839465] BUG: KASAN: stack-out-of-bounds in sg_copy_buffer+0x157/0x1e0\n[ 3813.841773] Read of size 4096 at addr ffff8883cf80f540 by task syz-executor/1549\n[ 3813.846612] Call Trace:\n[ 3813.846995] dump_stack+0x108/0x15f\n[ 3813.847524] print_address_description+0xa5/0x372\n[ 3813.848243] kasan_report.cold+0x236/0x2a8\n[ 3813.849439] check_memory_region+0x240/0x270\n[ 3813.850094] memcpy+0x30/0x80\n[ 3813.850553] sg_copy_buffer+0x157/0x1e0\n[ 3813.853032] sg_copy_from_buffer+0x13/0x20\n[ 3813.853660] fill_from_dev_buffer+0x135/0x370\n[ 3813.854329] resp_readcap16+0x1ac/0x280\n[ 3813.856917] schedule_resp+0x41f/0x1630\n[ 3813.858203] scsi_debug_queuecommand+0xb32/0x17e0\n[ 3813.862699] scsi_dispatch_cmd+0x330/0x950\n[ 3813.863329] scsi_request_fn+0xd8e/0x1710\n[ 3813.863946] __blk_run_queue+0x10b/0x230\n[ 3813.864544] blk_execute_rq_nowait+0x1d8/0x400\n[ 3813.865220] sg_common_write.isra.0+0xe61/0x2420\n[ 3813.871637] sg_write+0x6c8/0xef0\n[ 3813.878853] __vfs_write+0xe4/0x800\n[ 3813.883487] vfs_write+0x17b/0x530\n[ 3813.884008] ksys_write+0x103/0x270\n[ 3813.886268] __x64_sys_write+0x77/0xc0\n[ 3813.886841] do_syscall_64+0x106/0x360\n[ 3813.887415] entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nThis issue can be reproduced with the following syzkaller log:\n\nr0 = openat(0xffffffffffffff9c, \u0026(0x7f0000000040)=\u0027./file0\\x00\u0027, 0x26e1, 0x0)\nr1 = syz_open_procfs(0xffffffffffffffff, \u0026(0x7f0000000000)=\u0027fd/3\\x00\u0027)\nopen_by_handle_at(r1, \u0026(0x7f00000003c0)=ANY=[@ANYRESHEX], 0x602000)\nr2 = syz_open_dev$sg(\u0026(0x7f0000000000), 0x0, 0x40782)\nwrite$binfmt_aout(r2, \u0026(0x7f0000000340)=ANY=[@ANYBLOB=\"00000000deff000000000000000000000000000000000000000000000000000047f007af9e107a41ec395f1bded7be24277a1501ff6196a83366f4e6362bc0ff2b247f68a972989b094b2da4fb3607fcf611a22dd04310d28c75039d\"], 0x126)\n\nIn resp_readcap16() we get \"int alloc_len\" value -1104926854, and then pass\nthe huge arr_len to fill_from_dev_buffer(), but arr is only 32 bytes. This\nleads to OOB in sg_copy_buffer().\n\nTo solve this issue, define alloc_len as u32.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47191",
"url": "https://www.suse.com/security/cve/CVE-2021-47191"
},
{
"category": "external",
"summary": "SUSE Bug 1222866 for CVE-2021-47191",
"url": "https://bugzilla.suse.com/1222866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47191"
},
{
"cve": "CVE-2021-47194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47194"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncfg80211: call cfg80211_stop_ap when switch from P2P_GO type\n\nIf the userspace tools switch from NL80211_IFTYPE_P2P_GO to\nNL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), it\ndoes not call the cleanup cfg80211_stop_ap(), this leads to the\ninitialization of in-use data. For example, this path re-init the\nsdata-\u003eassigned_chanctx_list while it is still an element of\nassigned_vifs list, and makes that linked list corrupt.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47194",
"url": "https://www.suse.com/security/cve/CVE-2021-47194"
},
{
"category": "external",
"summary": "SUSE Bug 1222829 for CVE-2021-47194",
"url": "https://bugzilla.suse.com/1222829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47194"
},
{
"cve": "CVE-2021-47197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47197"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: nullify cq-\u003edbg pointer in mlx5_debug_cq_remove()\n\nPrior to this patch in case mlx5_core_destroy_cq() failed it proceeds\nto rest of destroy operations. mlx5_core_destroy_cq() could be called again\nby user and cause additional call of mlx5_debug_cq_remove().\ncq-\u003edbg was not nullify in previous call and cause the crash.\n\nFix it by nullify cq-\u003edbg pointer after removal.\n\nAlso proceed to destroy operations only if FW return 0\nfor MLX5_CMD_OP_DESTROY_CQ command.\n\ngeneral protection fault, probably for non-canonical address 0x2000300004058: 0000 [#1] SMP PTI\nCPU: 5 PID: 1228 Comm: python Not tainted 5.15.0-rc5_for_upstream_min_debug_2021_10_14_11_06 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:lockref_get+0x1/0x60\nCode: 5d e9 53 ff ff ff 48 8d 7f 70 e8 0a 2e 48 00 c7 85 d0 00 00 00 02\n00 00 00 c6 45 70 00 fb 5d c3 c3 cc cc cc cc cc cc cc cc 53 \u003c48\u003e 8b 17\n48 89 fb 85 d2 75 3d 48 89 d0 bf 64 00 00 00 48 89 c1 48\nRSP: 0018:ffff888137dd7a38 EFLAGS: 00010206\nRAX: 0000000000000000 RBX: ffff888107d5f458 RCX: 00000000fffffffe\nRDX: 000000000002c2b0 RSI: ffffffff8155e2e0 RDI: 0002000300004058\nRBP: ffff888137dd7a88 R08: 0002000300004058 R09: ffff8881144a9f88\nR10: 0000000000000000 R11: 0000000000000000 R12: ffff8881141d4000\nR13: ffff888137dd7c68 R14: ffff888137dd7d58 R15: ffff888137dd7cc0\nFS: 00007f4644f2a4c0(0000) GS:ffff8887a2d40000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055b4500f4380 CR3: 0000000114f7a003 CR4: 0000000000170ea0\nCall Trace:\n simple_recursive_removal+0x33/0x2e0\n ? debugfs_remove+0x60/0x60\n debugfs_remove+0x40/0x60\n mlx5_debug_cq_remove+0x32/0x70 [mlx5_core]\n mlx5_core_destroy_cq+0x41/0x1d0 [mlx5_core]\n devx_obj_cleanup+0x151/0x330 [mlx5_ib]\n ? __pollwait+0xd0/0xd0\n ? xas_load+0x5/0x70\n ? xa_load+0x62/0xa0\n destroy_hw_idr_uobject+0x20/0x80 [ib_uverbs]\n uverbs_destroy_uobject+0x3b/0x360 [ib_uverbs]\n uobj_destroy+0x54/0xa0 [ib_uverbs]\n ib_uverbs_cmd_verbs+0xaf2/0x1160 [ib_uverbs]\n ? uverbs_finalize_object+0xd0/0xd0 [ib_uverbs]\n ib_uverbs_ioctl+0xc4/0x1b0 [ib_uverbs]\n __x64_sys_ioctl+0x3e4/0x8e0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47197",
"url": "https://www.suse.com/security/cve/CVE-2021-47197"
},
{
"category": "external",
"summary": "SUSE Bug 1222776 for CVE-2021-47197",
"url": "https://bugzilla.suse.com/1222776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47197"
},
{
"cve": "CVE-2021-47201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47201"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: free q_vectors before queues in iavf_disable_vf\n\niavf_free_queues() clears adapter-\u003enum_active_queues, which\niavf_free_q_vectors() relies on, so swap the order of these two function\ncalls in iavf_disable_vf(). This resolves a panic encountered when the\ninterface is disabled and then later brought up again after PF\ncommunication is restored.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47201",
"url": "https://www.suse.com/security/cve/CVE-2021-47201"
},
{
"category": "external",
"summary": "SUSE Bug 1222792 for CVE-2021-47201",
"url": "https://bugzilla.suse.com/1222792"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47201"
},
{
"cve": "CVE-2021-47219",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47219"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()\n\nThe following issue was observed running syzkaller:\n\nBUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:377 [inline]\nBUG: KASAN: slab-out-of-bounds in sg_copy_buffer+0x150/0x1c0 lib/scatterlist.c:831\nRead of size 2132 at addr ffff8880aea95dc8 by task syz-executor.0/9815\n\nCPU: 0 PID: 9815 Comm: syz-executor.0 Not tainted 4.19.202-00874-gfc0fe04215a9 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0xe4/0x14a lib/dump_stack.c:118\n print_address_description+0x73/0x280 mm/kasan/report.c:253\n kasan_report_error mm/kasan/report.c:352 [inline]\n kasan_report+0x272/0x370 mm/kasan/report.c:410\n memcpy+0x1f/0x50 mm/kasan/kasan.c:302\n memcpy include/linux/string.h:377 [inline]\n sg_copy_buffer+0x150/0x1c0 lib/scatterlist.c:831\n fill_from_dev_buffer+0x14f/0x340 drivers/scsi/scsi_debug.c:1021\n resp_report_tgtpgs+0x5aa/0x770 drivers/scsi/scsi_debug.c:1772\n schedule_resp+0x464/0x12f0 drivers/scsi/scsi_debug.c:4429\n scsi_debug_queuecommand+0x467/0x1390 drivers/scsi/scsi_debug.c:5835\n scsi_dispatch_cmd+0x3fc/0x9b0 drivers/scsi/scsi_lib.c:1896\n scsi_request_fn+0x1042/0x1810 drivers/scsi/scsi_lib.c:2034\n __blk_run_queue_uncond block/blk-core.c:464 [inline]\n __blk_run_queue+0x1a4/0x380 block/blk-core.c:484\n blk_execute_rq_nowait+0x1c2/0x2d0 block/blk-exec.c:78\n sg_common_write.isra.19+0xd74/0x1dc0 drivers/scsi/sg.c:847\n sg_write.part.23+0x6e0/0xd00 drivers/scsi/sg.c:716\n sg_write+0x64/0xa0 drivers/scsi/sg.c:622\n __vfs_write+0xed/0x690 fs/read_write.c:485\nkill_bdev:block_device:00000000e138492c\n vfs_write+0x184/0x4c0 fs/read_write.c:549\n ksys_write+0x107/0x240 fs/read_write.c:599\n do_syscall_64+0xc2/0x560 arch/x86/entry/common.c:293\n entry_SYSCALL_64_after_hwframe+0x49/0xbe\n\nWe get \u0027alen\u0027 from command its type is int. If userspace passes a large\nlength we will get a negative \u0027alen\u0027.\n\nSwitch n, alen, and rlen to u32.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47219",
"url": "https://www.suse.com/security/cve/CVE-2021-47219"
},
{
"category": "external",
"summary": "SUSE Bug 1222824 for CVE-2021-47219",
"url": "https://bugzilla.suse.com/1222824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47219"
},
{
"cve": "CVE-2021-47275",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47275"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: avoid oversized read request in cache missing code path\n\nIn the cache missing code path of cached device, if a proper location\nfrom the internal B+ tree is matched for a cache miss range, function\ncached_dev_cache_miss() will be called in cache_lookup_fn() in the\nfollowing code block,\n[code block 1]\n 526 unsigned int sectors = KEY_INODE(k) == s-\u003eiop.inode\n 527 ? min_t(uint64_t, INT_MAX,\n 528 KEY_START(k) - bio-\u003ebi_iter.bi_sector)\n 529 : INT_MAX;\n 530 int ret = s-\u003ed-\u003ecache_miss(b, s, bio, sectors);\n\nHere s-\u003ed-\u003ecache_miss() is the call backfunction pointer initialized as\ncached_dev_cache_miss(), the last parameter \u0027sectors\u0027 is an important\nhint to calculate the size of read request to backing device of the\nmissing cache data.\n\nCurrent calculation in above code block may generate oversized value of\n\u0027sectors\u0027, which consequently may trigger 2 different potential kernel\npanics by BUG() or BUG_ON() as listed below,\n\n1) BUG_ON() inside bch_btree_insert_key(),\n[code block 2]\n 886 BUG_ON(b-\u003eops-\u003eis_extents \u0026\u0026 !KEY_SIZE(k));\n2) BUG() inside biovec_slab(),\n[code block 3]\n 51 default:\n 52 BUG();\n 53 return NULL;\n\nAll the above panics are original from cached_dev_cache_miss() by the\noversized parameter \u0027sectors\u0027.\n\nInside cached_dev_cache_miss(), parameter \u0027sectors\u0027 is used to calculate\nthe size of data read from backing device for the cache missing. This\nsize is stored in s-\u003einsert_bio_sectors by the following lines of code,\n[code block 4]\n 909 s-\u003einsert_bio_sectors = min(sectors, bio_sectors(bio) + reada);\n\nThen the actual key inserting to the internal B+ tree is generated and\nstored in s-\u003eiop.replace_key by the following lines of code,\n[code block 5]\n 911 s-\u003eiop.replace_key = KEY(s-\u003eiop.inode,\n 912 bio-\u003ebi_iter.bi_sector + s-\u003einsert_bio_sectors,\n 913 s-\u003einsert_bio_sectors);\nThe oversized parameter \u0027sectors\u0027 may trigger panic 1) by BUG_ON() from\nthe above code block.\n\nAnd the bio sending to backing device for the missing data is allocated\nwith hint from s-\u003einsert_bio_sectors by the following lines of code,\n[code block 6]\n 926 cache_bio = bio_alloc_bioset(GFP_NOWAIT,\n 927 DIV_ROUND_UP(s-\u003einsert_bio_sectors, PAGE_SECTORS),\n 928 \u0026dc-\u003edisk.bio_split);\nThe oversized parameter \u0027sectors\u0027 may trigger panic 2) by BUG() from the\nagove code block.\n\nNow let me explain how the panics happen with the oversized \u0027sectors\u0027.\nIn code block 5, replace_key is generated by macro KEY(). From the\ndefinition of macro KEY(),\n[code block 7]\n 71 #define KEY(inode, offset, size) \\\n 72 ((struct bkey) { \\\n 73 .high = (1ULL \u003c\u003c 63) | ((__u64) (size) \u003c\u003c 20) | (inode), \\\n 74 .low = (offset) \\\n 75 })\n\nHere \u0027size\u0027 is 16bits width embedded in 64bits member \u0027high\u0027 of struct\nbkey. But in code block 1, if \"KEY_START(k) - bio-\u003ebi_iter.bi_sector\" is\nvery probably to be larger than (1\u003c\u003c16) - 1, which makes the bkey size\ncalculation in code block 5 is overflowed. In one bug report the value\nof parameter \u0027sectors\u0027 is 131072 (= 1 \u003c\u003c 17), the overflowed \u0027sectors\u0027\nresults the overflowed s-\u003einsert_bio_sectors in code block 4, then makes\nsize field of s-\u003eiop.replace_key to be 0 in code block 5. Then the 0-\nsized s-\u003eiop.replace_key is inserted into the internal B+ tree as cache\nmissing check key (a special key to detect and avoid a racing between\nnormal write request and cache missing read request) as,\n[code block 8]\n 915 ret = bch_btree_insert_check_key(b, \u0026s-\u003eop, \u0026s-\u003eiop.replace_key);\n\nThen the 0-sized s-\u003eiop.replace_key as 3rd parameter triggers the bkey\nsize check BUG_ON() in code block 2, and causes the kernel panic 1).\n\nAnother ke\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47275",
"url": "https://www.suse.com/security/cve/CVE-2021-47275"
},
{
"category": "external",
"summary": "SUSE Bug 1224965 for CVE-2021-47275",
"url": "https://bugzilla.suse.com/1224965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47275"
},
{
"cve": "CVE-2021-47295",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47295"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix memory leak in tcindex_partial_destroy_work\n\nSyzbot reported memory leak in tcindex_set_parms(). The problem was in\nnon-freed perfect hash in tcindex_partial_destroy_work().\n\nIn tcindex_set_parms() new tcindex_data is allocated and some fields from\nold one are copied to new one, but not the perfect hash. Since\ntcindex_partial_destroy_work() is the destroy function for old\ntcindex_data, we need to free perfect hash to avoid memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47295",
"url": "https://www.suse.com/security/cve/CVE-2021-47295"
},
{
"category": "external",
"summary": "SUSE Bug 1224975 for CVE-2021-47295",
"url": "https://bugzilla.suse.com/1224975"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47295"
},
{
"cve": "CVE-2021-47388",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47388"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: fix use-after-free in CCMP/GCMP RX\n\nWhen PN checking is done in mac80211, for fragmentation we need\nto copy the PN to the RX struct so we can later use it to do a\ncomparison, since commit bf30ca922a0c (\"mac80211: check defrag\nPN against current frame\").\n\nUnfortunately, in that commit I used the \u0027hdr\u0027 variable without\nit being necessarily valid, so use-after-free could occur if it\nwas necessary to reallocate (parts of) the frame.\n\nFix this by reloading the variable after the code that results\nin the reallocations, if any.\n\nThis fixes https://bugzilla.kernel.org/show_bug.cgi?id=214401.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47388",
"url": "https://www.suse.com/security/cve/CVE-2021-47388"
},
{
"category": "external",
"summary": "SUSE Bug 1225214 for CVE-2021-47388",
"url": "https://bugzilla.suse.com/1225214"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47388"
},
{
"cve": "CVE-2021-47395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47395"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap\n\nLimit max values for vht mcs and nss in ieee80211_parse_tx_radiotap\nroutine in order to fix the following warning reported by syzbot:\n\nWARNING: CPU: 0 PID: 10717 at include/net/mac80211.h:989 ieee80211_rate_set_vht include/net/mac80211.h:989 [inline]\nWARNING: CPU: 0 PID: 10717 at include/net/mac80211.h:989 ieee80211_parse_tx_radiotap+0x101e/0x12d0 net/mac80211/tx.c:2244\nModules linked in:\nCPU: 0 PID: 10717 Comm: syz-executor.5 Not tainted 5.14.0-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nRIP: 0010:ieee80211_rate_set_vht include/net/mac80211.h:989 [inline]\nRIP: 0010:ieee80211_parse_tx_radiotap+0x101e/0x12d0 net/mac80211/tx.c:2244\nRSP: 0018:ffffc9000186f3e8 EFLAGS: 00010216\nRAX: 0000000000000618 RBX: ffff88804ef76500 RCX: ffffc900143a5000\nRDX: 0000000000040000 RSI: ffffffff888f478e RDI: 0000000000000003\nRBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000100\nR10: ffffffff888f46f9 R11: 0000000000000000 R12: 00000000fffffff8\nR13: ffff88804ef7653c R14: 0000000000000001 R15: 0000000000000004\nFS: 00007fbf5718f700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b2de23000 CR3: 000000006a671000 CR4: 00000000001506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600\nCall Trace:\n ieee80211_monitor_select_queue+0xa6/0x250 net/mac80211/iface.c:740\n netdev_core_pick_tx+0x169/0x2e0 net/core/dev.c:4089\n __dev_queue_xmit+0x6f9/0x3710 net/core/dev.c:4165\n __bpf_tx_skb net/core/filter.c:2114 [inline]\n __bpf_redirect_no_mac net/core/filter.c:2139 [inline]\n __bpf_redirect+0x5ba/0xd20 net/core/filter.c:2162\n ____bpf_clone_redirect net/core/filter.c:2429 [inline]\n bpf_clone_redirect+0x2ae/0x420 net/core/filter.c:2401\n bpf_prog_eeb6f53a69e5c6a2+0x59/0x234\n bpf_dispatcher_nop_func include/linux/bpf.h:717 [inline]\n __bpf_prog_run include/linux/filter.h:624 [inline]\n bpf_prog_run include/linux/filter.h:631 [inline]\n bpf_test_run+0x381/0xa30 net/bpf/test_run.c:119\n bpf_prog_test_run_skb+0xb84/0x1ee0 net/bpf/test_run.c:663\n bpf_prog_test_run kernel/bpf/syscall.c:3307 [inline]\n __sys_bpf+0x2137/0x5df0 kernel/bpf/syscall.c:4605\n __do_sys_bpf kernel/bpf/syscall.c:4691 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:4689 [inline]\n __x64_sys_bpf+0x75/0xb0 kernel/bpf/syscall.c:4689\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x4665f9",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47395",
"url": "https://www.suse.com/security/cve/CVE-2021-47395"
},
{
"category": "external",
"summary": "SUSE Bug 1225326 for CVE-2021-47395",
"url": "https://bugzilla.suse.com/1225326"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47395"
},
{
"cve": "CVE-2021-47399",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47399"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup\n\nThe ixgbe driver currently generates a NULL pointer dereference with\nsome machine (online cpus \u003c 63). This is due to the fact that the\nmaximum value of num_xdp_queues is nr_cpu_ids. Code is in\n\"ixgbe_set_rss_queues\"\".\n\nHere\u0027s how the problem repeats itself:\nSome machine (online cpus \u003c 63), And user set num_queues to 63 through\nethtool. Code is in the \"ixgbe_set_channels\",\n\tadapter-\u003ering_feature[RING_F_FDIR].limit = count;\n\nIt becomes 63.\n\nWhen user use xdp, \"ixgbe_set_rss_queues\" will set queues num.\n\tadapter-\u003enum_rx_queues = rss_i;\n\tadapter-\u003enum_tx_queues = rss_i;\n\tadapter-\u003enum_xdp_queues = ixgbe_xdp_queues(adapter);\n\nAnd rss_i\u0027s value is from\n\tf = \u0026adapter-\u003ering_feature[RING_F_FDIR];\n\trss_i = f-\u003eindices = f-\u003elimit;\n\nSo \"num_rx_queues\" \u003e \"num_xdp_queues\", when run to \"ixgbe_xdp_setup\",\n\tfor (i = 0; i \u003c adapter-\u003enum_rx_queues; i++)\n\t\tif (adapter-\u003exdp_ring[i]-\u003exsk_umem)\n\nIt leads to panic.\n\nCall trace:\n[exception RIP: ixgbe_xdp+368]\nRIP: ffffffffc02a76a0 RSP: ffff9fe16202f8d0 RFLAGS: 00010297\nRAX: 0000000000000000 RBX: 0000000000000020 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 000000000000001c RDI: ffffffffa94ead90\nRBP: ffff92f8f24c0c18 R8: 0000000000000000 R9: 0000000000000000\nR10: ffff9fe16202f830 R11: 0000000000000000 R12: ffff92f8f24c0000\nR13: ffff9fe16202fc01 R14: 000000000000000a R15: ffffffffc02a7530\nORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n 7 [ffff9fe16202f8f0] dev_xdp_install at ffffffffa89fbbcc\n 8 [ffff9fe16202f920] dev_change_xdp_fd at ffffffffa8a08808\n 9 [ffff9fe16202f960] do_setlink at ffffffffa8a20235\n10 [ffff9fe16202fa88] rtnl_setlink at ffffffffa8a20384\n11 [ffff9fe16202fc78] rtnetlink_rcv_msg at ffffffffa8a1a8dd\n12 [ffff9fe16202fcf0] netlink_rcv_skb at ffffffffa8a717eb\n13 [ffff9fe16202fd40] netlink_unicast at ffffffffa8a70f88\n14 [ffff9fe16202fd80] netlink_sendmsg at ffffffffa8a71319\n15 [ffff9fe16202fdf0] sock_sendmsg at ffffffffa89df290\n16 [ffff9fe16202fe08] __sys_sendto at ffffffffa89e19c8\n17 [ffff9fe16202ff30] __x64_sys_sendto at ffffffffa89e1a64\n18 [ffff9fe16202ff38] do_syscall_64 at ffffffffa84042b9\n19 [ffff9fe16202ff50] entry_SYSCALL_64_after_hwframe at ffffffffa8c0008c\n\nSo I fix ixgbe_max_channels so that it will not allow a setting of queues\nto be higher than the num_online_cpus(). And when run to ixgbe_xdp_setup,\ntake the smaller value of num_rx_queues and num_xdp_queues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47399",
"url": "https://www.suse.com/security/cve/CVE-2021-47399"
},
{
"category": "external",
"summary": "SUSE Bug 1225328 for CVE-2021-47399",
"url": "https://bugzilla.suse.com/1225328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47399"
},
{
"cve": "CVE-2021-47403",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47403"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipack: ipoctal: fix module reference leak\n\nA reference to the carrier module was taken on every open but was only\nreleased once when the final reference to the tty struct was dropped.\n\nFix this by taking the module reference and initialising the tty driver\ndata when installing the tty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47403",
"url": "https://www.suse.com/security/cve/CVE-2021-47403"
},
{
"category": "external",
"summary": "SUSE Bug 1225241 for CVE-2021-47403",
"url": "https://bugzilla.suse.com/1225241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47403"
},
{
"cve": "CVE-2021-47405",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47405"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: usbhid: free raw_report buffers in usbhid_stop\n\nFree the unsent raw_report buffers when the device is removed.\n\nFixes a memory leak reported by syzbot at:\nhttps://syzkaller.appspot.com/bug?id=7b4fa7cb1a7c2d3342a2a8a6c53371c8c418ab47",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47405",
"url": "https://www.suse.com/security/cve/CVE-2021-47405"
},
{
"category": "external",
"summary": "SUSE Bug 1225238 for CVE-2021-47405",
"url": "https://bugzilla.suse.com/1225238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47405"
},
{
"cve": "CVE-2021-47438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47438"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path\n\nPrior to this patch in case mlx5_core_destroy_cq() failed it returns\nwithout completing all destroy operations and that leads to memory leak.\nInstead, complete the destroy flow before return error.\n\nAlso move mlx5_debug_cq_remove() to the beginning of mlx5_core_destroy_cq()\nto be symmetrical with mlx5_core_create_cq().\n\nkmemleak complains on:\n\nunreferenced object 0xc000000038625100 (size 64):\n comm \"ethtool\", pid 28301, jiffies 4298062946 (age 785.380s)\n hex dump (first 32 bytes):\n 60 01 48 94 00 00 00 c0 b8 05 34 c3 00 00 00 c0 `.H.......4.....\n 02 00 00 00 00 00 00 00 00 db 7d c1 00 00 00 c0 ..........}.....\n backtrace:\n [\u003c000000009e8643cb\u003e] add_res_tree+0xd0/0x270 [mlx5_core]\n [\u003c00000000e7cb8e6c\u003e] mlx5_debug_cq_add+0x5c/0xc0 [mlx5_core]\n [\u003c000000002a12918f\u003e] mlx5_core_create_cq+0x1d0/0x2d0 [mlx5_core]\n [\u003c00000000cef0a696\u003e] mlx5e_create_cq+0x210/0x3f0 [mlx5_core]\n [\u003c000000009c642c26\u003e] mlx5e_open_cq+0xb4/0x130 [mlx5_core]\n [\u003c0000000058dfa578\u003e] mlx5e_ptp_open+0x7f4/0xe10 [mlx5_core]\n [\u003c0000000081839561\u003e] mlx5e_open_channels+0x9cc/0x13e0 [mlx5_core]\n [\u003c0000000009cf05d4\u003e] mlx5e_switch_priv_channels+0xa4/0x230\n[mlx5_core]\n [\u003c0000000042bbedd8\u003e] mlx5e_safe_switch_params+0x14c/0x300\n[mlx5_core]\n [\u003c0000000004bc9db8\u003e] set_pflag_tx_port_ts+0x9c/0x160 [mlx5_core]\n [\u003c00000000a0553443\u003e] mlx5e_set_priv_flags+0xd0/0x1b0 [mlx5_core]\n [\u003c00000000a8f3d84b\u003e] ethnl_set_privflags+0x234/0x2d0\n [\u003c00000000fd27f27c\u003e] genl_family_rcv_msg_doit+0x108/0x1d0\n [\u003c00000000f495e2bb\u003e] genl_family_rcv_msg+0xe4/0x1f0\n [\u003c00000000646c5c2c\u003e] genl_rcv_msg+0x78/0x120\n [\u003c00000000d53e384e\u003e] netlink_rcv_skb+0x74/0x1a0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47438",
"url": "https://www.suse.com/security/cve/CVE-2021-47438"
},
{
"category": "external",
"summary": "SUSE Bug 1225229 for CVE-2021-47438",
"url": "https://bugzilla.suse.com/1225229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47438"
},
{
"cve": "CVE-2021-47441",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47441"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: thermal: Fix out-of-bounds memory accesses\n\nCurrently, mlxsw allows cooling states to be set above the maximum\ncooling state supported by the driver:\n\n # cat /sys/class/thermal/thermal_zone2/cdev0/type\n mlxsw_fan\n # cat /sys/class/thermal/thermal_zone2/cdev0/max_state\n 10\n # echo 18 \u003e /sys/class/thermal/thermal_zone2/cdev0/cur_state\n # echo $?\n 0\n\nThis results in out-of-bounds memory accesses when thermal state\ntransition statistics are enabled (CONFIG_THERMAL_STATISTICS=y), as the\ntransition table is accessed with a too large index (state) [1].\n\nAccording to the thermal maintainer, it is the responsibility of the\ndriver to reject such operations [2].\n\nTherefore, return an error when the state to be set exceeds the maximum\ncooling state supported by the driver.\n\nTo avoid dead code, as suggested by the thermal maintainer [3],\npartially revert commit a421ce088ac8 (\"mlxsw: core: Extend cooling\ndevice with cooling levels\") that tried to interpret these invalid\ncooling states (above the maximum) in a special way. The cooling levels\narray is not removed in order to prevent the fans going below 20% PWM,\nwhich would cause them to get stuck at 0% PWM.\n\n[1]\nBUG: KASAN: slab-out-of-bounds in thermal_cooling_device_stats_update+0x271/0x290\nRead of size 4 at addr ffff8881052f7bf8 by task kworker/0:0/5\n\nCPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.15.0-rc3-custom-45935-gce1adf704b14 #122\nHardware name: Mellanox Technologies Ltd. \"MSN2410-CB2FO\"/\"SA000874\", BIOS 4.6.5 03/08/2016\nWorkqueue: events_freezable_power_ thermal_zone_device_check\nCall Trace:\n dump_stack_lvl+0x8b/0xb3\n print_address_description.constprop.0+0x1f/0x140\n kasan_report.cold+0x7f/0x11b\n thermal_cooling_device_stats_update+0x271/0x290\n __thermal_cdev_update+0x15e/0x4e0\n thermal_cdev_update+0x9f/0xe0\n step_wise_throttle+0x770/0xee0\n thermal_zone_device_update+0x3f6/0xdf0\n process_one_work+0xa42/0x1770\n worker_thread+0x62f/0x13e0\n kthread+0x3ee/0x4e0\n ret_from_fork+0x1f/0x30\n\nAllocated by task 1:\n kasan_save_stack+0x1b/0x40\n __kasan_kmalloc+0x7c/0x90\n thermal_cooling_device_setup_sysfs+0x153/0x2c0\n __thermal_cooling_device_register.part.0+0x25b/0x9c0\n thermal_cooling_device_register+0xb3/0x100\n mlxsw_thermal_init+0x5c5/0x7e0\n __mlxsw_core_bus_device_register+0xcb3/0x19c0\n mlxsw_core_bus_device_register+0x56/0xb0\n mlxsw_pci_probe+0x54f/0x710\n local_pci_probe+0xc6/0x170\n pci_device_probe+0x2b2/0x4d0\n really_probe+0x293/0xd10\n __driver_probe_device+0x2af/0x440\n driver_probe_device+0x51/0x1e0\n __driver_attach+0x21b/0x530\n bus_for_each_dev+0x14c/0x1d0\n bus_add_driver+0x3ac/0x650\n driver_register+0x241/0x3d0\n mlxsw_sp_module_init+0xa2/0x174\n do_one_initcall+0xee/0x5f0\n kernel_init_freeable+0x45a/0x4de\n kernel_init+0x1f/0x210\n ret_from_fork+0x1f/0x30\n\nThe buggy address belongs to the object at ffff8881052f7800\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 1016 bytes inside of\n 1024-byte region [ffff8881052f7800, ffff8881052f7c00)\nThe buggy address belongs to the page:\npage:0000000052355272 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1052f0\nhead:0000000052355272 order:3 compound_mapcount:0 compound_pincount:0\nflags: 0x200000000010200(slab|head|node=0|zone=2)\nraw: 0200000000010200 ffffea0005034800 0000000300000003 ffff888100041dc0\nraw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff8881052f7a80: 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc\n ffff8881052f7b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n\u003effff8881052f7b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ^\n ffff8881052f7c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ffff8881052f7c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n\n[2] https://lore.kernel.org/linux-pm/9aca37cb-1629-5c67-\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47441",
"url": "https://www.suse.com/security/cve/CVE-2021-47441"
},
{
"category": "external",
"summary": "SUSE Bug 1225224 for CVE-2021-47441",
"url": "https://bugzilla.suse.com/1225224"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47441"
},
{
"cve": "CVE-2021-47468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47468"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nisdn: mISDN: Fix sleeping function called from invalid context\n\nThe driver can call card-\u003eisac.release() function from an atomic\ncontext.\n\nFix this by calling this function after releasing the lock.\n\nThe following log reveals it:\n\n[ 44.168226 ] BUG: sleeping function called from invalid context at kernel/workqueue.c:3018\n[ 44.168941 ] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 5475, name: modprobe\n[ 44.169574 ] INFO: lockdep is turned off.\n[ 44.169899 ] irq event stamp: 0\n[ 44.170160 ] hardirqs last enabled at (0): [\u003c0000000000000000\u003e] 0x0\n[ 44.170627 ] hardirqs last disabled at (0): [\u003cffffffff814209ed\u003e] copy_process+0x132d/0x3e00\n[ 44.171240 ] softirqs last enabled at (0): [\u003cffffffff81420a1a\u003e] copy_process+0x135a/0x3e00\n[ 44.171852 ] softirqs last disabled at (0): [\u003c0000000000000000\u003e] 0x0\n[ 44.172318 ] Preemption disabled at:\n[ 44.172320 ] [\u003cffffffffa009b0a9\u003e] nj_release+0x69/0x500 [netjet]\n[ 44.174441 ] Call Trace:\n[ 44.174630 ] dump_stack_lvl+0xa8/0xd1\n[ 44.174912 ] dump_stack+0x15/0x17\n[ 44.175166 ] ___might_sleep+0x3a2/0x510\n[ 44.175459 ] ? nj_release+0x69/0x500 [netjet]\n[ 44.175791 ] __might_sleep+0x82/0xe0\n[ 44.176063 ] ? start_flush_work+0x20/0x7b0\n[ 44.176375 ] start_flush_work+0x33/0x7b0\n[ 44.176672 ] ? trace_irq_enable_rcuidle+0x85/0x170\n[ 44.177034 ] ? kasan_quarantine_put+0xaa/0x1f0\n[ 44.177372 ] ? kasan_quarantine_put+0xaa/0x1f0\n[ 44.177711 ] __flush_work+0x11a/0x1a0\n[ 44.177991 ] ? flush_work+0x20/0x20\n[ 44.178257 ] ? lock_release+0x13c/0x8f0\n[ 44.178550 ] ? __kasan_check_write+0x14/0x20\n[ 44.178872 ] ? do_raw_spin_lock+0x148/0x360\n[ 44.179187 ] ? read_lock_is_recursive+0x20/0x20\n[ 44.179530 ] ? __kasan_check_read+0x11/0x20\n[ 44.179846 ] ? do_raw_spin_unlock+0x55/0x900\n[ 44.180168 ] ? ____kasan_slab_free+0x116/0x140\n[ 44.180505 ] ? _raw_spin_unlock_irqrestore+0x41/0x60\n[ 44.180878 ] ? skb_queue_purge+0x1a3/0x1c0\n[ 44.181189 ] ? kfree+0x13e/0x290\n[ 44.181438 ] flush_work+0x17/0x20\n[ 44.181695 ] mISDN_freedchannel+0xe8/0x100\n[ 44.182006 ] isac_release+0x210/0x260 [mISDNipac]\n[ 44.182366 ] nj_release+0xf6/0x500 [netjet]\n[ 44.182685 ] nj_remove+0x48/0x70 [netjet]\n[ 44.182989 ] pci_device_remove+0xa9/0x250",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47468",
"url": "https://www.suse.com/security/cve/CVE-2021-47468"
},
{
"category": "external",
"summary": "SUSE Bug 1225346 for CVE-2021-47468",
"url": "https://bugzilla.suse.com/1225346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47468"
},
{
"cve": "CVE-2021-47498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47498"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm rq: don\u0027t queue request to blk-mq during DM suspend\n\nDM uses blk-mq\u0027s quiesce/unquiesce to stop/start device mapper queue.\n\nBut blk-mq\u0027s unquiesce may come from outside events, such as elevator\nswitch, updating nr_requests or others, and request may come during\nsuspend, so simply ask for blk-mq to requeue it.\n\nFixes one kernel panic issue when running updating nr_requests and\ndm-mpath suspend/resume stress test.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47498",
"url": "https://www.suse.com/security/cve/CVE-2021-47498"
},
{
"category": "external",
"summary": "SUSE Bug 1225357 for CVE-2021-47498",
"url": "https://bugzilla.suse.com/1225357"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47498"
},
{
"cve": "CVE-2021-47501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47501"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix NULL pointer dereference in i40e_dbg_dump_desc\n\nWhen trying to dump VFs VSI RX/TX descriptors\nusing debugfs there was a crash\ndue to NULL pointer dereference in i40e_dbg_dump_desc.\nAdded a check to i40e_dbg_dump_desc that checks if\nVSI type is correct for dumping RX/TX descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47501",
"url": "https://www.suse.com/security/cve/CVE-2021-47501"
},
{
"category": "external",
"summary": "SUSE Bug 1225361 for CVE-2021-47501",
"url": "https://bugzilla.suse.com/1225361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47501"
},
{
"cve": "CVE-2021-47516",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47516"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfp: Fix memory leak in nfp_cpp_area_cache_add()\n\nIn line 800 (#1), nfp_cpp_area_alloc() allocates and initializes a\nCPP area structure. But in line 807 (#2), when the cache is allocated\nfailed, this CPP area structure is not freed, which will result in\nmemory leak.\n\nWe can fix it by freeing the CPP area when the cache is allocated\nfailed (#2).\n\n792 int nfp_cpp_area_cache_add(struct nfp_cpp *cpp, size_t size)\n793 {\n794 \tstruct nfp_cpp_area_cache *cache;\n795 \tstruct nfp_cpp_area *area;\n\n800\tarea = nfp_cpp_area_alloc(cpp, NFP_CPP_ID(7, NFP_CPP_ACTION_RW, 0),\n801 \t\t\t\t 0, size);\n\t// #1: allocates and initializes\n\n802 \tif (!area)\n803 \t\treturn -ENOMEM;\n\n805 \tcache = kzalloc(sizeof(*cache), GFP_KERNEL);\n806 \tif (!cache)\n807 \t\treturn -ENOMEM; // #2: missing free\n\n817\treturn 0;\n818 }",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47516",
"url": "https://www.suse.com/security/cve/CVE-2021-47516"
},
{
"category": "external",
"summary": "SUSE Bug 1225427 for CVE-2021-47516",
"url": "https://bugzilla.suse.com/1225427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "low"
}
],
"title": "CVE-2021-47516"
},
{
"cve": "CVE-2021-47520",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47520"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: pch_can: pch_can_rx_normal: fix use after free\n\nAfter calling netif_receive_skb(skb), dereferencing skb is unsafe.\nEspecially, the can_frame cf which aliases skb memory is dereferenced\njust after the call netif_receive_skb(skb).\n\nReordering the lines solves the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47520",
"url": "https://www.suse.com/security/cve/CVE-2021-47520"
},
{
"category": "external",
"summary": "SUSE Bug 1225431 for CVE-2021-47520",
"url": "https://bugzilla.suse.com/1225431"
},
{
"category": "external",
"summary": "SUSE Bug 1227905 for CVE-2021-47520",
"url": "https://bugzilla.suse.com/1227905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "important"
}
],
"title": "CVE-2021-47520"
},
{
"cve": "CVE-2021-47542",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47542"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings()\n\nIn qlcnic_83xx_add_rings(), the indirect function of\nahw-\u003ehw_ops-\u003ealloc_mbx_args will be called to allocate memory for\ncmd.req.arg, and there is a dereference of it in qlcnic_83xx_add_rings(),\nwhich could lead to a NULL pointer dereference on failure of the\nindirect function like qlcnic_83xx_alloc_mbx_args().\n\nFix this bug by adding a check of alloc_mbx_args(), this patch\nimitates the logic of mbx_cmd()\u0027s failure handling.\n\nThis bug was found by a static analyzer. The analysis employs\ndifferential checking to identify inconsistent security operations\n(e.g., checks or kfrees) between two code paths and confirms that the\ninconsistent operations are not recovered in the current function or\nthe callers, so they constitute bugs.\n\nNote that, as a bug found by static analysis, it can be a false\npositive or hard to trigger. Multiple researchers have cross-reviewed\nthe bug.\n\nBuilds with CONFIG_QLCNIC=m show no new warnings, and our\nstatic analyzer no longer warns about this code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47542",
"url": "https://www.suse.com/security/cve/CVE-2021-47542"
},
{
"category": "external",
"summary": "SUSE Bug 1225455 for CVE-2021-47542",
"url": "https://bugzilla.suse.com/1225455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47542"
},
{
"cve": "CVE-2021-47547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47547"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tulip: de4x5: fix the problem that the array \u0027lp-\u003ephy[8]\u0027 may be out of bound\n\nIn line 5001, if all id in the array \u0027lp-\u003ephy[8]\u0027 is not 0, when the\n\u0027for\u0027 end, the \u0027k\u0027 is 8.\n\nAt this time, the array \u0027lp-\u003ephy[8]\u0027 may be out of bound.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47547",
"url": "https://www.suse.com/security/cve/CVE-2021-47547"
},
{
"category": "external",
"summary": "SUSE Bug 1225505 for CVE-2021-47547",
"url": "https://bugzilla.suse.com/1225505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47547"
},
{
"cve": "CVE-2021-47559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk()\n\nCoverity reports a possible NULL dereferencing problem:\n\nin smc_vlan_by_tcpsk():\n6. returned_null: netdev_lower_get_next returns NULL (checked 29 out of 30 times).\n7. var_assigned: Assigning: ndev = NULL return value from netdev_lower_get_next.\n1623 ndev = (struct net_device *)netdev_lower_get_next(ndev, \u0026lower);\nCID 1468509 (#1 of 1): Dereference null return value (NULL_RETURNS)\n8. dereference: Dereferencing a pointer that might be NULL ndev when calling is_vlan_dev.\n1624 if (is_vlan_dev(ndev)) {\n\nRemove the manual implementation and use netdev_walk_all_lower_dev() to\niterate over the lower devices. While on it remove an obsolete function\nparameter comment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47559",
"url": "https://www.suse.com/security/cve/CVE-2021-47559"
},
{
"category": "external",
"summary": "SUSE Bug 1225396 for CVE-2021-47559",
"url": "https://bugzilla.suse.com/1225396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47559"
},
{
"cve": "CVE-2021-47580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47580"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_debug: Fix type in min_t to avoid stack OOB\n\nChange min_t() to use type \"u32\" instead of type \"int\" to avoid stack out\nof bounds. With min_t() type \"int\" the values get sign extended and the\nlarger value gets used causing stack out of bounds.\n\nBUG: KASAN: stack-out-of-bounds in memcpy include/linux/fortify-string.h:191 [inline]\nBUG: KASAN: stack-out-of-bounds in sg_copy_buffer+0x1de/0x240 lib/scatterlist.c:976\nRead of size 127 at addr ffff888072607128 by task syz-executor.7/18707\n\nCPU: 1 PID: 18707 Comm: syz-executor.7 Not tainted 5.15.0-syzk #1\nHardware name: Red Hat KVM, BIOS 1.13.0-2\nCall Trace:\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x89/0xb5 lib/dump_stack.c:106\n print_address_description.constprop.9+0x28/0x160 mm/kasan/report.c:256\n __kasan_report mm/kasan/report.c:442 [inline]\n kasan_report.cold.14+0x7d/0x117 mm/kasan/report.c:459\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0x1a3/0x210 mm/kasan/generic.c:189\n memcpy+0x23/0x60 mm/kasan/shadow.c:65\n memcpy include/linux/fortify-string.h:191 [inline]\n sg_copy_buffer+0x1de/0x240 lib/scatterlist.c:976\n sg_copy_from_buffer+0x33/0x40 lib/scatterlist.c:1000\n fill_from_dev_buffer.part.34+0x82/0x130 drivers/scsi/scsi_debug.c:1162\n fill_from_dev_buffer drivers/scsi/scsi_debug.c:1888 [inline]\n resp_readcap16+0x365/0x3b0 drivers/scsi/scsi_debug.c:1887\n schedule_resp+0x4d8/0x1a70 drivers/scsi/scsi_debug.c:5478\n scsi_debug_queuecommand+0x8c9/0x1ec0 drivers/scsi/scsi_debug.c:7533\n scsi_dispatch_cmd drivers/scsi/scsi_lib.c:1520 [inline]\n scsi_queue_rq+0x16b0/0x2d40 drivers/scsi/scsi_lib.c:1699\n blk_mq_dispatch_rq_list+0xb9b/0x2700 block/blk-mq.c:1639\n __blk_mq_sched_dispatch_requests+0x28f/0x590 block/blk-mq-sched.c:325\n blk_mq_sched_dispatch_requests+0x105/0x190 block/blk-mq-sched.c:358\n __blk_mq_run_hw_queue+0xe5/0x150 block/blk-mq.c:1761\n __blk_mq_delay_run_hw_queue+0x4f8/0x5c0 block/blk-mq.c:1838\n blk_mq_run_hw_queue+0x18d/0x350 block/blk-mq.c:1891\n blk_mq_sched_insert_request+0x3db/0x4e0 block/blk-mq-sched.c:474\n blk_execute_rq_nowait+0x16b/0x1c0 block/blk-exec.c:62\n sg_common_write.isra.18+0xeb3/0x2000 drivers/scsi/sg.c:836\n sg_new_write.isra.19+0x570/0x8c0 drivers/scsi/sg.c:774\n sg_ioctl_common+0x14d6/0x2710 drivers/scsi/sg.c:939\n sg_ioctl+0xa2/0x180 drivers/scsi/sg.c:1165\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:874 [inline]\n __se_sys_ioctl fs/ioctl.c:860 [inline]\n __x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:860\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3a/0x80 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47580",
"url": "https://www.suse.com/security/cve/CVE-2021-47580"
},
{
"category": "external",
"summary": "SUSE Bug 1226550 for CVE-2021-47580",
"url": "https://bugzilla.suse.com/1226550"
},
{
"category": "external",
"summary": "SUSE Bug 1227611 for CVE-2021-47580",
"url": "https://bugzilla.suse.com/1227611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47580"
},
{
"cve": "CVE-2021-47582",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47582"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Make do_proc_control() and do_proc_bulk() killable\n\nThe USBDEVFS_CONTROL and USBDEVFS_BULK ioctls invoke\nusb_start_wait_urb(), which contains an uninterruptible wait with a\nuser-specified timeout value. If timeout value is very large and the\ndevice being accessed does not respond in a reasonable amount of time,\nthe kernel will complain about \"Task X blocked for more than N\nseconds\", as found in testing by syzbot:\n\nINFO: task syz-executor.0:8700 blocked for more than 143 seconds.\n Not tainted 5.14.0-rc7-syzkaller #0\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:syz-executor.0 state:D stack:23192 pid: 8700 ppid: 8455 flags:0x00004004\nCall Trace:\n context_switch kernel/sched/core.c:4681 [inline]\n __schedule+0xc07/0x11f0 kernel/sched/core.c:5938\n schedule+0x14b/0x210 kernel/sched/core.c:6017\n schedule_timeout+0x98/0x2f0 kernel/time/timer.c:1857\n do_wait_for_common+0x2da/0x480 kernel/sched/completion.c:85\n __wait_for_common kernel/sched/completion.c:106 [inline]\n wait_for_common kernel/sched/completion.c:117 [inline]\n wait_for_completion_timeout+0x46/0x60 kernel/sched/completion.c:157\n usb_start_wait_urb+0x167/0x550 drivers/usb/core/message.c:63\n do_proc_bulk+0x978/0x1080 drivers/usb/core/devio.c:1236\n proc_bulk drivers/usb/core/devio.c:1273 [inline]\n usbdev_do_ioctl drivers/usb/core/devio.c:2547 [inline]\n usbdev_ioctl+0x3441/0x6b10 drivers/usb/core/devio.c:2713\n...\n\nTo fix this problem, this patch replaces usbfs\u0027s calls to\nusb_control_msg() and usb_bulk_msg() with special-purpose code that\ndoes essentially the same thing (as recommended in the comment for\nusb_start_wait_urb()), except that it always uses a killable wait and\nit uses GFP_KERNEL rather than GFP_NOIO.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47582",
"url": "https://www.suse.com/security/cve/CVE-2021-47582"
},
{
"category": "external",
"summary": "SUSE Bug 1226559 for CVE-2021-47582",
"url": "https://bugzilla.suse.com/1226559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47582"
},
{
"cve": "CVE-2021-47588",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47588"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsit: do not call ipip6_dev_free() from sit_init_net()\n\nipip6_dev_free is sit dev-\u003epriv_destructor, already called\nby register_netdevice() if something goes wrong.\n\nAlternative would be to make ipip6_dev_free() robust against\nmultiple invocations, but other drivers do not implement this\nstrategy.\n\nsyzbot reported:\n\ndst_release underflow\nWARNING: CPU: 0 PID: 5059 at net/core/dst.c:173 dst_release+0xd8/0xe0 net/core/dst.c:173\nModules linked in:\nCPU: 1 PID: 5059 Comm: syz-executor.4 Not tainted 5.16.0-rc5-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nRIP: 0010:dst_release+0xd8/0xe0 net/core/dst.c:173\nCode: 4c 89 f2 89 d9 31 c0 5b 41 5e 5d e9 da d5 44 f9 e8 1d 90 5f f9 c6 05 87 48 c6 05 01 48 c7 c7 80 44 99 8b 31 c0 e8 e8 67 29 f9 \u003c0f\u003e 0b eb 85 0f 1f 40 00 53 48 89 fb e8 f7 8f 5f f9 48 83 c3 a8 48\nRSP: 0018:ffffc9000aa5faa0 EFLAGS: 00010246\nRAX: d6894a925dd15a00 RBX: 00000000ffffffff RCX: 0000000000040000\nRDX: ffffc90005e19000 RSI: 000000000003ffff RDI: 0000000000040000\nRBP: 0000000000000000 R08: ffffffff816a1f42 R09: ffffed1017344f2c\nR10: ffffed1017344f2c R11: 0000000000000000 R12: 0000607f462b1358\nR13: 1ffffffff1bfd305 R14: ffffe8ffffcb1358 R15: dffffc0000000000\nFS: 00007f66c71a2700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f88aaed5058 CR3: 0000000023e0f000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n dst_cache_destroy+0x107/0x1e0 net/core/dst_cache.c:160\n ipip6_dev_free net/ipv6/sit.c:1414 [inline]\n sit_init_net+0x229/0x550 net/ipv6/sit.c:1936\n ops_init+0x313/0x430 net/core/net_namespace.c:140\n setup_net+0x35b/0x9d0 net/core/net_namespace.c:326\n copy_net_ns+0x359/0x5c0 net/core/net_namespace.c:470\n create_new_namespaces+0x4ce/0xa00 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0x11e/0x180 kernel/nsproxy.c:226\n ksys_unshare+0x57d/0xb50 kernel/fork.c:3075\n __do_sys_unshare kernel/fork.c:3146 [inline]\n __se_sys_unshare kernel/fork.c:3144 [inline]\n __x64_sys_unshare+0x34/0x40 kernel/fork.c:3144\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f66c882ce99\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f66c71a2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00007f66c893ff60 RCX: 00007f66c882ce99\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000048040200\nRBP: 00007f66c8886ff1 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fff6634832f R14: 00007f66c71a2300 R15: 0000000000022000\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47588",
"url": "https://www.suse.com/security/cve/CVE-2021-47588"
},
{
"category": "external",
"summary": "SUSE Bug 1226568 for CVE-2021-47588",
"url": "https://bugzilla.suse.com/1226568"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47588"
},
{
"cve": "CVE-2021-47597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47597"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ninet_diag: fix kernel-infoleak for UDP sockets\n\nKMSAN reported a kernel-infoleak [1], that can exploited\nby unpriv users.\n\nAfter analysis it turned out UDP was not initializing\nr-\u003eidiag_expires. Other users of inet_sk_diag_fill()\nmight make the same mistake in the future, so fix this\nin inet_sk_diag_fill().\n\n[1]\nBUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline]\nBUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:156 [inline]\nBUG: KMSAN: kernel-infoleak in _copy_to_iter+0x69d/0x25c0 lib/iov_iter.c:670\n instrument_copy_to_user include/linux/instrumented.h:121 [inline]\n copyout lib/iov_iter.c:156 [inline]\n _copy_to_iter+0x69d/0x25c0 lib/iov_iter.c:670\n copy_to_iter include/linux/uio.h:155 [inline]\n simple_copy_to_iter+0xf3/0x140 net/core/datagram.c:519\n __skb_datagram_iter+0x2cb/0x1280 net/core/datagram.c:425\n skb_copy_datagram_iter+0xdc/0x270 net/core/datagram.c:533\n skb_copy_datagram_msg include/linux/skbuff.h:3657 [inline]\n netlink_recvmsg+0x660/0x1c60 net/netlink/af_netlink.c:1974\n sock_recvmsg_nosec net/socket.c:944 [inline]\n sock_recvmsg net/socket.c:962 [inline]\n sock_read_iter+0x5a9/0x630 net/socket.c:1035\n call_read_iter include/linux/fs.h:2156 [inline]\n new_sync_read fs/read_write.c:400 [inline]\n vfs_read+0x1631/0x1980 fs/read_write.c:481\n ksys_read+0x28c/0x520 fs/read_write.c:619\n __do_sys_read fs/read_write.c:629 [inline]\n __se_sys_read fs/read_write.c:627 [inline]\n __x64_sys_read+0xdb/0x120 fs/read_write.c:627\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nUninit was created at:\n slab_post_alloc_hook mm/slab.h:524 [inline]\n slab_alloc_node mm/slub.c:3251 [inline]\n __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974\n kmalloc_reserve net/core/skbuff.c:354 [inline]\n __alloc_skb+0x545/0xf90 net/core/skbuff.c:426\n alloc_skb include/linux/skbuff.h:1126 [inline]\n netlink_dump+0x3d5/0x16a0 net/netlink/af_netlink.c:2245\n __netlink_dump_start+0xd1c/0xee0 net/netlink/af_netlink.c:2370\n netlink_dump_start include/linux/netlink.h:254 [inline]\n inet_diag_handler_cmd+0x2e7/0x400 net/ipv4/inet_diag.c:1343\n sock_diag_rcv_msg+0x24a/0x620\n netlink_rcv_skb+0x447/0x800 net/netlink/af_netlink.c:2491\n sock_diag_rcv+0x63/0x80 net/core/sock_diag.c:276\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x1095/0x1360 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x16f3/0x1870 net/netlink/af_netlink.c:1916\n sock_sendmsg_nosec net/socket.c:704 [inline]\n sock_sendmsg net/socket.c:724 [inline]\n sock_write_iter+0x594/0x690 net/socket.c:1057\n do_iter_readv_writev+0xa7f/0xc70\n do_iter_write+0x52c/0x1500 fs/read_write.c:851\n vfs_writev fs/read_write.c:924 [inline]\n do_writev+0x63f/0xe30 fs/read_write.c:967\n __do_sys_writev fs/read_write.c:1040 [inline]\n __se_sys_writev fs/read_write.c:1037 [inline]\n __x64_sys_writev+0xe5/0x120 fs/read_write.c:1037\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nBytes 68-71 of 312 are uninitialized\nMemory access of size 312 starts at ffff88812ab54000\nData copied to user address 0000000020001440\n\nCPU: 1 PID: 6365 Comm: syz-executor801 Not tainted 5.16.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47597",
"url": "https://www.suse.com/security/cve/CVE-2021-47597"
},
{
"category": "external",
"summary": "SUSE Bug 1226553 for CVE-2021-47597",
"url": "https://bugzilla.suse.com/1226553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "low"
}
],
"title": "CVE-2021-47597"
},
{
"cve": "CVE-2021-47599",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47599"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: use latest_dev in btrfs_show_devname\n\nThe test case btrfs/238 reports the warning below:\n\n WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs]\n CPU: 2 PID: 1 Comm: systemd Tainted: G W O 5.14.0-rc1-custom #72\n Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n Call trace:\n btrfs_show_devname+0x108/0x1b4 [btrfs]\n show_mountinfo+0x234/0x2c4\n m_show+0x28/0x34\n seq_read_iter+0x12c/0x3c4\n vfs_read+0x29c/0x2c8\n ksys_read+0x80/0xec\n __arm64_sys_read+0x28/0x34\n invoke_syscall+0x50/0xf8\n do_el0_svc+0x88/0x138\n el0_svc+0x2c/0x8c\n el0t_64_sync_handler+0x84/0xe4\n el0t_64_sync+0x198/0x19c\n\nReason:\nWhile btrfs_prepare_sprout() moves the fs_devices::devices into\nfs_devices::seed_list, the btrfs_show_devname() searches for the devices\nand found none, leading to the warning as in above.\n\nFix:\nlatest_dev is updated according to the changes to the device list.\nThat means we could use the latest_dev-\u003ename to show the device name in\n/proc/self/mounts, the pointer will be always valid as it\u0027s assigned\nbefore the device is deleted from the list in remove or replace.\nThe RCU protection is sufficient as the device structure is freed after\nsynchronization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47599",
"url": "https://www.suse.com/security/cve/CVE-2021-47599"
},
{
"category": "external",
"summary": "SUSE Bug 1226571 for CVE-2021-47599",
"url": "https://bugzilla.suse.com/1226571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47599"
},
{
"cve": "CVE-2021-47606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47606"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: netlink: af_netlink: Prevent empty skb by adding a check on len.\n\nAdding a check on len parameter to avoid empty skb. This prevents a\ndivision error in netem_enqueue function which is caused when skb-\u003elen=0\nand skb-\u003edata_len=0 in the randomized corruption step as shown below.\n\nskb-\u003edata[prandom_u32() % skb_headlen(skb)] ^= 1\u003c\u003c(prandom_u32() % 8);\n\nCrash Report:\n[ 343.170349] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family\n0 port 6081 - 0\n[ 343.216110] netem: version 1.3\n[ 343.235841] divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\n[ 343.236680] CPU: 3 PID: 4288 Comm: reproducer Not tainted 5.16.0-rc1+\n[ 343.237569] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS 1.11.0-2.el7 04/01/2014\n[ 343.238707] RIP: 0010:netem_enqueue+0x1590/0x33c0 [sch_netem]\n[ 343.239499] Code: 89 85 58 ff ff ff e8 5f 5d e9 d3 48 8b b5 48 ff ff\nff 8b 8d 50 ff ff ff 8b 85 58 ff ff ff 48 8b bd 70 ff ff ff 31 d2 2b 4f\n74 \u003cf7\u003e f1 48 b8 00 00 00 00 00 fc ff df 49 01 d5 4c 89 e9 48 c1 e9 03\n[ 343.241883] RSP: 0018:ffff88800bcd7368 EFLAGS: 00010246\n[ 343.242589] RAX: 00000000ba7c0a9c RBX: 0000000000000001 RCX:\n0000000000000000\n[ 343.243542] RDX: 0000000000000000 RSI: ffff88800f8edb10 RDI:\nffff88800f8eda40\n[ 343.244474] RBP: ffff88800bcd7458 R08: 0000000000000000 R09:\nffffffff94fb8445\n[ 343.245403] R10: ffffffff94fb8336 R11: ffffffff94fb8445 R12:\n0000000000000000\n[ 343.246355] R13: ffff88800a5a7000 R14: ffff88800a5b5800 R15:\n0000000000000020\n[ 343.247291] FS: 00007fdde2bd7700(0000) GS:ffff888109780000(0000)\nknlGS:0000000000000000\n[ 343.248350] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 343.249120] CR2: 00000000200000c0 CR3: 000000000ef4c000 CR4:\n00000000000006e0\n[ 343.250076] Call Trace:\n[ 343.250423] \u003cTASK\u003e\n[ 343.250713] ? memcpy+0x4d/0x60\n[ 343.251162] ? netem_init+0xa0/0xa0 [sch_netem]\n[ 343.251795] ? __sanitizer_cov_trace_pc+0x21/0x60\n[ 343.252443] netem_enqueue+0xe28/0x33c0 [sch_netem]\n[ 343.253102] ? stack_trace_save+0x87/0xb0\n[ 343.253655] ? filter_irq_stacks+0xb0/0xb0\n[ 343.254220] ? netem_init+0xa0/0xa0 [sch_netem]\n[ 343.254837] ? __kasan_check_write+0x14/0x20\n[ 343.255418] ? _raw_spin_lock+0x88/0xd6\n[ 343.255953] dev_qdisc_enqueue+0x50/0x180\n[ 343.256508] __dev_queue_xmit+0x1a7e/0x3090\n[ 343.257083] ? netdev_core_pick_tx+0x300/0x300\n[ 343.257690] ? check_kcov_mode+0x10/0x40\n[ 343.258219] ? _raw_spin_unlock_irqrestore+0x29/0x40\n[ 343.258899] ? __kasan_init_slab_obj+0x24/0x30\n[ 343.259529] ? setup_object.isra.71+0x23/0x90\n[ 343.260121] ? new_slab+0x26e/0x4b0\n[ 343.260609] ? kasan_poison+0x3a/0x50\n[ 343.261118] ? kasan_unpoison+0x28/0x50\n[ 343.261637] ? __kasan_slab_alloc+0x71/0x90\n[ 343.262214] ? memcpy+0x4d/0x60\n[ 343.262674] ? write_comp_data+0x2f/0x90\n[ 343.263209] ? __kasan_check_write+0x14/0x20\n[ 343.263802] ? __skb_clone+0x5d6/0x840\n[ 343.264329] ? __sanitizer_cov_trace_pc+0x21/0x60\n[ 343.264958] dev_queue_xmit+0x1c/0x20\n[ 343.265470] netlink_deliver_tap+0x652/0x9c0\n[ 343.266067] netlink_unicast+0x5a0/0x7f0\n[ 343.266608] ? netlink_attachskb+0x860/0x860\n[ 343.267183] ? __sanitizer_cov_trace_pc+0x21/0x60\n[ 343.267820] ? write_comp_data+0x2f/0x90\n[ 343.268367] netlink_sendmsg+0x922/0xe80\n[ 343.268899] ? netlink_unicast+0x7f0/0x7f0\n[ 343.269472] ? __sanitizer_cov_trace_pc+0x21/0x60\n[ 343.270099] ? write_comp_data+0x2f/0x90\n[ 343.270644] ? netlink_unicast+0x7f0/0x7f0\n[ 343.271210] sock_sendmsg+0x155/0x190\n[ 343.271721] ____sys_sendmsg+0x75f/0x8f0\n[ 343.272262] ? kernel_sendmsg+0x60/0x60\n[ 343.272788] ? write_comp_data+0x2f/0x90\n[ 343.273332] ? write_comp_data+0x2f/0x90\n[ 343.273869] ___sys_sendmsg+0x10f/0x190\n[ 343.274405] ? sendmsg_copy_msghdr+0x80/0x80\n[ 343.274984] ? slab_post_alloc_hook+0x70/0x230\n[ 343.275597] ? futex_wait_setup+0x240/0x240\n[ 343.276175] ? security_file_alloc+0x3e/0x170\n[ 343.276779] ? write_comp_d\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47606",
"url": "https://www.suse.com/security/cve/CVE-2021-47606"
},
{
"category": "external",
"summary": "SUSE Bug 1226555 for CVE-2021-47606",
"url": "https://bugzilla.suse.com/1226555"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47606"
},
{
"cve": "CVE-2021-47619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47619"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix queues reservation for XDP\n\nWhen XDP was configured on a system with large number of CPUs\nand X722 NIC there was a call trace with NULL pointer dereference.\n\ni40e 0000:87:00.0: failed to get tracking for 256 queues for VSI 0 err -12\ni40e 0000:87:00.0: setup of MAIN VSI failed\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nRIP: 0010:i40e_xdp+0xea/0x1b0 [i40e]\nCall Trace:\n? i40e_reconfig_rss_queues+0x130/0x130 [i40e]\ndev_xdp_install+0x61/0xe0\ndev_xdp_attach+0x18a/0x4c0\ndev_change_xdp_fd+0x1e6/0x220\ndo_setlink+0x616/0x1030\n? ahci_port_stop+0x80/0x80\n? ata_qc_issue+0x107/0x1e0\n? lock_timer_base+0x61/0x80\n? __mod_timer+0x202/0x380\nrtnl_setlink+0xe5/0x170\n? bpf_lsm_binder_transaction+0x10/0x10\n? security_capable+0x36/0x50\nrtnetlink_rcv_msg+0x121/0x350\n? rtnl_calcit.isra.0+0x100/0x100\nnetlink_rcv_skb+0x50/0xf0\nnetlink_unicast+0x1d3/0x2a0\nnetlink_sendmsg+0x22a/0x440\nsock_sendmsg+0x5e/0x60\n__sys_sendto+0xf0/0x160\n? __sys_getsockname+0x7e/0xc0\n? _copy_from_user+0x3c/0x80\n? __sys_setsockopt+0xc8/0x1a0\n__x64_sys_sendto+0x20/0x30\ndo_syscall_64+0x33/0x40\nentry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f83fa7a39e0\n\nThis was caused by PF queue pile fragmentation due to\nflow director VSI queue being placed right after main VSI.\nBecause of this main VSI was not able to resize its\nqueue allocation for XDP resulting in no queues allocated\nfor main VSI when XDP was turned on.\n\nFix this by always allocating last queue in PF queue pile\nfor a flow director VSI.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47619",
"url": "https://www.suse.com/security/cve/CVE-2021-47619"
},
{
"category": "external",
"summary": "SUSE Bug 1226645 for CVE-2021-47619",
"url": "https://bugzilla.suse.com/1226645"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2021-47619"
},
{
"cve": "CVE-2022-20368",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-20368"
}
],
"notes": [
{
"category": "general",
"text": "Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-20368",
"url": "https://www.suse.com/security/cve/CVE-2022-20368"
},
{
"category": "external",
"summary": "SUSE Bug 1202346 for CVE-2022-20368",
"url": "https://bugzilla.suse.com/1202346"
},
{
"category": "external",
"summary": "SUSE Bug 1212311 for CVE-2022-20368",
"url": "https://bugzilla.suse.com/1212311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2022-20368"
},
{
"cve": "CVE-2022-28748",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28748"
}
],
"notes": [
{
"category": "general",
"text": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2964. Reason: This candidate is a reservation duplicate of CVE-2022-2964. Notes: All CVE users should reference CVE-2022-2964 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28748",
"url": "https://www.suse.com/security/cve/CVE-2022-28748"
},
{
"category": "external",
"summary": "SUSE Bug 1196018 for CVE-2022-28748",
"url": "https://bugzilla.suse.com/1196018"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "low"
}
],
"title": "CVE-2022-28748"
},
{
"cve": "CVE-2022-2964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2964"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2964",
"url": "https://www.suse.com/security/cve/CVE-2022-2964"
},
{
"category": "external",
"summary": "SUSE Bug 1202686 for CVE-2022-2964",
"url": "https://bugzilla.suse.com/1202686"
},
{
"category": "external",
"summary": "SUSE Bug 1203008 for CVE-2022-2964",
"url": "https://bugzilla.suse.com/1203008"
},
{
"category": "external",
"summary": "SUSE Bug 1208044 for CVE-2022-2964",
"url": "https://bugzilla.suse.com/1208044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "important"
}
],
"title": "CVE-2022-2964"
},
{
"cve": "CVE-2022-48775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48775"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj\n\nkobject_init_and_add() takes reference even when it fails.\nAccording to the doc of kobject_init_and_add():\n\n If this function returns an error, kobject_put() must be called to\n properly clean up the memory associated with the object.\n\nFix memory leak by calling kobject_put().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48775",
"url": "https://www.suse.com/security/cve/CVE-2022-48775"
},
{
"category": "external",
"summary": "SUSE Bug 1227924 for CVE-2022-48775",
"url": "https://bugzilla.suse.com/1227924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "low"
}
],
"title": "CVE-2022-48775"
},
{
"cve": "CVE-2022-48792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48792"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task\n\nCurrently a use-after-free may occur if a sas_task is aborted by the upper\nlayer before we handle the I/O completion in mpi_ssp_completion() or\nmpi_sata_completion().\n\nIn this case, the following are the two steps in handling those I/O\ncompletions:\n\n - Call complete() to inform the upper layer handler of completion of\n the I/O.\n\n - Release driver resources associated with the sas_task in\n pm8001_ccb_task_free() call.\n\nWhen complete() is called, the upper layer may free the sas_task. As such,\nwe should not touch the associated sas_task afterwards, but we do so in the\npm8001_ccb_task_free() call.\n\nFix by swapping the complete() and pm8001_ccb_task_free() calls ordering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48792",
"url": "https://www.suse.com/security/cve/CVE-2022-48792"
},
{
"category": "external",
"summary": "SUSE Bug 1228013 for CVE-2022-48792",
"url": "https://bugzilla.suse.com/1228013"
},
{
"category": "external",
"summary": "SUSE Bug 1228017 for CVE-2022-48792",
"url": "https://bugzilla.suse.com/1228017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2022-48792"
},
{
"cve": "CVE-2022-48794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ieee802154: at86rf230: Stop leaking skb\u0027s\n\nUpon error the ieee802154_xmit_complete() helper is not called. Only\nieee802154_wake_queue() is called manually. In the Tx case we then leak\nthe skb structure.\n\nFree the skb structure upon error before returning when appropriate.\n\nAs the \u0027is_tx = 0\u0027 cannot be moved in the complete handler because of a\npossible race between the delay in switching to STATE_RX_AACK_ON and a\nnew interrupt, we introduce an intermediate \u0027was_tx\u0027 boolean just for\nthis purpose.\n\nThere is no Fixes tag applying here, many changes have been made on this\narea and the issue kind of always existed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48794",
"url": "https://www.suse.com/security/cve/CVE-2022-48794"
},
{
"category": "external",
"summary": "SUSE Bug 1228025 for CVE-2022-48794",
"url": "https://bugzilla.suse.com/1228025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "low"
}
],
"title": "CVE-2022-48794"
},
{
"cve": "CVE-2022-48804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48804"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt_ioctl: fix array_index_nospec in vt_setactivate\n\narray_index_nospec ensures that an out-of-bounds value is set to zero\non the transient path. Decreasing the value by one afterwards causes\na transient integer underflow. vsa.console should be decreased first\nand then sanitized with array_index_nospec.\n\nKasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU\nAmsterdam.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48804",
"url": "https://www.suse.com/security/cve/CVE-2022-48804"
},
{
"category": "external",
"summary": "SUSE Bug 1227968 for CVE-2022-48804",
"url": "https://bugzilla.suse.com/1227968"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2022-48804"
},
{
"cve": "CVE-2022-48805",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48805"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup\n\nax88179_rx_fixup() contains several out-of-bounds accesses that can be\ntriggered by a malicious (or defective) USB device, in particular:\n\n - The metadata array (hdr_off..hdr_off+2*pkt_cnt) can be out of bounds,\n causing OOB reads and (on big-endian systems) OOB endianness flips.\n - A packet can overlap the metadata array, causing a later OOB\n endianness flip to corrupt data used by a cloned SKB that has already\n been handed off into the network stack.\n - A packet SKB can be constructed whose tail is far beyond its end,\n causing out-of-bounds heap data to be considered part of the SKB\u0027s\n data.\n\nI have tested that this can be used by a malicious USB device to send a\nbogus ICMPv6 Echo Request and receive an ICMPv6 Echo Reply in response\nthat contains random kernel heap data.\nIt\u0027s probably also possible to get OOB writes from this on a\nlittle-endian system somehow - maybe by triggering skb_cow() via IP\noptions processing -, but I haven\u0027t tested that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48805",
"url": "https://www.suse.com/security/cve/CVE-2022-48805"
},
{
"category": "external",
"summary": "SUSE Bug 1227969 for CVE-2022-48805",
"url": "https://bugzilla.suse.com/1227969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2022-48805"
},
{
"cve": "CVE-2022-48810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path\n\nip[6]mr_free_table() can only be called under RTNL lock.\n\nRTNL: assertion failed at net/core/dev.c (10367)\nWARNING: CPU: 1 PID: 5890 at net/core/dev.c:10367 unregister_netdevice_many+0x1246/0x1850 net/core/dev.c:10367\nModules linked in:\nCPU: 1 PID: 5890 Comm: syz-executor.2 Not tainted 5.16.0-syzkaller-11627-g422ee58dc0ef #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nRIP: 0010:unregister_netdevice_many+0x1246/0x1850 net/core/dev.c:10367\nCode: 0f 85 9b ee ff ff e8 69 07 4b fa ba 7f 28 00 00 48 c7 c6 00 90 ae 8a 48 c7 c7 40 90 ae 8a c6 05 6d b1 51 06 01 e8 8c 90 d8 01 \u003c0f\u003e 0b e9 70 ee ff ff e8 3e 07 4b fa 4c 89 e7 e8 86 2a 59 fa e9 ee\nRSP: 0018:ffffc900046ff6e0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\nRDX: ffff888050f51d00 RSI: ffffffff815fa008 RDI: fffff520008dfece\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffffffff815f3d6e R11: 0000000000000000 R12: 00000000fffffff4\nR13: dffffc0000000000 R14: ffffc900046ff750 R15: ffff88807b7dc000\nFS: 00007f4ab736e700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fee0b4f8990 CR3: 000000001e7d2000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n mroute_clean_tables+0x244/0xb40 net/ipv6/ip6mr.c:1509\n ip6mr_free_table net/ipv6/ip6mr.c:389 [inline]\n ip6mr_rules_init net/ipv6/ip6mr.c:246 [inline]\n ip6mr_net_init net/ipv6/ip6mr.c:1306 [inline]\n ip6mr_net_init+0x3f0/0x4e0 net/ipv6/ip6mr.c:1298\n ops_init+0xaf/0x470 net/core/net_namespace.c:140\n setup_net+0x54f/0xbb0 net/core/net_namespace.c:331\n copy_net_ns+0x318/0x760 net/core/net_namespace.c:475\n create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110\n copy_namespaces+0x391/0x450 kernel/nsproxy.c:178\n copy_process+0x2e0c/0x7300 kernel/fork.c:2167\n kernel_clone+0xe7/0xab0 kernel/fork.c:2555\n __do_sys_clone+0xc8/0x110 kernel/fork.c:2672\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f4ab89f9059\nCode: Unable to access opcode bytes at RIP 0x7f4ab89f902f.\nRSP: 002b:00007f4ab736e118 EFLAGS: 00000206 ORIG_RAX: 0000000000000038\nRAX: ffffffffffffffda RBX: 00007f4ab8b0bf60 RCX: 00007f4ab89f9059\nRDX: 0000000020000280 RSI: 0000000020000270 RDI: 0000000040200000\nRBP: 00007f4ab8a5308d R08: 0000000020000300 R09: 0000000020000300\nR10: 00000000200002c0 R11: 0000000000000206 R12: 0000000000000000\nR13: 00007ffc3977cc1f R14: 00007f4ab736e300 R15: 0000000000022000\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48810",
"url": "https://www.suse.com/security/cve/CVE-2022-48810"
},
{
"category": "external",
"summary": "SUSE Bug 1227936 for CVE-2022-48810",
"url": "https://bugzilla.suse.com/1227936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2022-48810"
},
{
"cve": "CVE-2022-48811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48811"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: don\u0027t release napi in __ibmvnic_open()\n\nIf __ibmvnic_open() encounters an error such as when setting link state,\nit calls release_resources() which frees the napi structures needlessly.\nInstead, have __ibmvnic_open() only clean up the work it did so far (i.e.\ndisable napi and irqs) and leave the rest to the callers.\n\nIf caller of __ibmvnic_open() is ibmvnic_open(), it should release the\nresources immediately. If the caller is do_reset() or do_hard_reset(),\nthey will release the resources on the next reset.\n\nThis fixes following crash that occurred when running the drmgr command\nseveral times to add/remove a vnic interface:\n\n\t[102056] ibmvnic 30000003 env3: Disabling rx_scrq[6] irq\n\t[102056] ibmvnic 30000003 env3: Disabling rx_scrq[7] irq\n\t[102056] ibmvnic 30000003 env3: Replenished 8 pools\n\tKernel attempted to read user page (10) - exploit attempt? (uid: 0)\n\tBUG: Kernel NULL pointer dereference on read at 0x00000010\n\tFaulting instruction address: 0xc000000000a3c840\n\tOops: Kernel access of bad area, sig: 11 [#1]\n\tLE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n\t...\n\tCPU: 9 PID: 102056 Comm: kworker/9:2 Kdump: loaded Not tainted 5.16.0-rc5-autotest-g6441998e2e37 #1\n\tWorkqueue: events_long __ibmvnic_reset [ibmvnic]\n\tNIP: c000000000a3c840 LR: c0080000029b5378 CTR: c000000000a3c820\n\tREGS: c0000000548e37e0 TRAP: 0300 Not tainted (5.16.0-rc5-autotest-g6441998e2e37)\n\tMSR: 8000000000009033 \u003cSF,EE,ME,IR,DR,RI,LE\u003e CR: 28248484 XER: 00000004\n\tCFAR: c0080000029bdd24 DAR: 0000000000000010 DSISR: 40000000 IRQMASK: 0\n\tGPR00: c0080000029b55d0 c0000000548e3a80 c0000000028f0200 0000000000000000\n\t...\n\tNIP [c000000000a3c840] napi_enable+0x20/0xc0\n\tLR [c0080000029b5378] __ibmvnic_open+0xf0/0x430 [ibmvnic]\n\tCall Trace:\n\t[c0000000548e3a80] [0000000000000006] 0x6 (unreliable)\n\t[c0000000548e3ab0] [c0080000029b55d0] __ibmvnic_open+0x348/0x430 [ibmvnic]\n\t[c0000000548e3b40] [c0080000029bcc28] __ibmvnic_reset+0x500/0xdf0 [ibmvnic]\n\t[c0000000548e3c60] [c000000000176228] process_one_work+0x288/0x570\n\t[c0000000548e3d00] [c000000000176588] worker_thread+0x78/0x660\n\t[c0000000548e3da0] [c0000000001822f0] kthread+0x1c0/0x1d0\n\t[c0000000548e3e10] [c00000000000cf64] ret_from_kernel_thread+0x5c/0x64\n\tInstruction dump:\n\t7d2948f8 792307e0 4e800020 60000000 3c4c01eb 384239e0 f821ffd1 39430010\n\t38a0fff6 e92d1100 f9210028 39200000 \u003ce9030010\u003e f9010020 60420000 e9210020\n\t---[ end trace 5f8033b08fd27706 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48811",
"url": "https://www.suse.com/security/cve/CVE-2022-48811"
},
{
"category": "external",
"summary": "SUSE Bug 1227928 for CVE-2022-48811",
"url": "https://bugzilla.suse.com/1227928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2022-48811"
},
{
"cve": "CVE-2022-48823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Fix refcount issue when LOGO is received during TMF\n\nHung task call trace was seen during LOGO processing.\n\n[ 974.309060] [0000:00:00.0]:[qedf_eh_device_reset:868]: 1:0:2:0: LUN RESET Issued...\n[ 974.309065] [0000:00:00.0]:[qedf_initiate_tmf:2422]: tm_flags 0x10 sc_cmd 00000000c16b930f op = 0x2a target_id = 0x2 lun=0\n[ 974.309178] [0000:00:00.0]:[qedf_initiate_tmf:2431]: portid=016900 tm_flags =LUN RESET\n[ 974.309222] [0000:00:00.0]:[qedf_initiate_tmf:2438]: orig io_req = 00000000ec78df8f xid = 0x180 ref_cnt = 1.\n[ 974.309625] host1: rport 016900: Received LOGO request while in state Ready\n[ 974.309627] host1: rport 016900: Delete port\n[ 974.309642] host1: rport 016900: work event 3\n[ 974.309644] host1: rport 016900: lld callback ev 3\n[ 974.313243] [0000:61:00.2]:[qedf_execute_tmf:2383]:1: fcport is uploading, not executing flush.\n[ 974.313295] [0000:61:00.2]:[qedf_execute_tmf:2400]:1: task mgmt command success...\n[ 984.031088] INFO: task jbd2/dm-15-8:7645 blocked for more than 120 seconds.\n[ 984.031136] Not tainted 4.18.0-305.el8.x86_64 #1\n\n[ 984.031166] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 984.031209] jbd2/dm-15-8 D 0 7645 2 0x80004080\n[ 984.031212] Call Trace:\n[ 984.031222] __schedule+0x2c4/0x700\n[ 984.031230] ? unfreeze_partials.isra.83+0x16e/0x1a0\n[ 984.031233] ? bit_wait_timeout+0x90/0x90\n[ 984.031235] schedule+0x38/0xa0\n[ 984.031238] io_schedule+0x12/0x40\n[ 984.031240] bit_wait_io+0xd/0x50\n[ 984.031243] __wait_on_bit+0x6c/0x80\n[ 984.031248] ? free_buffer_head+0x21/0x50\n[ 984.031251] out_of_line_wait_on_bit+0x91/0xb0\n[ 984.031257] ? init_wait_var_entry+0x50/0x50\n[ 984.031268] jbd2_journal_commit_transaction+0x112e/0x19f0 [jbd2]\n[ 984.031280] kjournald2+0xbd/0x270 [jbd2]\n[ 984.031284] ? finish_wait+0x80/0x80\n[ 984.031291] ? commit_timeout+0x10/0x10 [jbd2]\n[ 984.031294] kthread+0x116/0x130\n[ 984.031300] ? kthread_flush_work_fn+0x10/0x10\n[ 984.031305] ret_from_fork+0x1f/0x40\n\nThere was a ref count issue when LOGO is received during TMF. This leads to\none of the I/Os hanging with the driver. Fix the ref count.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48823",
"url": "https://www.suse.com/security/cve/CVE-2022-48823"
},
{
"category": "external",
"summary": "SUSE Bug 1228045 for CVE-2022-48823",
"url": "https://bugzilla.suse.com/1228045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "low"
}
],
"title": "CVE-2022-48823"
},
{
"cve": "CVE-2022-48826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: Fix deadlock on DSI device attach error\n\nDSI device attach to DSI host will be done with host device\u0027s lock\nheld.\n\nUn-registering host in \"device attach\" error path (ex: probe retry)\nwill result in deadlock with below call trace and non operational\nDSI display.\n\nStartup Call trace:\n[ 35.043036] rt_mutex_slowlock.constprop.21+0x184/0x1b8\n[ 35.043048] mutex_lock_nested+0x7c/0xc8\n[ 35.043060] device_del+0x4c/0x3e8\n[ 35.043075] device_unregister+0x20/0x40\n[ 35.043082] mipi_dsi_remove_device_fn+0x18/0x28\n[ 35.043093] device_for_each_child+0x68/0xb0\n[ 35.043105] mipi_dsi_host_unregister+0x40/0x90\n[ 35.043115] vc4_dsi_host_attach+0xf0/0x120 [vc4]\n[ 35.043199] mipi_dsi_attach+0x30/0x48\n[ 35.043209] tc358762_probe+0x128/0x164 [tc358762]\n[ 35.043225] mipi_dsi_drv_probe+0x28/0x38\n[ 35.043234] really_probe+0xc0/0x318\n[ 35.043244] __driver_probe_device+0x80/0xe8\n[ 35.043254] driver_probe_device+0xb8/0x118\n[ 35.043263] __device_attach_driver+0x98/0xe8\n[ 35.043273] bus_for_each_drv+0x84/0xd8\n[ 35.043281] __device_attach+0xf0/0x150\n[ 35.043290] device_initial_probe+0x1c/0x28\n[ 35.043300] bus_probe_device+0xa4/0xb0\n[ 35.043308] deferred_probe_work_func+0xa0/0xe0\n[ 35.043318] process_one_work+0x254/0x700\n[ 35.043330] worker_thread+0x4c/0x448\n[ 35.043339] kthread+0x19c/0x1a8\n[ 35.043348] ret_from_fork+0x10/0x20\n\nShutdown Call trace:\n[ 365.565417] Call trace:\n[ 365.565423] __switch_to+0x148/0x200\n[ 365.565452] __schedule+0x340/0x9c8\n[ 365.565467] schedule+0x48/0x110\n[ 365.565479] schedule_timeout+0x3b0/0x448\n[ 365.565496] wait_for_completion+0xac/0x138\n[ 365.565509] __flush_work+0x218/0x4e0\n[ 365.565523] flush_work+0x1c/0x28\n[ 365.565536] wait_for_device_probe+0x68/0x158\n[ 365.565550] device_shutdown+0x24/0x348\n[ 365.565561] kernel_restart_prepare+0x40/0x50\n[ 365.565578] kernel_restart+0x20/0x70\n[ 365.565591] __do_sys_reboot+0x10c/0x220\n[ 365.565605] __arm64_sys_reboot+0x2c/0x38\n[ 365.565619] invoke_syscall+0x4c/0x110\n[ 365.565634] el0_svc_common.constprop.3+0xfc/0x120\n[ 365.565648] do_el0_svc+0x2c/0x90\n[ 365.565661] el0_svc+0x4c/0xf0\n[ 365.565671] el0t_64_sync_handler+0x90/0xb8\n[ 365.565682] el0t_64_sync+0x180/0x184",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48826",
"url": "https://www.suse.com/security/cve/CVE-2022-48826"
},
{
"category": "external",
"summary": "SUSE Bug 1227975 for CVE-2022-48826",
"url": "https://bugzilla.suse.com/1227975"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2022-48826"
},
{
"cve": "CVE-2022-48827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48827"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix the behavior of READ near OFFSET_MAX\n\nDan Aloni reports:\n\u003e Due to commit 8cfb9015280d (\"NFS: Always provide aligned buffers to\n\u003e the RPC read layers\") on the client, a read of 0xfff is aligned up\n\u003e to server rsize of 0x1000.\n\u003e\n\u003e As a result, in a test where the server has a file of size\n\u003e 0x7fffffffffffffff, and the client tries to read from the offset\n\u003e 0x7ffffffffffff000, the read causes loff_t overflow in the server\n\u003e and it returns an NFS code of EINVAL to the client. The client as\n\u003e a result indefinitely retries the request.\n\nThe Linux NFS client does not handle NFS?ERR_INVAL, even though all\nNFS specifications permit servers to return that status code for a\nREAD.\n\nInstead of NFS?ERR_INVAL, have out-of-range READ requests succeed\nand return a short result. Set the EOF flag in the result to prevent\nthe client from retrying the READ request. This behavior appears to\nbe consistent with Solaris NFS servers.\n\nNote that NFSv3 and NFSv4 use u64 offset values on the wire. These\nmust be converted to loff_t internally before use -- an implicit\ntype cast is not adequate for this purpose. Otherwise VFS checks\nagainst sb-\u003es_maxbytes do not work properly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48827",
"url": "https://www.suse.com/security/cve/CVE-2022-48827"
},
{
"category": "external",
"summary": "SUSE Bug 1228037 for CVE-2022-48827",
"url": "https://bugzilla.suse.com/1228037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2022-48827"
},
{
"cve": "CVE-2022-48828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix ia_size underflow\n\niattr::ia_size is a loff_t, which is a signed 64-bit type. NFSv3 and\nNFSv4 both define file size as an unsigned 64-bit type. Thus there\nis a range of valid file size values an NFS client can send that is\nalready larger than Linux can handle.\n\nCurrently decode_fattr4() dumps a full u64 value into ia_size. If\nthat value happens to be larger than S64_MAX, then ia_size\nunderflows. I\u0027m about to fix up the NFSv3 behavior as well, so let\u0027s\ncatch the underflow in the common code path: nfsd_setattr().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48828",
"url": "https://www.suse.com/security/cve/CVE-2022-48828"
},
{
"category": "external",
"summary": "SUSE Bug 1228054 for CVE-2022-48828",
"url": "https://bugzilla.suse.com/1228054"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2022-48828"
},
{
"cve": "CVE-2022-48829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48829"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix NFSv3 SETATTR/CREATE\u0027s handling of large file sizes\n\niattr::ia_size is a loff_t, so these NFSv3 procedures must be\ncareful to deal with incoming client size values that are larger\nthan s64_max without corrupting the value.\n\nSilently capping the value results in storing a different value\nthan the client passed in which is unexpected behavior, so remove\nthe min_t() check in decode_sattr3().\n\nNote that RFC 1813 permits only the WRITE procedure to return\nNFS3ERR_FBIG. We believe that NFSv3 reference implementations\nalso return NFS3ERR_FBIG when ia_size is too large.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48829",
"url": "https://www.suse.com/security/cve/CVE-2022-48829"
},
{
"category": "external",
"summary": "SUSE Bug 1228055 for CVE-2022-48829",
"url": "https://bugzilla.suse.com/1228055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2022-48829"
},
{
"cve": "CVE-2022-48836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48836"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: aiptek - properly check endpoint type\n\nSyzbot reported warning in usb_submit_urb() which is caused by wrong\nendpoint type. There was a check for the number of endpoints, but not\nfor the type of endpoint.\n\nFix it by replacing old desc.bNumEndpoints check with\nusb_find_common_endpoints() helper for finding endpoints\n\nFail log:\n\nusb 5-1: BOGUS urb xfer, pipe 1 != type 3\nWARNING: CPU: 2 PID: 48 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\nModules linked in:\nCPU: 2 PID: 48 Comm: kworker/2:2 Not tainted 5.17.0-rc6-syzkaller-00226-g07ebd38a0da2 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nWorkqueue: usb_hub_wq hub_event\n...\nCall Trace:\n \u003cTASK\u003e\n aiptek_open+0xd5/0x130 drivers/input/tablet/aiptek.c:830\n input_open_device+0x1bb/0x320 drivers/input/input.c:629\n kbd_connect+0xfe/0x160 drivers/tty/vt/keyboard.c:1593",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48836",
"url": "https://www.suse.com/security/cve/CVE-2022-48836"
},
{
"category": "external",
"summary": "SUSE Bug 1227989 for CVE-2022-48836",
"url": "https://bugzilla.suse.com/1227989"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2022-48836"
},
{
"cve": "CVE-2022-48839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48839"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/packet: fix slab-out-of-bounds access in packet_recvmsg()\n\nsyzbot found that when an AF_PACKET socket is using PACKET_COPY_THRESH\nand mmap operations, tpacket_rcv() is queueing skbs with\ngarbage in skb-\u003ecb[], triggering a too big copy [1]\n\nPresumably, users of af_packet using mmap() already gets correct\nmetadata from the mapped buffer, we can simply make sure\nto clear 12 bytes that might be copied to user space later.\n\nBUG: KASAN: stack-out-of-bounds in memcpy include/linux/fortify-string.h:225 [inline]\nBUG: KASAN: stack-out-of-bounds in packet_recvmsg+0x56c/0x1150 net/packet/af_packet.c:3489\nWrite of size 165 at addr ffffc9000385fb78 by task syz-executor233/3631\n\nCPU: 0 PID: 3631 Comm: syz-executor233 Not tainted 5.17.0-rc7-syzkaller-02396-g0b3660695e80 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0xf/0x336 mm/kasan/report.c:255\n __kasan_report mm/kasan/report.c:442 [inline]\n kasan_report.cold+0x83/0xdf mm/kasan/report.c:459\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189\n memcpy+0x39/0x60 mm/kasan/shadow.c:66\n memcpy include/linux/fortify-string.h:225 [inline]\n packet_recvmsg+0x56c/0x1150 net/packet/af_packet.c:3489\n sock_recvmsg_nosec net/socket.c:948 [inline]\n sock_recvmsg net/socket.c:966 [inline]\n sock_recvmsg net/socket.c:962 [inline]\n ____sys_recvmsg+0x2c4/0x600 net/socket.c:2632\n ___sys_recvmsg+0x127/0x200 net/socket.c:2674\n __sys_recvmsg+0xe2/0x1a0 net/socket.c:2704\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7fdfd5954c29\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffcf8e71e48 EFLAGS: 00000246 ORIG_RAX: 000000000000002f\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fdfd5954c29\nRDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000005\nRBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf8e71e60\nR13: 00000000000f4240 R14: 000000000000c1ff R15: 00007ffcf8e71e54\n \u003c/TASK\u003e\n\naddr ffffc9000385fb78 is located in stack of task syz-executor233/3631 at offset 32 in frame:\n ____sys_recvmsg+0x0/0x600 include/linux/uio.h:246\n\nthis frame has 1 object:\n [32, 160) \u0027addr\u0027\n\nMemory state around the buggy address:\n ffffc9000385fa80: 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00\n ffffc9000385fb00: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00\n\u003effffc9000385fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f3\n ^\n ffffc9000385fc00: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1\n ffffc9000385fc80: f1 f1 f1 00 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00\n==================================================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48839",
"url": "https://www.suse.com/security/cve/CVE-2022-48839"
},
{
"category": "external",
"summary": "SUSE Bug 1227985 for CVE-2022-48839",
"url": "https://bugzilla.suse.com/1227985"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2022-48839"
},
{
"cve": "CVE-2022-48850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet-sysfs: add check for netdevice being present to speed_show\n\nWhen bringing down the netdevice or system shutdown, a panic can be\ntriggered while accessing the sysfs path because the device is already\nremoved.\n\n [ 755.549084] mlx5_core 0000:12:00.1: Shutdown was called\n [ 756.404455] mlx5_core 0000:12:00.0: Shutdown was called\n ...\n [ 757.937260] BUG: unable to handle kernel NULL pointer dereference at (null)\n [ 758.031397] IP: [\u003cffffffff8ee11acb\u003e] dma_pool_alloc+0x1ab/0x280\n\n crash\u003e bt\n ...\n PID: 12649 TASK: ffff8924108f2100 CPU: 1 COMMAND: \"amsd\"\n ...\n #9 [ffff89240e1a38b0] page_fault at ffffffff8f38c778\n [exception RIP: dma_pool_alloc+0x1ab]\n RIP: ffffffff8ee11acb RSP: ffff89240e1a3968 RFLAGS: 00010046\n RAX: 0000000000000246 RBX: ffff89243d874100 RCX: 0000000000001000\n RDX: 0000000000000000 RSI: 0000000000000246 RDI: ffff89243d874090\n RBP: ffff89240e1a39c0 R8: 000000000001f080 R9: ffff8905ffc03c00\n R10: ffffffffc04680d4 R11: ffffffff8edde9fd R12: 00000000000080d0\n R13: ffff89243d874090 R14: ffff89243d874080 R15: 0000000000000000\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n #10 [ffff89240e1a39c8] mlx5_alloc_cmd_msg at ffffffffc04680f3 [mlx5_core]\n #11 [ffff89240e1a3a18] cmd_exec at ffffffffc046ad62 [mlx5_core]\n #12 [ffff89240e1a3ab8] mlx5_cmd_exec at ffffffffc046b4fb [mlx5_core]\n #13 [ffff89240e1a3ae8] mlx5_core_access_reg at ffffffffc0475434 [mlx5_core]\n #14 [ffff89240e1a3b40] mlx5e_get_fec_caps at ffffffffc04a7348 [mlx5_core]\n #15 [ffff89240e1a3bb0] get_fec_supported_advertised at ffffffffc04992bf [mlx5_core]\n #16 [ffff89240e1a3c08] mlx5e_get_link_ksettings at ffffffffc049ab36 [mlx5_core]\n #17 [ffff89240e1a3ce8] __ethtool_get_link_ksettings at ffffffff8f25db46\n #18 [ffff89240e1a3d48] speed_show at ffffffff8f277208\n #19 [ffff89240e1a3dd8] dev_attr_show at ffffffff8f0b70e3\n #20 [ffff89240e1a3df8] sysfs_kf_seq_show at ffffffff8eedbedf\n #21 [ffff89240e1a3e18] kernfs_seq_show at ffffffff8eeda596\n #22 [ffff89240e1a3e28] seq_read at ffffffff8ee76d10\n #23 [ffff89240e1a3e98] kernfs_fop_read at ffffffff8eedaef5\n #24 [ffff89240e1a3ed8] vfs_read at ffffffff8ee4e3ff\n #25 [ffff89240e1a3f08] sys_read at ffffffff8ee4f27f\n #26 [ffff89240e1a3f50] system_call_fastpath at ffffffff8f395f92\n\n crash\u003e net_device.state ffff89443b0c0000\n state = 0x5 (__LINK_STATE_START| __LINK_STATE_NOCARRIER)\n\nTo prevent this scenario, we also make sure that the netdevice is present.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48850",
"url": "https://www.suse.com/security/cve/CVE-2022-48850"
},
{
"category": "external",
"summary": "SUSE Bug 1228071 for CVE-2022-48850",
"url": "https://bugzilla.suse.com/1228071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2022-48850"
},
{
"cve": "CVE-2022-48855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: fix kernel-infoleak for SCTP sockets\n\nsyzbot reported a kernel infoleak [1] of 4 bytes.\n\nAfter analysis, it turned out r-\u003eidiag_expires is not initialized\nif inet_sctp_diag_fill() calls inet_diag_msg_common_fill()\n\nMake sure to clear idiag_timer/idiag_retrans/idiag_expires\nand let inet_diag_msg_sctpasoc_fill() fill them again if needed.\n\n[1]\n\nBUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline]\nBUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:154 [inline]\nBUG: KMSAN: kernel-infoleak in _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668\n instrument_copy_to_user include/linux/instrumented.h:121 [inline]\n copyout lib/iov_iter.c:154 [inline]\n _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668\n copy_to_iter include/linux/uio.h:162 [inline]\n simple_copy_to_iter+0xf3/0x140 net/core/datagram.c:519\n __skb_datagram_iter+0x2d5/0x11b0 net/core/datagram.c:425\n skb_copy_datagram_iter+0xdc/0x270 net/core/datagram.c:533\n skb_copy_datagram_msg include/linux/skbuff.h:3696 [inline]\n netlink_recvmsg+0x669/0x1c80 net/netlink/af_netlink.c:1977\n sock_recvmsg_nosec net/socket.c:948 [inline]\n sock_recvmsg net/socket.c:966 [inline]\n __sys_recvfrom+0x795/0xa10 net/socket.c:2097\n __do_sys_recvfrom net/socket.c:2115 [inline]\n __se_sys_recvfrom net/socket.c:2111 [inline]\n __x64_sys_recvfrom+0x19d/0x210 net/socket.c:2111\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nUninit was created at:\n slab_post_alloc_hook mm/slab.h:737 [inline]\n slab_alloc_node mm/slub.c:3247 [inline]\n __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4975\n kmalloc_reserve net/core/skbuff.c:354 [inline]\n __alloc_skb+0x545/0xf90 net/core/skbuff.c:426\n alloc_skb include/linux/skbuff.h:1158 [inline]\n netlink_dump+0x3e5/0x16c0 net/netlink/af_netlink.c:2248\n __netlink_dump_start+0xcf8/0xe90 net/netlink/af_netlink.c:2373\n netlink_dump_start include/linux/netlink.h:254 [inline]\n inet_diag_handler_cmd+0x2e7/0x400 net/ipv4/inet_diag.c:1341\n sock_diag_rcv_msg+0x24a/0x620\n netlink_rcv_skb+0x40c/0x7e0 net/netlink/af_netlink.c:2494\n sock_diag_rcv+0x63/0x80 net/core/sock_diag.c:277\n netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]\n netlink_unicast+0x1093/0x1360 net/netlink/af_netlink.c:1343\n netlink_sendmsg+0x14d9/0x1720 net/netlink/af_netlink.c:1919\n sock_sendmsg_nosec net/socket.c:705 [inline]\n sock_sendmsg net/socket.c:725 [inline]\n sock_write_iter+0x594/0x690 net/socket.c:1061\n do_iter_readv_writev+0xa7f/0xc70\n do_iter_write+0x52c/0x1500 fs/read_write.c:851\n vfs_writev fs/read_write.c:924 [inline]\n do_writev+0x645/0xe00 fs/read_write.c:967\n __do_sys_writev fs/read_write.c:1040 [inline]\n __se_sys_writev fs/read_write.c:1037 [inline]\n __x64_sys_writev+0xe5/0x120 fs/read_write.c:1037\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nBytes 68-71 of 2508 are uninitialized\nMemory access of size 2508 starts at ffff888114f9b000\nData copied to user address 00007f7fe09ff2e0\n\nCPU: 1 PID: 3478 Comm: syz-executor306 Not tainted 5.17.0-rc4-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48855",
"url": "https://www.suse.com/security/cve/CVE-2022-48855"
},
{
"category": "external",
"summary": "SUSE Bug 1228003 for CVE-2022-48855",
"url": "https://bugzilla.suse.com/1228003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2022-48855"
},
{
"cve": "CVE-2022-48857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48857"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: port100: fix use-after-free in port100_send_complete\n\nSyzbot reported UAF in port100_send_complete(). The root case is in\nmissing usb_kill_urb() calls on error handling path of -\u003eprobe function.\n\nport100_send_complete() accesses devm allocated memory which will be\nfreed on probe failure. We should kill this urbs before returning an\nerror from probe function to prevent reported use-after-free\n\nFail log:\n\nBUG: KASAN: use-after-free in port100_send_complete+0x16e/0x1a0 drivers/nfc/port100.c:935\nRead of size 1 at addr ffff88801bb59540 by task ksoftirqd/2/26\n...\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0x8d/0x303 mm/kasan/report.c:255\n __kasan_report mm/kasan/report.c:442 [inline]\n kasan_report.cold+0x83/0xdf mm/kasan/report.c:459\n port100_send_complete+0x16e/0x1a0 drivers/nfc/port100.c:935\n __usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1670\n\n...\n\nAllocated by task 1255:\n kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38\n kasan_set_track mm/kasan/common.c:45 [inline]\n set_alloc_info mm/kasan/common.c:436 [inline]\n ____kasan_kmalloc mm/kasan/common.c:515 [inline]\n ____kasan_kmalloc mm/kasan/common.c:474 [inline]\n __kasan_kmalloc+0xa6/0xd0 mm/kasan/common.c:524\n alloc_dr drivers/base/devres.c:116 [inline]\n devm_kmalloc+0x96/0x1d0 drivers/base/devres.c:823\n devm_kzalloc include/linux/device.h:209 [inline]\n port100_probe+0x8a/0x1320 drivers/nfc/port100.c:1502\n\nFreed by task 1255:\n kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38\n kasan_set_track+0x21/0x30 mm/kasan/common.c:45\n kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370\n ____kasan_slab_free mm/kasan/common.c:366 [inline]\n ____kasan_slab_free+0xff/0x140 mm/kasan/common.c:328\n kasan_slab_free include/linux/kasan.h:236 [inline]\n __cache_free mm/slab.c:3437 [inline]\n kfree+0xf8/0x2b0 mm/slab.c:3794\n release_nodes+0x112/0x1a0 drivers/base/devres.c:501\n devres_release_all+0x114/0x190 drivers/base/devres.c:530\n really_probe+0x626/0xcc0 drivers/base/dd.c:670",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48857",
"url": "https://www.suse.com/security/cve/CVE-2022-48857"
},
{
"category": "external",
"summary": "SUSE Bug 1228005 for CVE-2022-48857",
"url": "https://bugzilla.suse.com/1228005"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2022-48857"
},
{
"cve": "CVE-2022-48860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48860"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nethernet: Fix error handling in xemaclite_of_probe\n\nThis node pointer is returned by of_parse_phandle() with refcount\nincremented in this function. Calling of_node_put() to avoid the\nrefcount leak. As the remove function do.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48860",
"url": "https://www.suse.com/security/cve/CVE-2022-48860"
},
{
"category": "external",
"summary": "SUSE Bug 1228008 for CVE-2022-48860",
"url": "https://bugzilla.suse.com/1228008"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2022-48860"
},
{
"cve": "CVE-2022-48863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: Fix memory leak in dsp_pipeline_build()\n\ndsp_pipeline_build() allocates dup pointer by kstrdup(cfg),\nbut then it updates dup variable by strsep(\u0026dup, \"|\").\nAs a result when it calls kfree(dup), the dup variable contains NULL.\n\nFound by Linux Driver Verification project (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48863",
"url": "https://www.suse.com/security/cve/CVE-2022-48863"
},
{
"category": "external",
"summary": "SUSE Bug 1228063 for CVE-2022-48863",
"url": "https://bugzilla.suse.com/1228063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2022-48863"
},
{
"cve": "CVE-2023-4244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4244"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nDue to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability.\n\nWe recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8.\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4244",
"url": "https://www.suse.com/security/cve/CVE-2023-4244"
},
{
"category": "external",
"summary": "SUSE Bug 1215420 for CVE-2023-4244",
"url": "https://bugzilla.suse.com/1215420"
},
{
"category": "external",
"summary": "SUSE Bug 1215424 for CVE-2023-4244",
"url": "https://bugzilla.suse.com/1215424"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2023-4244"
},
{
"cve": "CVE-2023-52435",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52435"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: prevent mss overflow in skb_segment()\n\nOnce again syzbot is able to crash the kernel in skb_segment() [1]\n\nGSO_BY_FRAGS is a forbidden value, but unfortunately the following\ncomputation in skb_segment() can reach it quite easily :\n\n\tmss = mss * partial_segs;\n\n65535 = 3 * 5 * 17 * 257, so many initial values of mss can lead to\na bad final result.\n\nMake sure to limit segmentation so that the new mss value is smaller\nthan GSO_BY_FRAGS.\n\n[1]\n\ngeneral protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]\nCPU: 1 PID: 5079 Comm: syz-executor993 Not tainted 6.7.0-rc4-syzkaller-00141-g1ae4cd3cbdd0 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nRIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551\nCode: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00\nRSP: 0018:ffffc900043473d0 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597\nRDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070\nRBP: ffffc90004347578 R08: 0000000000000005 R09: 000000000000ffff\nR10: 000000000000ffff R11: 0000000000000002 R12: ffff888063202ac0\nR13: 0000000000010000 R14: 000000000000ffff R15: 0000000000000046\nFS: 0000555556e7e380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020010000 CR3: 0000000027ee2000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\nudp6_ufo_fragment+0xa0e/0xd00 net/ipv6/udp_offload.c:109\nipv6_gso_segment+0x534/0x17e0 net/ipv6/ip6_offload.c:120\nskb_mac_gso_segment+0x290/0x610 net/core/gso.c:53\n__skb_gso_segment+0x339/0x710 net/core/gso.c:124\nskb_gso_segment include/net/gso.h:83 [inline]\nvalidate_xmit_skb+0x36c/0xeb0 net/core/dev.c:3626\n__dev_queue_xmit+0x6f3/0x3d60 net/core/dev.c:4338\ndev_queue_xmit include/linux/netdevice.h:3134 [inline]\npacket_xmit+0x257/0x380 net/packet/af_packet.c:276\npacket_snd net/packet/af_packet.c:3087 [inline]\npacket_sendmsg+0x24c6/0x5220 net/packet/af_packet.c:3119\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg+0xd5/0x180 net/socket.c:745\n__sys_sendto+0x255/0x340 net/socket.c:2190\n__do_sys_sendto net/socket.c:2202 [inline]\n__se_sys_sendto net/socket.c:2198 [inline]\n__x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0x40/0x110 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x63/0x6b\nRIP: 0033:0x7f8692032aa9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff8d685418 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8692032aa9\nRDX: 0000000000010048 RSI: 00000000200000c0 RDI: 0000000000000003\nRBP: 00000000000f4240 R08: 0000000020000540 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8d685480\nR13: 0000000000000001 R14: 00007fff8d685480 R15: 0000000000000003\n\u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---\nRIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551\nCode: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00\nRSP: 0018:ffffc900043473d0 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597\nRDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070\nRBP: ffffc90004347578 R0\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52435",
"url": "https://www.suse.com/security/cve/CVE-2023-52435"
},
{
"category": "external",
"summary": "SUSE Bug 1220138 for CVE-2023-52435",
"url": "https://bugzilla.suse.com/1220138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2023-52435"
},
{
"cve": "CVE-2023-52507",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52507"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: assert requested protocol is valid\n\nThe protocol is used in a bit mask to determine if the protocol is\nsupported. Assert the provided protocol is less than the maximum\ndefined so it doesn\u0027t potentially perform a shift-out-of-bounds and\nprovide a clearer error for undefined protocols vs unsupported ones.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52507",
"url": "https://www.suse.com/security/cve/CVE-2023-52507"
},
{
"category": "external",
"summary": "SUSE Bug 1220833 for CVE-2023-52507",
"url": "https://bugzilla.suse.com/1220833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2023-52507"
},
{
"cve": "CVE-2023-52594",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52594"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()\n\nFix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bug\noccurs when txs-\u003ecnt, data from a URB provided by a USB device, is\nbigger than the size of the array txs-\u003etxstatus, which is\nHTC_MAX_TX_STATUS. WARN_ON() already checks it, but there is no bug\nhandling code after the check. Make the function return if that is the\ncase.\n\nFound by a modified version of syzkaller.\n\nUBSAN: array-index-out-of-bounds in htc_drv_txrx.c\nindex 13 is out of range for type \u0027__wmi_event_txstatus [12]\u0027\nCall Trace:\n ath9k_htc_txstatus\n ath9k_wmi_event_tasklet\n tasklet_action_common\n __do_softirq\n irq_exit_rxu\n sysvec_apic_timer_interrupt",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52594",
"url": "https://www.suse.com/security/cve/CVE-2023-52594"
},
{
"category": "external",
"summary": "SUSE Bug 1221045 for CVE-2023-52594",
"url": "https://bugzilla.suse.com/1221045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2023-52594"
},
{
"cve": "CVE-2023-52612",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52612"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: scomp - fix req-\u003edst buffer overflow\n\nThe req-\u003edst buffer size should be checked before copying from the\nscomp_scratch-\u003edst to avoid req-\u003edst buffer overflow problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52612",
"url": "https://www.suse.com/security/cve/CVE-2023-52612"
},
{
"category": "external",
"summary": "SUSE Bug 1221616 for CVE-2023-52612",
"url": "https://bugzilla.suse.com/1221616"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "important"
}
],
"title": "CVE-2023-52612"
},
{
"cve": "CVE-2023-52615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52615"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwrng: core - Fix page fault dead lock on mmap-ed hwrng\n\nThere is a dead-lock in the hwrng device read path. This triggers\nwhen the user reads from /dev/hwrng into memory also mmap-ed from\n/dev/hwrng. The resulting page fault triggers a recursive read\nwhich then dead-locks.\n\nFix this by using a stack buffer when calling copy_to_user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52615",
"url": "https://www.suse.com/security/cve/CVE-2023-52615"
},
{
"category": "external",
"summary": "SUSE Bug 1221614 for CVE-2023-52615",
"url": "https://bugzilla.suse.com/1221614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2023-52615"
},
{
"cve": "CVE-2023-52619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52619"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npstore/ram: Fix crash when setting number of cpus to an odd number\n\nWhen the number of cpu cores is adjusted to 7 or other odd numbers,\nthe zone size will become an odd number.\nThe address of the zone will become:\n addr of zone0 = BASE\n addr of zone1 = BASE + zone_size\n addr of zone2 = BASE + zone_size*2\n ...\nThe address of zone1/3/5/7 will be mapped to non-alignment va.\nEventually crashes will occur when accessing these va.\n\nSo, use ALIGN_DOWN() to make sure the zone size is even\nto avoid this bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52619",
"url": "https://www.suse.com/security/cve/CVE-2023-52619"
},
{
"category": "external",
"summary": "SUSE Bug 1221618 for CVE-2023-52619",
"url": "https://bugzilla.suse.com/1221618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2023-52619"
},
{
"cve": "CVE-2023-52623",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52623"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix a suspicious RCU usage warning\n\nI received the following warning while running cthon against an ontap\nserver running pNFS:\n\n[ 57.202521] =============================\n[ 57.202522] WARNING: suspicious RCU usage\n[ 57.202523] 6.7.0-rc3-g2cc14f52aeb7 #41492 Not tainted\n[ 57.202525] -----------------------------\n[ 57.202525] net/sunrpc/xprtmultipath.c:349 RCU-list traversed in non-reader section!!\n[ 57.202527]\n other info that might help us debug this:\n\n[ 57.202528]\n rcu_scheduler_active = 2, debug_locks = 1\n[ 57.202529] no locks held by test5/3567.\n[ 57.202530]\n stack backtrace:\n[ 57.202532] CPU: 0 PID: 3567 Comm: test5 Not tainted 6.7.0-rc3-g2cc14f52aeb7 #41492 5b09971b4965c0aceba19f3eea324a4a806e227e\n[ 57.202534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 2/2/2022\n[ 57.202536] Call Trace:\n[ 57.202537] \u003cTASK\u003e\n[ 57.202540] dump_stack_lvl+0x77/0xb0\n[ 57.202551] lockdep_rcu_suspicious+0x154/0x1a0\n[ 57.202556] rpc_xprt_switch_has_addr+0x17c/0x190 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202596] rpc_clnt_setup_test_and_add_xprt+0x50/0x180 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202621] ? rpc_clnt_add_xprt+0x254/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202646] rpc_clnt_add_xprt+0x27a/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202671] ? __pfx_rpc_clnt_setup_test_and_add_xprt+0x10/0x10 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202696] nfs4_pnfs_ds_connect+0x345/0x760 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202728] ? __pfx_nfs4_test_session_trunk+0x10/0x10 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202754] nfs4_fl_prepare_ds+0x75/0xc0 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a]\n[ 57.202760] filelayout_write_pagelist+0x4a/0x200 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a]\n[ 57.202765] pnfs_generic_pg_writepages+0xbe/0x230 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202788] __nfs_pageio_add_request+0x3fd/0x520 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202813] nfs_pageio_add_request+0x18b/0x390 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202831] nfs_do_writepage+0x116/0x1e0 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202849] nfs_writepages_callback+0x13/0x30 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202866] write_cache_pages+0x265/0x450\n[ 57.202870] ? __pfx_nfs_writepages_callback+0x10/0x10 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202891] nfs_writepages+0x141/0x230 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202913] do_writepages+0xd2/0x230\n[ 57.202917] ? filemap_fdatawrite_wbc+0x5c/0x80\n[ 57.202921] filemap_fdatawrite_wbc+0x67/0x80\n[ 57.202924] filemap_write_and_wait_range+0xd9/0x170\n[ 57.202930] nfs_wb_all+0x49/0x180 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202947] nfs4_file_flush+0x72/0xb0 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202969] __se_sys_close+0x46/0xd0\n[ 57.202972] do_syscall_64+0x68/0x100\n[ 57.202975] ? do_syscall_64+0x77/0x100\n[ 57.202976] ? do_syscall_64+0x77/0x100\n[ 57.202979] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 57.202982] RIP: 0033:0x7fe2b12e4a94\n[ 57.202985] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d d5 18 0e 00 00 74 13 b8 03 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 44 c3 0f 1f 00 48 83 ec 18 89 7c 24 0c e8 c3\n[ 57.202987] RSP: 002b:00007ffe857ddb38 EFLAGS: 00000202 ORIG_RAX: 0000000000000003\n[ 57.202989] RAX: ffffffffffffffda RBX: 00007ffe857dfd68 RCX: 00007fe2b12e4a94\n[ 57.202991] RDX: 0000000000002000 RSI: 00007ffe857ddc40 RDI: 0000000000000003\n[ 57.202992] RBP: 00007ffe857dfc50 R08: 7fffffffffffffff R09: 0000000065650f49\n[ 57.202993] R10: 00007f\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52623",
"url": "https://www.suse.com/security/cve/CVE-2023-52623"
},
{
"category": "external",
"summary": "SUSE Bug 1222060 for CVE-2023-52623",
"url": "https://bugzilla.suse.com/1222060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2023-52623"
},
{
"cve": "CVE-2023-52669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52669"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: s390/aes - Fix buffer overread in CTR mode\n\nWhen processing the last block, the s390 ctr code will always read\na whole block, even if there isn\u0027t a whole block of data left. Fix\nthis by using the actual length left and copy it into a buffer first\nfor processing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52669",
"url": "https://www.suse.com/security/cve/CVE-2023-52669"
},
{
"category": "external",
"summary": "SUSE Bug 1224637 for CVE-2023-52669",
"url": "https://bugzilla.suse.com/1224637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2023-52669"
},
{
"cve": "CVE-2023-52683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: LPIT: Avoid u32 multiplication overflow\n\nIn lpit_update_residency() there is a possibility of overflow\nin multiplication, if tsc_khz is large enough (\u003e UINT_MAX/1000).\n\nChange multiplication to mul_u32_u32().\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52683",
"url": "https://www.suse.com/security/cve/CVE-2023-52683"
},
{
"category": "external",
"summary": "SUSE Bug 1224627 for CVE-2023-52683",
"url": "https://bugzilla.suse.com/1224627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2023-52683"
},
{
"cve": "CVE-2023-52693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: video: check for error while searching for backlight device parent\n\nIf acpi_get_parent() called in acpi_video_dev_register_backlight()\nfails, for example, because acpi_ut_acquire_mutex() fails inside\nacpi_get_parent), this can lead to incorrect (uninitialized)\nacpi_parent handle being passed to acpi_get_pci_dev() for detecting\nthe parent pci device.\n\nCheck acpi_get_parent() result and set parent device only in case of success.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52693",
"url": "https://www.suse.com/security/cve/CVE-2023-52693"
},
{
"category": "external",
"summary": "SUSE Bug 1224686 for CVE-2023-52693",
"url": "https://bugzilla.suse.com/1224686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2023-52693"
},
{
"cve": "CVE-2023-52743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52743"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Do not use WQ_MEM_RECLAIM flag for workqueue\n\nWhen both ice and the irdma driver are loaded, a warning in\ncheck_flush_dependency is being triggered. This is due to ice driver\nworkqueue being allocated with the WQ_MEM_RECLAIM flag and the irdma one\nis not.\n\nAccording to kernel documentation, this flag should be set if the\nworkqueue will be involved in the kernel\u0027s memory reclamation flow.\nSince it is not, there is no need for the ice driver\u0027s WQ to have this\nflag set so remove it.\n\nExample trace:\n\n[ +0.000004] workqueue: WQ_MEM_RECLAIM ice:ice_service_task [ice] is flushing !WQ_MEM_RECLAIM infiniband:0x0\n[ +0.000139] WARNING: CPU: 0 PID: 728 at kernel/workqueue.c:2632 check_flush_dependency+0x178/0x1a0\n[ +0.000011] Modules linked in: bonding tls xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_cha\nin_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables nfnetlink bridge stp llc rfkill vfat fat intel_rapl_msr intel\n_rapl_common isst_if_common skx_edac nfit libnvdimm x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct1\n0dif_pclmul crc32_pclmul ghash_clmulni_intel rapl intel_cstate rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_\ncore_mod ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_cm iw_cm iTCO_wdt iTCO_vendor_support ipmi_ssif irdma mei_me ib_uverbs\nib_core intel_uncore joydev pcspkr i2c_i801 acpi_ipmi mei lpc_ich i2c_smbus intel_pch_thermal ioatdma ipmi_si acpi_power_meter\nacpi_pad xfs libcrc32c sd_mod t10_pi crc64_rocksoft crc64 sg ahci ixgbe libahci ice i40e igb crc32c_intel mdio i2c_algo_bit liba\nta dca wmi dm_mirror dm_region_hash dm_log dm_mod ipmi_devintf ipmi_msghandler fuse\n[ +0.000161] [last unloaded: bonding]\n[ +0.000006] CPU: 0 PID: 728 Comm: kworker/0:2 Tainted: G S 6.2.0-rc2_next-queue-13jan-00458-gc20aabd57164 #1\n[ +0.000006] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0010.010620200716 01/06/2020\n[ +0.000003] Workqueue: ice ice_service_task [ice]\n[ +0.000127] RIP: 0010:check_flush_dependency+0x178/0x1a0\n[ +0.000005] Code: 89 8e 02 01 e8 49 3d 40 00 49 8b 55 18 48 8d 8d d0 00 00 00 48 8d b3 d0 00 00 00 4d 89 e0 48 c7 c7 e0 3b 08\n9f e8 bb d3 07 01 \u003c0f\u003e 0b e9 be fe ff ff 80 3d 24 89 8e 02 00 0f 85 6b ff ff ff e9 06\n[ +0.000004] RSP: 0018:ffff88810a39f990 EFLAGS: 00010282\n[ +0.000005] RAX: 0000000000000000 RBX: ffff888141bc2400 RCX: 0000000000000000\n[ +0.000004] RDX: 0000000000000001 RSI: dffffc0000000000 RDI: ffffffffa1213a80\n[ +0.000003] RBP: ffff888194bf3400 R08: ffffed117b306112 R09: ffffed117b306112\n[ +0.000003] R10: ffff888bd983088b R11: ffffed117b306111 R12: 0000000000000000\n[ +0.000003] R13: ffff888111f84d00 R14: ffff88810a3943ac R15: ffff888194bf3400\n[ +0.000004] FS: 0000000000000000(0000) GS:ffff888bd9800000(0000) knlGS:0000000000000000\n[ +0.000003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ +0.000003] CR2: 000056035b208b60 CR3: 000000017795e005 CR4: 00000000007706f0\n[ +0.000003] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ +0.000003] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ +0.000002] PKRU: 55555554\n[ +0.000003] Call Trace:\n[ +0.000002] \u003cTASK\u003e\n[ +0.000003] __flush_workqueue+0x203/0x840\n[ +0.000006] ? mutex_unlock+0x84/0xd0\n[ +0.000008] ? __pfx_mutex_unlock+0x10/0x10\n[ +0.000004] ? __pfx___flush_workqueue+0x10/0x10\n[ +0.000006] ? mutex_lock+0xa3/0xf0\n[ +0.000005] ib_cache_cleanup_one+0x39/0x190 [ib_core]\n[ +0.000174] __ib_unregister_device+0x84/0xf0 [ib_core]\n[ +0.000094] ib_unregister_device+0x25/0x30 [ib_core]\n[ +0.000093] irdma_ib_unregister_device+0x97/0xc0 [irdma]\n[ +0.000064] ? __pfx_irdma_ib_unregister_device+0x10/0x10 [irdma]\n[ +0.000059] ? up_write+0x5c/0x90\n[ +0.000005] irdma_remove+0x36/0x90 [irdma]\n[ +0.000062] auxiliary_bus_remove+0x32/0x50\n[ +0.000007] device_r\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52743",
"url": "https://www.suse.com/security/cve/CVE-2023-52743"
},
{
"category": "external",
"summary": "SUSE Bug 1225003 for CVE-2023-52743",
"url": "https://bugzilla.suse.com/1225003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "low"
}
],
"title": "CVE-2023-52743"
},
{
"cve": "CVE-2023-52753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52753"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid NULL dereference of timing generator\n\n[Why \u0026 How]\nCheck whether assigned timing generator is NULL or not before\naccessing its funcs to prevent NULL dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52753",
"url": "https://www.suse.com/security/cve/CVE-2023-52753"
},
{
"category": "external",
"summary": "SUSE Bug 1225478 for CVE-2023-52753",
"url": "https://bugzilla.suse.com/1225478"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2023-52753"
},
{
"cve": "CVE-2023-52817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52817"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL\n\nIn certain types of chips, such as VEGA20, reading the amdgpu_regs_smc file could result in an abnormal null pointer access when the smc_rreg pointer is NULL. Below are the steps to reproduce this issue and the corresponding exception log:\n\n1. Navigate to the directory: /sys/kernel/debug/dri/0\n2. Execute command: cat amdgpu_regs_smc\n3. Exception Log::\n[4005007.702554] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[4005007.702562] #PF: supervisor instruction fetch in kernel mode\n[4005007.702567] #PF: error_code(0x0010) - not-present page\n[4005007.702570] PGD 0 P4D 0\n[4005007.702576] Oops: 0010 [#1] SMP NOPTI\n[4005007.702581] CPU: 4 PID: 62563 Comm: cat Tainted: G OE 5.15.0-43-generic #46-Ubunt u\n[4005007.702590] RIP: 0010:0x0\n[4005007.702598] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.\n[4005007.702600] RSP: 0018:ffffa82b46d27da0 EFLAGS: 00010206\n[4005007.702605] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffa82b46d27e68\n[4005007.702609] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff9940656e0000\n[4005007.702612] RBP: ffffa82b46d27dd8 R08: 0000000000000000 R09: ffff994060c07980\n[4005007.702615] R10: 0000000000020000 R11: 0000000000000000 R12: 00007f5e06753000\n[4005007.702618] R13: ffff9940656e0000 R14: ffffa82b46d27e68 R15: 00007f5e06753000\n[4005007.702622] FS: 00007f5e0755b740(0000) GS:ffff99479d300000(0000) knlGS:0000000000000000\n[4005007.702626] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[4005007.702629] CR2: ffffffffffffffd6 CR3: 00000003253fc000 CR4: 00000000003506e0\n[4005007.702633] Call Trace:\n[4005007.702636] \u003cTASK\u003e\n[4005007.702640] amdgpu_debugfs_regs_smc_read+0xb0/0x120 [amdgpu]\n[4005007.703002] full_proxy_read+0x5c/0x80\n[4005007.703011] vfs_read+0x9f/0x1a0\n[4005007.703019] ksys_read+0x67/0xe0\n[4005007.703023] __x64_sys_read+0x19/0x20\n[4005007.703028] do_syscall_64+0x5c/0xc0\n[4005007.703034] ? do_user_addr_fault+0x1e3/0x670\n[4005007.703040] ? exit_to_user_mode_prepare+0x37/0xb0\n[4005007.703047] ? irqentry_exit_to_user_mode+0x9/0x20\n[4005007.703052] ? irqentry_exit+0x19/0x30\n[4005007.703057] ? exc_page_fault+0x89/0x160\n[4005007.703062] ? asm_exc_page_fault+0x8/0x30\n[4005007.703068] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[4005007.703075] RIP: 0033:0x7f5e07672992\n[4005007.703079] Code: c0 e9 b2 fe ff ff 50 48 8d 3d fa b2 0c 00 e8 c5 1d 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 e c 28 48 89 54 24\n[4005007.703083] RSP: 002b:00007ffe03097898 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n[4005007.703088] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f5e07672992\n[4005007.703091] RDX: 0000000000020000 RSI: 00007f5e06753000 RDI: 0000000000000003\n[4005007.703094] RBP: 00007f5e06753000 R08: 00007f5e06752010 R09: 00007f5e06752010\n[4005007.703096] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000022000\n[4005007.703099] R13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000\n[4005007.703105] \u003c/TASK\u003e\n[4005007.703107] Modules linked in: nf_tables libcrc32c nfnetlink algif_hash af_alg binfmt_misc nls_ iso8859_1 ipmi_ssif ast intel_rapl_msr intel_rapl_common drm_vram_helper drm_ttm_helper amd64_edac t tm edac_mce_amd kvm_amd ccp mac_hid k10temp kvm acpi_ipmi ipmi_si rapl sch_fq_codel ipmi_devintf ipm i_msghandler msr parport_pc ppdev lp parport mtd pstore_blk efi_pstore ramoops pstore_zone reed_solo mon ip_tables x_tables autofs4 ib_uverbs ib_core amdgpu(OE) amddrm_ttm_helper(OE) amdttm(OE) iommu_v 2 amd_sched(OE) amdkcl(OE) drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops cec rc_core drm igb ahci xhci_pci libahci i2c_piix4 i2c_algo_bit xhci_pci_renesas dca\n[4005007.703184] CR2: 0000000000000000\n[4005007.703188] ---[ en\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52817",
"url": "https://www.suse.com/security/cve/CVE-2023-52817"
},
{
"category": "external",
"summary": "SUSE Bug 1225569 for CVE-2023-52817",
"url": "https://bugzilla.suse.com/1225569"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2023-52817"
},
{
"cve": "CVE-2023-52818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: Fix UBSAN array-index-out-of-bounds for SMU7\n\nFor pptable structs that use flexible array sizes, use flexible arrays.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52818",
"url": "https://www.suse.com/security/cve/CVE-2023-52818"
},
{
"category": "external",
"summary": "SUSE Bug 1225530 for CVE-2023-52818",
"url": "https://bugzilla.suse.com/1225530"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2023-52818"
},
{
"cve": "CVE-2023-52819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga\n\nFor pptable structs that use flexible array sizes, use flexible arrays.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52819",
"url": "https://www.suse.com/security/cve/CVE-2023-52819"
},
{
"category": "external",
"summary": "SUSE Bug 1225532 for CVE-2023-52819",
"url": "https://bugzilla.suse.com/1225532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2023-52819"
},
{
"cve": "CVE-2023-52885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix UAF in svc_tcp_listen_data_ready()\n\nAfter the listener svc_sock is freed, and before invoking svc_tcp_accept()\nfor the established child sock, there is a window that the newsock\nretaining a freed listener svc_sock in sk_user_data which cloning from\nparent. In the race window, if data is received on the newsock, we will\nobserve use-after-free report in svc_tcp_listen_data_ready().\n\nReproduce by two tasks:\n\n1. while :; do rpc.nfsd 0 ; rpc.nfsd; done\n2. while :; do echo \"\" | ncat -4 127.0.0.1 2049 ; done\n\nKASAN report:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc]\n Read of size 8 at addr ffff888139d96228 by task nc/102553\n CPU: 7 PID: 102553 Comm: nc Not tainted 6.3.0+ #18\n Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\n Call Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x33/0x50\n print_address_description.constprop.0+0x27/0x310\n print_report+0x3e/0x70\n kasan_report+0xae/0xe0\n svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc]\n tcp_data_queue+0x9f4/0x20e0\n tcp_rcv_established+0x666/0x1f60\n tcp_v4_do_rcv+0x51c/0x850\n tcp_v4_rcv+0x23fc/0x2e80\n ip_protocol_deliver_rcu+0x62/0x300\n ip_local_deliver_finish+0x267/0x350\n ip_local_deliver+0x18b/0x2d0\n ip_rcv+0x2fb/0x370\n __netif_receive_skb_one_core+0x166/0x1b0\n process_backlog+0x24c/0x5e0\n __napi_poll+0xa2/0x500\n net_rx_action+0x854/0xc90\n __do_softirq+0x1bb/0x5de\n do_softirq+0xcb/0x100\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n ...\n \u003c/TASK\u003e\n\n Allocated by task 102371:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n __kasan_kmalloc+0x7b/0x90\n svc_setup_socket+0x52/0x4f0 [sunrpc]\n svc_addsock+0x20d/0x400 [sunrpc]\n __write_ports_addfd+0x209/0x390 [nfsd]\n write_ports+0x239/0x2c0 [nfsd]\n nfsctl_transaction_write+0xac/0x110 [nfsd]\n vfs_write+0x1c3/0xae0\n ksys_write+0xed/0x1c0\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\n Freed by task 102551:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x2a/0x50\n __kasan_slab_free+0x106/0x190\n __kmem_cache_free+0x133/0x270\n svc_xprt_free+0x1e2/0x350 [sunrpc]\n svc_xprt_destroy_all+0x25a/0x440 [sunrpc]\n nfsd_put+0x125/0x240 [nfsd]\n nfsd_svc+0x2cb/0x3c0 [nfsd]\n write_threads+0x1ac/0x2a0 [nfsd]\n nfsctl_transaction_write+0xac/0x110 [nfsd]\n vfs_write+0x1c3/0xae0\n ksys_write+0xed/0x1c0\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nFix the UAF by simply doing nothing in svc_tcp_listen_data_ready()\nif state != TCP_LISTEN, that will avoid dereferencing svsk for all\nchild socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52885",
"url": "https://www.suse.com/security/cve/CVE-2023-52885"
},
{
"category": "external",
"summary": "SUSE Bug 1227750 for CVE-2023-52885",
"url": "https://bugzilla.suse.com/1227750"
},
{
"category": "external",
"summary": "SUSE Bug 1227753 for CVE-2023-52885",
"url": "https://bugzilla.suse.com/1227753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "important"
}
],
"title": "CVE-2023-52885"
},
{
"cve": "CVE-2024-26615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26615"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix illegal rmb_desc access in SMC-D connection dump\n\nA crash was found when dumping SMC-D connections. It can be reproduced\nby following steps:\n\n- run nginx/wrk test:\n smc_run nginx\n smc_run wrk -t 16 -c 1000 -d \u003cduration\u003e -H \u0027Connection: Close\u0027 \u003cURL\u003e\n\n- continuously dump SMC-D connections in parallel:\n watch -n 1 \u0027smcss -D\u0027\n\n BUG: kernel NULL pointer dereference, address: 0000000000000030\n CPU: 2 PID: 7204 Comm: smcss Kdump: loaded Tainted: G\tE 6.7.0+ #55\n RIP: 0010:__smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag]\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x24/0x70\n ? page_fault_oops+0x66/0x150\n ? exc_page_fault+0x69/0x140\n ? asm_exc_page_fault+0x26/0x30\n ? __smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag]\n ? __kmalloc_node_track_caller+0x35d/0x430\n ? __alloc_skb+0x77/0x170\n smc_diag_dump_proto+0xd0/0xf0 [smc_diag]\n smc_diag_dump+0x26/0x60 [smc_diag]\n netlink_dump+0x19f/0x320\n __netlink_dump_start+0x1dc/0x300\n smc_diag_handler_dump+0x6a/0x80 [smc_diag]\n ? __pfx_smc_diag_dump+0x10/0x10 [smc_diag]\n sock_diag_rcv_msg+0x121/0x140\n ? __pfx_sock_diag_rcv_msg+0x10/0x10\n netlink_rcv_skb+0x5a/0x110\n sock_diag_rcv+0x28/0x40\n netlink_unicast+0x22a/0x330\n netlink_sendmsg+0x1f8/0x420\n __sock_sendmsg+0xb0/0xc0\n ____sys_sendmsg+0x24e/0x300\n ? copy_msghdr_from_user+0x62/0x80\n ___sys_sendmsg+0x7c/0xd0\n ? __do_fault+0x34/0x160\n ? do_read_fault+0x5f/0x100\n ? do_fault+0xb0/0x110\n ? __handle_mm_fault+0x2b0/0x6c0\n __sys_sendmsg+0x4d/0x80\n do_syscall_64+0x69/0x180\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nIt is possible that the connection is in process of being established\nwhen we dump it. Assumed that the connection has been registered in a\nlink group by smc_conn_create() but the rmb_desc has not yet been\ninitialized by smc_buf_create(), thus causing the illegal access to\nconn-\u003ermb_desc. So fix it by checking before dump.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26615",
"url": "https://www.suse.com/security/cve/CVE-2024-26615"
},
{
"category": "external",
"summary": "SUSE Bug 1220942 for CVE-2024-26615",
"url": "https://bugzilla.suse.com/1220942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-26615"
},
{
"cve": "CVE-2024-26635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26635"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nllc: Drop support for ETH_P_TR_802_2.\n\nsyzbot reported an uninit-value bug below. [0]\n\nllc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2\n(0x0011), and syzbot abused the latter to trigger the bug.\n\n write$tun(r0, \u0026(0x7f0000000040)={@val={0x0, 0x11}, @val, @mpls={[], @llc={@snap={0xaa, 0x1, \u0027)\u0027, \"90e5dd\"}}}}, 0x16)\n\nllc_conn_handler() initialises local variables {saddr,daddr}.mac\nbased on skb in llc_pdu_decode_sa()/llc_pdu_decode_da() and passes\nthem to __llc_lookup().\n\nHowever, the initialisation is done only when skb-\u003eprotocol is\nhtons(ETH_P_802_2), otherwise, __llc_lookup_established() and\n__llc_lookup_listener() will read garbage.\n\nThe missing initialisation existed prior to commit 211ed865108e\n(\"net: delete all instances of special processing for token ring\").\n\nIt removed the part to kick out the token ring stuff but forgot to\nclose the door allowing ETH_P_TR_802_2 packets to sneak into llc_rcv().\n\nLet\u0027s remove llc_tr_packet_type and complete the deprecation.\n\n[0]:\nBUG: KMSAN: uninit-value in __llc_lookup_established+0xe9d/0xf90\n __llc_lookup_established+0xe9d/0xf90\n __llc_lookup net/llc/llc_conn.c:611 [inline]\n llc_conn_handler+0x4bd/0x1360 net/llc/llc_conn.c:791\n llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206\n __netif_receive_skb_one_core net/core/dev.c:5527 [inline]\n __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5641\n netif_receive_skb_internal net/core/dev.c:5727 [inline]\n netif_receive_skb+0x58/0x660 net/core/dev.c:5786\n tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555\n tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n call_write_iter include/linux/fs.h:2020 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x8ef/0x1490 fs/read_write.c:584\n ksys_write+0x20f/0x4c0 fs/read_write.c:637\n __do_sys_write fs/read_write.c:649 [inline]\n __se_sys_write fs/read_write.c:646 [inline]\n __x64_sys_write+0x93/0xd0 fs/read_write.c:646\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nLocal variable daddr created at:\n llc_conn_handler+0x53/0x1360 net/llc/llc_conn.c:783\n llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206\n\nCPU: 1 PID: 5004 Comm: syz-executor994 Not tainted 6.6.0-syzkaller-14500-g1c41041124bd #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26635",
"url": "https://www.suse.com/security/cve/CVE-2024-26635"
},
{
"category": "external",
"summary": "SUSE Bug 1221656 for CVE-2024-26635",
"url": "https://bugzilla.suse.com/1221656"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-26635"
},
{
"cve": "CVE-2024-26636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26636"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nllc: make llc_ui_sendmsg() more robust against bonding changes\n\nsyzbot was able to trick llc_ui_sendmsg(), allocating an skb with no\nheadroom, but subsequently trying to push 14 bytes of Ethernet header [1]\n\nLike some others, llc_ui_sendmsg() releases the socket lock before\ncalling sock_alloc_send_skb().\nThen it acquires it again, but does not redo all the sanity checks\nthat were performed.\n\nThis fix:\n\n- Uses LL_RESERVED_SPACE() to reserve space.\n- Check all conditions again after socket lock is held again.\n- Do not account Ethernet header for mtu limitation.\n\n[1]\n\nskbuff: skb_under_panic: text:ffff800088baa334 len:1514 put:14 head:ffff0000c9c37000 data:ffff0000c9c36ff2 tail:0x5dc end:0x6c0 dev:bond0\n\n kernel BUG at net/core/skbuff.c:193 !\nInternal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\nModules linked in:\nCPU: 0 PID: 6875 Comm: syz-executor.0 Not tainted 6.7.0-rc8-syzkaller-00101-g0802e17d9aca-dirty #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : skb_panic net/core/skbuff.c:189 [inline]\n pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\n lr : skb_panic net/core/skbuff.c:189 [inline]\n lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\nsp : ffff800096f97000\nx29: ffff800096f97010 x28: ffff80008cc8d668 x27: dfff800000000000\nx26: ffff0000cb970c90 x25: 00000000000005dc x24: ffff0000c9c36ff2\nx23: ffff0000c9c37000 x22: 00000000000005ea x21: 00000000000006c0\nx20: 000000000000000e x19: ffff800088baa334 x18: 1fffe000368261ce\nx17: ffff80008e4ed000 x16: ffff80008a8310f8 x15: 0000000000000001\nx14: 1ffff00012df2d58 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000001 x10: 0000000000ff0100 x9 : e28a51f1087e8400\nx8 : e28a51f1087e8400 x7 : ffff80008028f8d0 x6 : 0000000000000000\nx5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff800082b78714\nx2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000089\nCall trace:\n skb_panic net/core/skbuff.c:189 [inline]\n skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\n skb_push+0xf0/0x108 net/core/skbuff.c:2451\n eth_header+0x44/0x1f8 net/ethernet/eth.c:83\n dev_hard_header include/linux/netdevice.h:3188 [inline]\n llc_mac_hdr_init+0x110/0x17c net/llc/llc_output.c:33\n llc_sap_action_send_xid_c+0x170/0x344 net/llc/llc_s_ac.c:85\n llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline]\n llc_sap_next_state net/llc/llc_sap.c:182 [inline]\n llc_sap_state_process+0x1ec/0x774 net/llc/llc_sap.c:209\n llc_build_and_send_xid_pkt+0x12c/0x1c0 net/llc/llc_sap.c:270\n llc_ui_sendmsg+0x7bc/0xb1c net/llc/af_llc.c:997\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_sendmsg+0x194/0x274 net/socket.c:767\n splice_to_socket+0x7cc/0xd58 fs/splice.c:881\n do_splice_from fs/splice.c:933 [inline]\n direct_splice_actor+0xe4/0x1c0 fs/splice.c:1142\n splice_direct_to_actor+0x2a0/0x7e4 fs/splice.c:1088\n do_splice_direct+0x20c/0x348 fs/splice.c:1194\n do_sendfile+0x4bc/0xc70 fs/read_write.c:1254\n __do_sys_sendfile64 fs/read_write.c:1322 [inline]\n __se_sys_sendfile64 fs/read_write.c:1308 [inline]\n __arm64_sys_sendfile64+0x160/0x3b4 fs/read_write.c:1308\n __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155\n el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595\nCode: aa1803e6 aa1903e7 a90023f5 94792f6a (d4210000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26636",
"url": "https://www.suse.com/security/cve/CVE-2024-26636"
},
{
"category": "external",
"summary": "SUSE Bug 1221659 for CVE-2024-26636",
"url": "https://bugzilla.suse.com/1221659"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-26636"
},
{
"cve": "CVE-2024-26659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: handle isoc Babble and Buffer Overrun events properly\n\nxHCI 4.9 explicitly forbids assuming that the xHC has released its\nownership of a multi-TRB TD when it reports an error on one of the\nearly TRBs. Yet the driver makes such assumption and releases the TD,\nallowing the remaining TRBs to be freed or overwritten by new TDs.\n\nThe xHC should also report completion of the final TRB due to its IOC\nflag being set by us, regardless of prior errors. This event cannot\nbe recognized if the TD has already been freed earlier, resulting in\n\"Transfer event TRB DMA ptr not part of current TD\" error message.\n\nFix this by reusing the logic for processing isoc Transaction Errors.\nThis also handles hosts which fail to report the final completion.\n\nFix transfer length reporting on Babble errors. They may be caused by\ndevice malfunction, no guarantee that the buffer has been filled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26659",
"url": "https://www.suse.com/security/cve/CVE-2024-26659"
},
{
"category": "external",
"summary": "SUSE Bug 1222317 for CVE-2024-26659",
"url": "https://bugzilla.suse.com/1222317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-26659"
},
{
"cve": "CVE-2024-26663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26663"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Check the bearer type before calling tipc_udp_nl_bearer_add()\n\nsyzbot reported the following general protection fault [1]:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000080-0x0000000000000087]\n...\nRIP: 0010:tipc_udp_is_known_peer+0x9c/0x250 net/tipc/udp_media.c:291\n...\nCall Trace:\n \u003cTASK\u003e\n tipc_udp_nl_bearer_add+0x212/0x2f0 net/tipc/udp_media.c:646\n tipc_nl_bearer_add+0x21e/0x360 net/tipc/bearer.c:1089\n genl_family_rcv_msg_doit+0x1fc/0x2e0 net/netlink/genetlink.c:972\n genl_family_rcv_msg net/netlink/genetlink.c:1052 [inline]\n genl_rcv_msg+0x561/0x800 net/netlink/genetlink.c:1067\n netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2544\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x53b/0x810 net/netlink/af_netlink.c:1367\n netlink_sendmsg+0x8b7/0xd70 net/netlink/af_netlink.c:1909\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0xd5/0x180 net/socket.c:745\n ____sys_sendmsg+0x6ac/0x940 net/socket.c:2584\n ___sys_sendmsg+0x135/0x1d0 net/socket.c:2638\n __sys_sendmsg+0x117/0x1e0 net/socket.c:2667\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nThe cause of this issue is that when tipc_nl_bearer_add() is called with\nthe TIPC_NLA_BEARER_UDP_OPTS attribute, tipc_udp_nl_bearer_add() is called\neven if the bearer is not UDP.\n\ntipc_udp_is_known_peer() called by tipc_udp_nl_bearer_add() assumes that\nthe media_ptr field of the tipc_bearer has an udp_bearer type object, so\nthe function goes crazy for non-UDP bearers.\n\nThis patch fixes the issue by checking the bearer type before calling\ntipc_udp_nl_bearer_add() in tipc_nl_bearer_add().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26663",
"url": "https://www.suse.com/security/cve/CVE-2024-26663"
},
{
"category": "external",
"summary": "SUSE Bug 1222326 for CVE-2024-26663",
"url": "https://bugzilla.suse.com/1222326"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-26663"
},
{
"cve": "CVE-2024-26735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix possible use-after-free and null-ptr-deref\n\nThe pernet operations structure for the subsystem must be registered\nbefore registering the generic netlink family.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26735",
"url": "https://www.suse.com/security/cve/CVE-2024-26735"
},
{
"category": "external",
"summary": "SUSE Bug 1222372 for CVE-2024-26735",
"url": "https://bugzilla.suse.com/1222372"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-26735"
},
{
"cve": "CVE-2024-26830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Do not allow untrusted VF to remove administratively set MAC\n\nCurrently when PF administratively sets VF\u0027s MAC address and the VF\nis put down (VF tries to delete all MACs) then the MAC is removed\nfrom MAC filters and primary VF MAC is zeroed.\n\nDo not allow untrusted VF to remove primary MAC when it was set\nadministratively by PF.\n\nReproducer:\n1) Create VF\n2) Set VF interface up\n3) Administratively set the VF\u0027s MAC\n4) Put VF interface down\n\n[root@host ~]# echo 1 \u003e /sys/class/net/enp2s0f0/device/sriov_numvfs\n[root@host ~]# ip link set enp2s0f0v0 up\n[root@host ~]# ip link set enp2s0f0 vf 0 mac fe:6c:b5:da:c7:7d\n[root@host ~]# ip link show enp2s0f0\n23: enp2s0f0: \u003cBROADCAST,MULTICAST,UP,LOWER_UP\u003e mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000\n link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff\n vf 0 link/ether fe:6c:b5:da:c7:7d brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off\n[root@host ~]# ip link set enp2s0f0v0 down\n[root@host ~]# ip link show enp2s0f0\n23: enp2s0f0: \u003cBROADCAST,MULTICAST,UP,LOWER_UP\u003e mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000\n link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff\n vf 0 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26830",
"url": "https://www.suse.com/security/cve/CVE-2024-26830"
},
{
"category": "external",
"summary": "SUSE Bug 1223012 for CVE-2024-26830",
"url": "https://bugzilla.suse.com/1223012"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-26830"
},
{
"cve": "CVE-2024-26863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhsr: Fix uninit-value access in hsr_get_node()\n\nKMSAN reported the following uninit-value access issue [1]:\n\n=====================================================\nBUG: KMSAN: uninit-value in hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246\n hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246\n fill_frame_info net/hsr/hsr_forward.c:577 [inline]\n hsr_forward_skb+0xe12/0x30e0 net/hsr/hsr_forward.c:615\n hsr_dev_xmit+0x1a1/0x270 net/hsr/hsr_device.c:223\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3548 [inline]\n dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564\n __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\n slab_alloc_node mm/slub.c:3478 [inline]\n kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560\n __alloc_skb+0x318/0x740 net/core/skbuff.c:651\n alloc_skb include/linux/skbuff.h:1286 [inline]\n alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334\n sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787\n packet_alloc_skb net/packet/af_packet.c:2936 [inline]\n packet_snd net/packet/af_packet.c:3030 [inline]\n packet_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nCPU: 1 PID: 5033 Comm: syz-executor334 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\n=====================================================\n\nIf the packet type ID field in the Ethernet header is either ETH_P_PRP or\nETH_P_HSR, but it is not followed by an HSR tag, hsr_get_skb_sequence_nr()\nreads an invalid value as a sequence number. This causes the above issue.\n\nThis patch fixes the issue by returning NULL if the Ethernet header is not\nfollowed by an HSR tag.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26863",
"url": "https://www.suse.com/security/cve/CVE-2024-26863"
},
{
"category": "external",
"summary": "SUSE Bug 1223021 for CVE-2024-26863",
"url": "https://bugzilla.suse.com/1223021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-26863"
},
{
"cve": "CVE-2024-26880",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26880"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: call the resume method on internal suspend\n\nThere is this reported crash when experimenting with the lvm2 testsuite.\nThe list corruption is caused by the fact that the postsuspend and resume\nmethods were not paired correctly; there were two consecutive calls to the\norigin_postsuspend function. The second call attempts to remove the\n\"hash_list\" entry from a list, while it was already removed by the first\ncall.\n\nFix __dm_internal_resume so that it calls the preresume and resume\nmethods of the table\u0027s targets.\n\nIf a preresume method of some target fails, we are in a tricky situation.\nWe can\u0027t return an error because dm_internal_resume isn\u0027t supposed to\nreturn errors. We can\u0027t return success, because then the \"resume\" and\n\"postsuspend\" methods would not be paired correctly. So, we set the\nDMF_SUSPENDED flag and we fake normal suspend - it may confuse userspace\ntools, but it won\u0027t cause a kernel crash.\n\n------------[ cut here ]------------\nkernel BUG at lib/list_debug.c:56!\ninvalid opcode: 0000 [#1] PREEMPT SMP\nCPU: 1 PID: 8343 Comm: dmsetup Not tainted 6.8.0-rc6 #4\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\nRIP: 0010:__list_del_entry_valid_or_report+0x77/0xc0\n\u003csnip\u003e\nRSP: 0018:ffff8881b831bcc0 EFLAGS: 00010282\nRAX: 000000000000004e RBX: ffff888143b6eb80 RCX: 0000000000000000\nRDX: 0000000000000001 RSI: ffffffff819053d0 RDI: 00000000ffffffff\nRBP: ffff8881b83a3400 R08: 00000000fffeffff R09: 0000000000000058\nR10: 0000000000000000 R11: ffffffff81a24080 R12: 0000000000000001\nR13: ffff88814538e000 R14: ffff888143bc6dc0 R15: ffffffffa02e4bb0\nFS: 00000000f7c0f780(0000) GS:ffff8893f0a40000(0000) knlGS:0000000000000000\nCS: 0010 DS: 002b ES: 002b CR0: 0000000080050033\nCR2: 0000000057fb5000 CR3: 0000000143474000 CR4: 00000000000006b0\nCall Trace:\n \u003cTASK\u003e\n ? die+0x2d/0x80\n ? do_trap+0xeb/0xf0\n ? __list_del_entry_valid_or_report+0x77/0xc0\n ? do_error_trap+0x60/0x80\n ? __list_del_entry_valid_or_report+0x77/0xc0\n ? exc_invalid_op+0x49/0x60\n ? __list_del_entry_valid_or_report+0x77/0xc0\n ? asm_exc_invalid_op+0x16/0x20\n ? table_deps+0x1b0/0x1b0 [dm_mod]\n ? __list_del_entry_valid_or_report+0x77/0xc0\n origin_postsuspend+0x1a/0x50 [dm_snapshot]\n dm_table_postsuspend_targets+0x34/0x50 [dm_mod]\n dm_suspend+0xd8/0xf0 [dm_mod]\n dev_suspend+0x1f2/0x2f0 [dm_mod]\n ? table_deps+0x1b0/0x1b0 [dm_mod]\n ctl_ioctl+0x300/0x5f0 [dm_mod]\n dm_compat_ctl_ioctl+0x7/0x10 [dm_mod]\n __x64_compat_sys_ioctl+0x104/0x170\n do_syscall_64+0x184/0x1b0\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0xf7e6aead\n\u003csnip\u003e\n---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26880",
"url": "https://www.suse.com/security/cve/CVE-2024-26880"
},
{
"category": "external",
"summary": "SUSE Bug 1223188 for CVE-2024-26880",
"url": "https://bugzilla.suse.com/1223188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "low"
}
],
"title": "CVE-2024-26880"
},
{
"cve": "CVE-2024-26920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26920"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/trigger: Fix to return error if failed to alloc snapshot\n\nFix register_snapshot_trigger() to return error code if it failed to\nallocate a snapshot instead of 0 (success). Unless that, it will register\nsnapshot trigger without an error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26920",
"url": "https://www.suse.com/security/cve/CVE-2024-26920"
},
{
"category": "external",
"summary": "SUSE Bug 1228237 for CVE-2024-26920",
"url": "https://bugzilla.suse.com/1228237"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-26920"
},
{
"cve": "CVE-2024-26924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: do not free live element\n\nPablo reports a crash with large batches of elements with a\nback-to-back add/remove pattern. Quoting Pablo:\n\n add_elem(\"00000000\") timeout 100 ms\n ...\n add_elem(\"0000000X\") timeout 100 ms\n del_elem(\"0000000X\") \u003c---------------- delete one that was just added\n ...\n add_elem(\"00005000\") timeout 100 ms\n\n 1) nft_pipapo_remove() removes element 0000000X\n Then, KASAN shows a splat.\n\nLooking at the remove function there is a chance that we will drop a\nrule that maps to a non-deactivated element.\n\nRemoval happens in two steps, first we do a lookup for key k and return the\nto-be-removed element and mark it as inactive in the next generation.\nThen, in a second step, the element gets removed from the set/map.\n\nThe _remove function does not work correctly if we have more than one\nelement that share the same key.\n\nThis can happen if we insert an element into a set when the set already\nholds an element with same key, but the element mapping to the existing\nkey has timed out or is not active in the next generation.\n\nIn such case its possible that removal will unmap the wrong element.\nIf this happens, we will leak the non-deactivated element, it becomes\nunreachable.\n\nThe element that got deactivated (and will be freed later) will\nremain reachable in the set data structure, this can result in\na crash when such an element is retrieved during lookup (stale\npointer).\n\nAdd a check that the fully matching key does in fact map to the element\nthat we have marked as inactive in the deactivation step.\nIf not, we need to continue searching.\n\nAdd a bug/warn trap at the end of the function as well, the remove\nfunction must not ever be called with an invisible/unreachable/non-existent\nelement.\n\nv2: avoid uneeded temporary variable (Stefano)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26924",
"url": "https://www.suse.com/security/cve/CVE-2024-26924"
},
{
"category": "external",
"summary": "SUSE Bug 1223387 for CVE-2024-26924",
"url": "https://bugzilla.suse.com/1223387"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-26924"
},
{
"cve": "CVE-2024-27019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()\n\nnft_unregister_obj() can concurrent with __nft_obj_type_get(),\nand there is not any protection when iterate over nf_tables_objects\nlist in __nft_obj_type_get(). Therefore, there is potential data-race\nof nf_tables_objects list entry.\n\nUse list_for_each_entry_rcu() to iterate over nf_tables_objects\nlist in __nft_obj_type_get(), and use rcu_read_lock() in the caller\nnft_obj_type_get() to protect the entire type query process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27019",
"url": "https://www.suse.com/security/cve/CVE-2024-27019"
},
{
"category": "external",
"summary": "SUSE Bug 1223813 for CVE-2024-27019",
"url": "https://bugzilla.suse.com/1223813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-27019"
},
{
"cve": "CVE-2024-27020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()\n\nnft_unregister_expr() can concurrent with __nft_expr_type_get(),\nand there is not any protection when iterate over nf_tables_expressions\nlist in __nft_expr_type_get(). Therefore, there is potential data-race\nof nf_tables_expressions list entry.\n\nUse list_for_each_entry_rcu() to iterate over nf_tables_expressions\nlist in __nft_expr_type_get(), and use rcu_read_lock() in the caller\nnft_expr_type_get() to protect the entire type query process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27020",
"url": "https://www.suse.com/security/cve/CVE-2024-27020"
},
{
"category": "external",
"summary": "SUSE Bug 1223815 for CVE-2024-27020",
"url": "https://bugzilla.suse.com/1223815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-27020"
},
{
"cve": "CVE-2024-27025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27025"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: null check for nla_nest_start\n\nnla_nest_start() may fail and return NULL. Insert a check and set errno\nbased on other call sites within the same source code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27025",
"url": "https://www.suse.com/security/cve/CVE-2024-27025"
},
{
"category": "external",
"summary": "SUSE Bug 1223778 for CVE-2024-27025",
"url": "https://bugzilla.suse.com/1223778"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-27025"
},
{
"cve": "CVE-2024-27437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27437"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Disable auto-enable of exclusive INTx IRQ\n\nCurrently for devices requiring masking at the irqchip for INTx, ie.\ndevices without DisINTx support, the IRQ is enabled in request_irq()\nand subsequently disabled as necessary to align with the masked status\nflag. This presents a window where the interrupt could fire between\nthese events, resulting in the IRQ incrementing the disable depth twice.\nThis would be unrecoverable for a user since the masked flag prevents\nnested enables through vfio.\n\nInstead, invert the logic using IRQF_NO_AUTOEN such that exclusive INTx\nis never auto-enabled, then unmask as required.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27437",
"url": "https://www.suse.com/security/cve/CVE-2024-27437"
},
{
"category": "external",
"summary": "SUSE Bug 1222625 for CVE-2024-27437",
"url": "https://bugzilla.suse.com/1222625"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-27437"
},
{
"cve": "CVE-2024-35805",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35805"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm snapshot: fix lockup in dm_exception_table_exit\n\nThere was reported lockup when we exit a snapshot with many exceptions.\nFix this by adding \"cond_resched\" to the loop that frees the exceptions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35805",
"url": "https://www.suse.com/security/cve/CVE-2024-35805"
},
{
"category": "external",
"summary": "SUSE Bug 1224743 for CVE-2024-35805",
"url": "https://bugzilla.suse.com/1224743"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-35805"
},
{
"cve": "CVE-2024-35806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35806"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: fsl: qbman: Always disable interrupts when taking cgr_lock\n\nsmp_call_function_single disables IRQs when executing the callback. To\nprevent deadlocks, we must disable IRQs when taking cgr_lock elsewhere.\nThis is already done by qman_update_cgr and qman_delete_cgr; fix the\nother lockers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35806",
"url": "https://www.suse.com/security/cve/CVE-2024-35806"
},
{
"category": "external",
"summary": "SUSE Bug 1224699 for CVE-2024-35806",
"url": "https://bugzilla.suse.com/1224699"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-35806"
},
{
"cve": "CVE-2024-35819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: fsl: qbman: Use raw spinlock for cgr_lock\n\nsmp_call_function always runs its callback in hard IRQ context, even on\nPREEMPT_RT, where spinlocks can sleep. So we need to use a raw spinlock\nfor cgr_lock to ensure we aren\u0027t waiting on a sleeping task.\n\nAlthough this bug has existed for a while, it was not apparent until\ncommit ef2a8d5478b9 (\"net: dpaa: Adjust queue depth on rate change\")\nwhich invokes smp_call_function_single via qman_update_cgr_safe every\ntime a link goes up or down.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35819",
"url": "https://www.suse.com/security/cve/CVE-2024-35819"
},
{
"category": "external",
"summary": "SUSE Bug 1224683 for CVE-2024-35819",
"url": "https://bugzilla.suse.com/1224683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-35819"
},
{
"cve": "CVE-2024-35828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()\n\nIn the for statement of lbs_allocate_cmd_buffer(), if the allocation of\ncmdarray[i].cmdbuf fails, both cmdarray and cmdarray[i].cmdbuf needs to\nbe freed. Otherwise, there will be memleaks in lbs_allocate_cmd_buffer().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35828",
"url": "https://www.suse.com/security/cve/CVE-2024-35828"
},
{
"category": "external",
"summary": "SUSE Bug 1224622 for CVE-2024-35828",
"url": "https://bugzilla.suse.com/1224622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-35828"
},
{
"cve": "CVE-2024-35837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35837"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: clear BM pool before initialization\n\nRegister value persist after booting the kernel using\nkexec which results in kernel panic. Thus clear the\nBM pool registers before initialisation to fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35837",
"url": "https://www.suse.com/security/cve/CVE-2024-35837"
},
{
"category": "external",
"summary": "SUSE Bug 1224500 for CVE-2024-35837",
"url": "https://bugzilla.suse.com/1224500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-35837"
},
{
"cve": "CVE-2024-35887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35887"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: fix use-after-free bugs caused by ax25_ds_del_timer\n\nWhen the ax25 device is detaching, the ax25_dev_device_down()\ncalls ax25_ds_del_timer() to cleanup the slave_timer. When\nthe timer handler is running, the ax25_ds_del_timer() that\ncalls del_timer() in it will return directly. As a result,\nthe use-after-free bugs could happen, one of the scenarios\nis shown below:\n\n (Thread 1) | (Thread 2)\n | ax25_ds_timeout()\nax25_dev_device_down() |\n ax25_ds_del_timer() |\n del_timer() |\n ax25_dev_put() //FREE |\n | ax25_dev-\u003e //USE\n\nIn order to mitigate bugs, when the device is detaching, use\ntimer_shutdown_sync() to stop the timer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35887",
"url": "https://www.suse.com/security/cve/CVE-2024-35887"
},
{
"category": "external",
"summary": "SUSE Bug 1224663 for CVE-2024-35887",
"url": "https://bugzilla.suse.com/1224663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-35887"
},
{
"cve": "CVE-2024-35893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35893"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_skbmod: prevent kernel-infoleak\n\nsyzbot found that tcf_skbmod_dump() was copying four bytes\nfrom kernel stack to user space [1].\n\nThe issue here is that \u0027struct tc_skbmod\u0027 has a four bytes hole.\n\nWe need to clear the structure before filling fields.\n\n[1]\nBUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline]\n BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline]\n BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline]\n BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n copy_to_user_iter lib/iov_iter.c:24 [inline]\n iterate_ubuf include/linux/iov_iter.h:29 [inline]\n iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n iterate_and_advance include/linux/iov_iter.h:271 [inline]\n _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185\n copy_to_iter include/linux/uio.h:196 [inline]\n simple_copy_to_iter net/core/datagram.c:532 [inline]\n __skb_datagram_iter+0x185/0x1000 net/core/datagram.c:420\n skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:546\n skb_copy_datagram_msg include/linux/skbuff.h:4050 [inline]\n netlink_recvmsg+0x432/0x1610 net/netlink/af_netlink.c:1962\n sock_recvmsg_nosec net/socket.c:1046 [inline]\n sock_recvmsg+0x2c4/0x340 net/socket.c:1068\n __sys_recvfrom+0x35a/0x5f0 net/socket.c:2242\n __do_sys_recvfrom net/socket.c:2260 [inline]\n __se_sys_recvfrom net/socket.c:2256 [inline]\n __x64_sys_recvfrom+0x126/0x1d0 net/socket.c:2256\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was stored to memory at:\n pskb_expand_head+0x30f/0x19d0 net/core/skbuff.c:2253\n netlink_trim+0x2c2/0x330 net/netlink/af_netlink.c:1317\n netlink_unicast+0x9f/0x1260 net/netlink/af_netlink.c:1351\n nlmsg_unicast include/net/netlink.h:1144 [inline]\n nlmsg_notify+0x21d/0x2f0 net/netlink/af_netlink.c:2610\n rtnetlink_send+0x73/0x90 net/core/rtnetlink.c:741\n rtnetlink_maybe_send include/linux/rtnetlink.h:17 [inline]\n tcf_add_notify net/sched/act_api.c:2048 [inline]\n tcf_action_add net/sched/act_api.c:2071 [inline]\n tc_ctl_action+0x146e/0x19d0 net/sched/act_api.c:2119\n rtnetlink_rcv_msg+0x1737/0x1900 net/core/rtnetlink.c:6595\n netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2559\n rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6613\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xf4c/0x1260 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10df/0x11f0 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:745\n ____sys_sendmsg+0x877/0xb60 net/socket.c:2584\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n __sys_sendmsg net/socket.c:2667 [inline]\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2674\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was stored to memory at:\n __nla_put lib/nlattr.c:1041 [inline]\n nla_put+0x1c6/0x230 lib/nlattr.c:1099\n tcf_skbmod_dump+0x23f/0xc20 net/sched/act_skbmod.c:256\n tcf_action_dump_old net/sched/act_api.c:1191 [inline]\n tcf_action_dump_1+0x85e/0x970 net/sched/act_api.c:1227\n tcf_action_dump+0x1fd/0x460 net/sched/act_api.c:1251\n tca_get_fill+0x519/0x7a0 net/sched/act_api.c:1628\n tcf_add_notify_msg net/sched/act_api.c:2023 [inline]\n tcf_add_notify net/sched/act_api.c:2042 [inline]\n tcf_action_add net/sched/act_api.c:2071 [inline]\n tc_ctl_action+0x1365/0x19d0 net/sched/act_api.c:2119\n rtnetlink_rcv_msg+0x1737/0x1900 net/core/rtnetlink.c:6595\n netlink_rcv_skb+0x375/0x650 net/netlink/af_netli\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35893",
"url": "https://www.suse.com/security/cve/CVE-2024-35893"
},
{
"category": "external",
"summary": "SUSE Bug 1224512 for CVE-2024-35893",
"url": "https://bugzilla.suse.com/1224512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-35893"
},
{
"cve": "CVE-2024-35934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()\n\nMany syzbot reports show extreme rtnl pressure, and many of them hint\nthat smc acquires rtnl in netns creation for no good reason [1]\n\nThis patch returns early from smc_pnet_net_init()\nif there is no netdevice yet.\n\nI am not even sure why smc_pnet_create_pnetids_list() even exists,\nbecause smc_pnet_netdev_event() is also calling\nsmc_pnet_add_base_pnetid() when handling NETDEV_UP event.\n\n[1] extract of typical syzbot reports\n\n2 locks held by syz-executor.3/12252:\n #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.4/12253:\n #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.1/12257:\n #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.2/12261:\n #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.0/12265:\n #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.3/12268:\n #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.4/12271:\n #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.1/12274:\n #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878\n2 locks held by syz-executor.2/12280:\n #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]\n #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35934",
"url": "https://www.suse.com/security/cve/CVE-2024-35934"
},
{
"category": "external",
"summary": "SUSE Bug 1224641 for CVE-2024-35934",
"url": "https://bugzilla.suse.com/1224641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "low"
}
],
"title": "CVE-2024-35934"
},
{
"cve": "CVE-2024-35947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndyndbg: fix old BUG_ON in \u003econtrol parser\n\nFix a BUG_ON from 2009. Even if it looks \"unreachable\" (I didn\u0027t\nreally look), lets make sure by removing it, doing pr_err and return\n-EINVAL instead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35947",
"url": "https://www.suse.com/security/cve/CVE-2024-35947"
},
{
"category": "external",
"summary": "SUSE Bug 1224647 for CVE-2024-35947",
"url": "https://bugzilla.suse.com/1224647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-35947"
},
{
"cve": "CVE-2024-35949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35949"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: make sure that WRITTEN is set on all metadata blocks\n\nWe previously would call btrfs_check_leaf() if we had the check\nintegrity code enabled, which meant that we could only run the extended\nleaf checks if we had WRITTEN set on the header flags.\n\nThis leaves a gap in our checking, because we could end up with\ncorruption on disk where WRITTEN isn\u0027t set on the leaf, and then the\nextended leaf checks don\u0027t get run which we rely on to validate all of\nthe item pointers to make sure we don\u0027t access memory outside of the\nextent buffer.\n\nHowever, since 732fab95abe2 (\"btrfs: check-integrity: remove\nCONFIG_BTRFS_FS_CHECK_INTEGRITY option\") we no longer call\nbtrfs_check_leaf() from btrfs_mark_buffer_dirty(), which means we only\never call it on blocks that are being written out, and thus have WRITTEN\nset, or that are being read in, which should have WRITTEN set.\n\nAdd checks to make sure we have WRITTEN set appropriately, and then make\nsure __btrfs_check_leaf() always does the item checking. This will\nprotect us from file systems that have been corrupted and no longer have\nWRITTEN set on some of the blocks.\n\nThis was hit on a crafted image tweaking the WRITTEN bit and reported by\nKASAN as out-of-bound access in the eb accessors. The example is a dir\nitem at the end of an eb.\n\n [2.042] BTRFS warning (device loop1): bad eb member start: ptr 0x3fff start 30572544 member offset 16410 size 2\n [2.040] general protection fault, probably for non-canonical address 0xe0009d1000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI\n [2.537] KASAN: maybe wild-memory-access in range [0x0005088000000018-0x000508800000001f]\n [2.729] CPU: 0 PID: 2587 Comm: mount Not tainted 6.8.2 #1\n [2.729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [2.621] RIP: 0010:btrfs_get_16+0x34b/0x6d0\n [2.621] RSP: 0018:ffff88810871fab8 EFLAGS: 00000206\n [2.621] RAX: 0000a11000000003 RBX: ffff888104ff8720 RCX: ffff88811b2288c0\n [2.621] RDX: dffffc0000000000 RSI: ffffffff81dd8aca RDI: ffff88810871f748\n [2.621] RBP: 000000000000401a R08: 0000000000000001 R09: ffffed10210e3ee9\n [2.621] R10: ffff88810871f74f R11: 205d323430333737 R12: 000000000000001a\n [2.621] R13: 000508800000001a R14: 1ffff110210e3f5d R15: ffffffff850011e8\n [2.621] FS: 00007f56ea275840(0000) GS:ffff88811b200000(0000) knlGS:0000000000000000\n [2.621] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [2.621] CR2: 00007febd13b75c0 CR3: 000000010bb50000 CR4: 00000000000006f0\n [2.621] Call Trace:\n [2.621] \u003cTASK\u003e\n [2.621] ? show_regs+0x74/0x80\n [2.621] ? die_addr+0x46/0xc0\n [2.621] ? exc_general_protection+0x161/0x2a0\n [2.621] ? asm_exc_general_protection+0x26/0x30\n [2.621] ? btrfs_get_16+0x33a/0x6d0\n [2.621] ? btrfs_get_16+0x34b/0x6d0\n [2.621] ? btrfs_get_16+0x33a/0x6d0\n [2.621] ? __pfx_btrfs_get_16+0x10/0x10\n [2.621] ? __pfx_mutex_unlock+0x10/0x10\n [2.621] btrfs_match_dir_item_name+0x101/0x1a0\n [2.621] btrfs_lookup_dir_item+0x1f3/0x280\n [2.621] ? __pfx_btrfs_lookup_dir_item+0x10/0x10\n [2.621] btrfs_get_tree+0xd25/0x1910\n\n[ copy more details from report ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35949",
"url": "https://www.suse.com/security/cve/CVE-2024-35949"
},
{
"category": "external",
"summary": "SUSE Bug 1224700 for CVE-2024-35949",
"url": "https://bugzilla.suse.com/1224700"
},
{
"category": "external",
"summary": "SUSE Bug 1229273 for CVE-2024-35949",
"url": "https://bugzilla.suse.com/1229273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-35949"
},
{
"cve": "CVE-2024-35966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35966"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: RFCOMM: Fix not validating setsockopt user input\n\nsyzbot reported rfcomm_sock_setsockopt_old() is copying data without\nchecking user input length.\n\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset\ninclude/linux/sockptr.h:49 [inline]\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr\ninclude/linux/sockptr.h:55 [inline]\nBUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt_old\nnet/bluetooth/rfcomm/sock.c:632 [inline]\nBUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt+0x893/0xa70\nnet/bluetooth/rfcomm/sock.c:673\nRead of size 4 at addr ffff8880209a8bc3 by task syz-executor632/5064",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35966",
"url": "https://www.suse.com/security/cve/CVE-2024-35966"
},
{
"category": "external",
"summary": "SUSE Bug 1224576 for CVE-2024-35966",
"url": "https://bugzilla.suse.com/1224576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-35966"
},
{
"cve": "CVE-2024-35967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35967"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SCO: Fix not validating setsockopt user input\n\nsyzbot reported sco_sock_setsockopt() is copying data without\nchecking user input length.\n\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset\ninclude/linux/sockptr.h:49 [inline]\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr\ninclude/linux/sockptr.h:55 [inline]\nBUG: KASAN: slab-out-of-bounds in sco_sock_setsockopt+0xc0b/0xf90\nnet/bluetooth/sco.c:893\nRead of size 4 at addr ffff88805f7b15a3 by task syz-executor.5/12578",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35967",
"url": "https://www.suse.com/security/cve/CVE-2024-35967"
},
{
"category": "external",
"summary": "SUSE Bug 1224587 for CVE-2024-35967",
"url": "https://bugzilla.suse.com/1224587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-35967"
},
{
"cve": "CVE-2024-35978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix memory leak in hci_req_sync_complete()\n\nIn \u0027hci_req_sync_complete()\u0027, always free the previous sync\nrequest state before assigning reference to a new one.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35978",
"url": "https://www.suse.com/security/cve/CVE-2024-35978"
},
{
"category": "external",
"summary": "SUSE Bug 1224571 for CVE-2024-35978",
"url": "https://bugzilla.suse.com/1224571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-35978"
},
{
"cve": "CVE-2024-35995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Use access_width over bit_width for system memory accesses\n\nTo align with ACPI 6.3+, since bit_width can be any 8-bit value, it\ncannot be depended on to be always on a clean 8b boundary. This was\nuncovered on the Cobalt 100 platform.\n\nSError Interrupt on CPU26, code 0xbe000011 -- SError\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)\n pc : cppc_get_perf_caps+0xec/0x410\n lr : cppc_get_perf_caps+0xe8/0x410\n sp : ffff8000155ab730\n x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078\n x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff\n x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000\n x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff\n x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008\n x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006\n x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec\n x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028\n x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff\n x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000\n Kernel panic - not syncing: Asynchronous SError Interrupt\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted\n5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n Call trace:\n dump_backtrace+0x0/0x1e0\n show_stack+0x24/0x30\n dump_stack_lvl+0x8c/0xb8\n dump_stack+0x18/0x34\n panic+0x16c/0x384\n add_taint+0x0/0xc0\n arm64_serror_panic+0x7c/0x90\n arm64_is_fatal_ras_serror+0x34/0xa4\n do_serror+0x50/0x6c\n el1h_64_error_handler+0x40/0x74\n el1h_64_error+0x7c/0x80\n cppc_get_perf_caps+0xec/0x410\n cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq]\n cpufreq_online+0x2dc/0xa30\n cpufreq_add_dev+0xc0/0xd4\n subsys_interface_register+0x134/0x14c\n cpufreq_register_driver+0x1b0/0x354\n cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq]\n do_one_initcall+0x50/0x250\n do_init_module+0x60/0x27c\n load_module+0x2300/0x2570\n __do_sys_finit_module+0xa8/0x114\n __arm64_sys_finit_module+0x2c/0x3c\n invoke_syscall+0x78/0x100\n el0_svc_common.constprop.0+0x180/0x1a0\n do_el0_svc+0x84/0xa0\n el0_svc+0x2c/0xc0\n el0t_64_sync_handler+0xa4/0x12c\n el0t_64_sync+0x1a4/0x1a8\n\nInstead, use access_width to determine the size and use the offset and\nwidth to shift and mask the bits to read/write out. Make sure to add a\ncheck for system memory since pcc redefines the access_width to\nsubspace id.\n\nIf access_width is not set, then fall back to using bit_width.\n\n[ rjw: Subject and changelog edits, comment adjustments ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35995",
"url": "https://www.suse.com/security/cve/CVE-2024-35995"
},
{
"category": "external",
"summary": "SUSE Bug 1224557 for CVE-2024-35995",
"url": "https://bugzilla.suse.com/1224557"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-35995"
},
{
"cve": "CVE-2024-36004",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36004"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Do not use WQ_MEM_RECLAIM flag for workqueue\n\nIssue reported by customer during SRIOV testing, call trace:\nWhen both i40e and the i40iw driver are loaded, a warning\nin check_flush_dependency is being triggered. This seems\nto be because of the i40e driver workqueue is allocated with\nthe WQ_MEM_RECLAIM flag, and the i40iw one is not.\n\nSimilar error was encountered on ice too and it was fixed by\nremoving the flag. Do the same for i40e too.\n\n[Feb 9 09:08] ------------[ cut here ]------------\n[ +0.000004] workqueue: WQ_MEM_RECLAIM i40e:i40e_service_task [i40e] is\nflushing !WQ_MEM_RECLAIM infiniband:0x0\n[ +0.000060] WARNING: CPU: 0 PID: 937 at kernel/workqueue.c:2966\ncheck_flush_dependency+0x10b/0x120\n[ +0.000007] Modules linked in: snd_seq_dummy snd_hrtimer snd_seq\nsnd_timer snd_seq_device snd soundcore nls_utf8 cifs cifs_arc4\nnls_ucs2_utils rdma_cm iw_cm ib_cm cifs_md4 dns_resolver netfs qrtr\nrfkill sunrpc vfat fat intel_rapl_msr intel_rapl_common irdma\nintel_uncore_frequency intel_uncore_frequency_common ice ipmi_ssif\nisst_if_common skx_edac nfit libnvdimm x86_pkg_temp_thermal\nintel_powerclamp gnss coretemp ib_uverbs rapl intel_cstate ib_core\niTCO_wdt iTCO_vendor_support acpi_ipmi mei_me ipmi_si intel_uncore\nioatdma i2c_i801 joydev pcspkr mei ipmi_devintf lpc_ich\nintel_pch_thermal i2c_smbus ipmi_msghandler acpi_power_meter acpi_pad\nxfs libcrc32c ast sd_mod drm_shmem_helper t10_pi drm_kms_helper sg ixgbe\ndrm i40e ahci crct10dif_pclmul libahci crc32_pclmul igb crc32c_intel\nlibata ghash_clmulni_intel i2c_algo_bit mdio dca wmi dm_mirror\ndm_region_hash dm_log dm_mod fuse\n[ +0.000050] CPU: 0 PID: 937 Comm: kworker/0:3 Kdump: loaded Not\ntainted 6.8.0-rc2-Feb-net_dev-Qiueue-00279-gbd43c5687e05 #1\n[ +0.000003] Hardware name: Intel Corporation S2600BPB/S2600BPB, BIOS\nSE5C620.86B.02.01.0013.121520200651 12/15/2020\n[ +0.000001] Workqueue: i40e i40e_service_task [i40e]\n[ +0.000024] RIP: 0010:check_flush_dependency+0x10b/0x120\n[ +0.000003] Code: ff 49 8b 54 24 18 48 8d 8b b0 00 00 00 49 89 e8 48\n81 c6 b0 00 00 00 48 c7 c7 b0 97 fa 9f c6 05 8a cc 1f 02 01 e8 35 b3 fd\nff \u003c0f\u003e 0b e9 10 ff ff ff 80 3d 78 cc 1f 02 00 75 94 e9 46 ff ff ff 90\n[ +0.000002] RSP: 0018:ffffbd294976bcf8 EFLAGS: 00010282\n[ +0.000002] RAX: 0000000000000000 RBX: ffff94d4c483c000 RCX:\n0000000000000027\n[ +0.000001] RDX: ffff94d47f620bc8 RSI: 0000000000000001 RDI:\nffff94d47f620bc0\n[ +0.000001] RBP: 0000000000000000 R08: 0000000000000000 R09:\n00000000ffff7fff\n[ +0.000001] R10: ffffbd294976bb98 R11: ffffffffa0be65e8 R12:\nffff94c5451ea180\n[ +0.000001] R13: ffff94c5ab5e8000 R14: ffff94c5c20b6e05 R15:\nffff94c5f1330ab0\n[ +0.000001] FS: 0000000000000000(0000) GS:ffff94d47f600000(0000)\nknlGS:0000000000000000\n[ +0.000002] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ +0.000001] CR2: 00007f9e6f1fca70 CR3: 0000000038e20004 CR4:\n00000000007706f0\n[ +0.000000] DR0: 0000000000000000 DR1: 0000000000000000 DR2:\n0000000000000000\n[ +0.000001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:\n0000000000000400\n[ +0.000001] PKRU: 55555554\n[ +0.000001] Call Trace:\n[ +0.000001] \u003cTASK\u003e\n[ +0.000002] ? __warn+0x80/0x130\n[ +0.000003] ? check_flush_dependency+0x10b/0x120\n[ +0.000002] ? report_bug+0x195/0x1a0\n[ +0.000005] ? handle_bug+0x3c/0x70\n[ +0.000003] ? exc_invalid_op+0x14/0x70\n[ +0.000002] ? asm_exc_invalid_op+0x16/0x20\n[ +0.000006] ? check_flush_dependency+0x10b/0x120\n[ +0.000002] ? check_flush_dependency+0x10b/0x120\n[ +0.000002] __flush_workqueue+0x126/0x3f0\n[ +0.000015] ib_cache_cleanup_one+0x1c/0xe0 [ib_core]\n[ +0.000056] __ib_unregister_device+0x6a/0xb0 [ib_core]\n[ +0.000023] ib_unregister_device_and_put+0x34/0x50 [ib_core]\n[ +0.000020] i40iw_close+0x4b/0x90 [irdma]\n[ +0.000022] i40e_notify_client_of_netdev_close+0x54/0xc0 [i40e]\n[ +0.000035] i40e_service_task+0x126/0x190 [i40e]\n[ +0.000024] process_one_work+0x174/0x340\n[ +0.000003] worker_th\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36004",
"url": "https://www.suse.com/security/cve/CVE-2024-36004"
},
{
"category": "external",
"summary": "SUSE Bug 1224545 for CVE-2024-36004",
"url": "https://bugzilla.suse.com/1224545"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-36004"
},
{
"cve": "CVE-2024-36014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/arm/malidp: fix a possible null pointer dereference\n\nIn malidp_mw_connector_reset, new memory is allocated with kzalloc, but\nno check is performed. In order to prevent null pointer dereferencing,\nensure that mw_state is checked before calling\n__drm_atomic_helper_connector_reset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36014",
"url": "https://www.suse.com/security/cve/CVE-2024-36014"
},
{
"category": "external",
"summary": "SUSE Bug 1225593 for CVE-2024-36014",
"url": "https://bugzilla.suse.com/1225593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-36014"
},
{
"cve": "CVE-2024-36288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36288"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix loop termination condition in gss_free_in_token_pages()\n\nThe in_token-\u003epages[] array is not NULL terminated. This results in\nthe following KASAN splat:\n\n KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36288",
"url": "https://www.suse.com/security/cve/CVE-2024-36288"
},
{
"category": "external",
"summary": "SUSE Bug 1226834 for CVE-2024-36288",
"url": "https://bugzilla.suse.com/1226834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-36288"
},
{
"cve": "CVE-2024-36592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36592"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36592",
"url": "https://www.suse.com/security/cve/CVE-2024-36592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "important"
}
],
"title": "CVE-2024-36592"
},
{
"cve": "CVE-2024-36901",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36901"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent NULL dereference in ip6_output()\n\nAccording to syzbot, there is a chance that ip6_dst_idev()\nreturns NULL in ip6_output(). Most places in IPv6 stack\ndeal with a NULL idev just fine, but not here.\n\nsyzbot reported:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc00000000bc: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x00000000000005e0-0x00000000000005e7]\nCPU: 0 PID: 9775 Comm: syz-executor.4 Not tainted 6.9.0-rc5-syzkaller-00157-g6a30653b604a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\n RIP: 0010:ip6_output+0x231/0x3f0 net/ipv6/ip6_output.c:237\nCode: 3c 1e 00 49 89 df 74 08 4c 89 ef e8 19 58 db f7 48 8b 44 24 20 49 89 45 00 49 89 c5 48 8d 9d e0 05 00 00 48 89 d8 48 c1 e8 03 \u003c42\u003e 0f b6 04 38 84 c0 4c 8b 74 24 28 0f 85 61 01 00 00 8b 1b 31 ff\nRSP: 0018:ffffc9000927f0d8 EFLAGS: 00010202\nRAX: 00000000000000bc RBX: 00000000000005e0 RCX: 0000000000040000\nRDX: ffffc900131f9000 RSI: 0000000000004f47 RDI: 0000000000004f48\nRBP: 0000000000000000 R08: ffffffff8a1f0b9a R09: 1ffffffff1f51fad\nR10: dffffc0000000000 R11: fffffbfff1f51fae R12: ffff8880293ec8c0\nR13: ffff88805d7fc000 R14: 1ffff1100527d91a R15: dffffc0000000000\nFS: 00007f135c6856c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000080 CR3: 0000000064096000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip6_xmit+0xefe/0x17f0 net/ipv6/ip6_output.c:358\n sctp_v6_xmit+0x9f2/0x13f0 net/sctp/ipv6.c:248\n sctp_packet_transmit+0x26ad/0x2ca0 net/sctp/output.c:653\n sctp_packet_singleton+0x22c/0x320 net/sctp/outqueue.c:783\n sctp_outq_flush_ctrl net/sctp/outqueue.c:914 [inline]\n sctp_outq_flush+0x6d5/0x3e20 net/sctp/outqueue.c:1212\n sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline]\n sctp_do_sm+0x59cc/0x60c0 net/sctp/sm_sideeffect.c:1169\n sctp_primitive_ASSOCIATE+0x95/0xc0 net/sctp/primitive.c:73\n __sctp_connect+0x9cd/0xe30 net/sctp/socket.c:1234\n sctp_connect net/sctp/socket.c:4819 [inline]\n sctp_inet_connect+0x149/0x1f0 net/sctp/socket.c:4834\n __sys_connect_file net/socket.c:2048 [inline]\n __sys_connect+0x2df/0x310 net/socket.c:2065\n __do_sys_connect net/socket.c:2075 [inline]\n __se_sys_connect net/socket.c:2072 [inline]\n __x64_sys_connect+0x7a/0x90 net/socket.c:2072\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36901",
"url": "https://www.suse.com/security/cve/CVE-2024-36901"
},
{
"category": "external",
"summary": "SUSE Bug 1225711 for CVE-2024-36901",
"url": "https://bugzilla.suse.com/1225711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-36901"
},
{
"cve": "CVE-2024-36902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()\n\nsyzbot is able to trigger the following crash [1],\ncaused by unsafe ip6_dst_idev() use.\n\nIndeed ip6_dst_idev() can return NULL, and must always be checked.\n\n[1]\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 0 PID: 31648 Comm: syz-executor.0 Not tainted 6.9.0-rc4-next-20240417-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\n RIP: 0010:__fib6_rule_action net/ipv6/fib6_rules.c:237 [inline]\n RIP: 0010:fib6_rule_action+0x241/0x7b0 net/ipv6/fib6_rules.c:267\nCode: 02 00 00 49 8d 9f d8 00 00 00 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 f9 32 bf f7 48 8b 1b 48 89 d8 48 c1 e8 03 \u003c42\u003e 80 3c 20 00 74 08 48 89 df e8 e0 32 bf f7 4c 8b 03 48 89 ef 4c\nRSP: 0018:ffffc9000fc1f2f0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 1a772f98c8186700\nRDX: 0000000000000003 RSI: ffffffff8bcac4e0 RDI: ffffffff8c1f9760\nRBP: ffff8880673fb980 R08: ffffffff8fac15ef R09: 1ffffffff1f582bd\nR10: dffffc0000000000 R11: fffffbfff1f582be R12: dffffc0000000000\nR13: 0000000000000080 R14: ffff888076509000 R15: ffff88807a029a00\nFS: 00007f55e82ca6c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b31d23000 CR3: 0000000022b66000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n fib_rules_lookup+0x62c/0xdb0 net/core/fib_rules.c:317\n fib6_rule_lookup+0x1fd/0x790 net/ipv6/fib6_rules.c:108\n ip6_route_output_flags_noref net/ipv6/route.c:2637 [inline]\n ip6_route_output_flags+0x38e/0x610 net/ipv6/route.c:2649\n ip6_route_output include/net/ip6_route.h:93 [inline]\n ip6_dst_lookup_tail+0x189/0x11a0 net/ipv6/ip6_output.c:1120\n ip6_dst_lookup_flow+0xb9/0x180 net/ipv6/ip6_output.c:1250\n sctp_v6_get_dst+0x792/0x1e20 net/sctp/ipv6.c:326\n sctp_transport_route+0x12c/0x2e0 net/sctp/transport.c:455\n sctp_assoc_add_peer+0x614/0x15c0 net/sctp/associola.c:662\n sctp_connect_new_asoc+0x31d/0x6c0 net/sctp/socket.c:1099\n __sctp_connect+0x66d/0xe30 net/sctp/socket.c:1197\n sctp_connect net/sctp/socket.c:4819 [inline]\n sctp_inet_connect+0x149/0x1f0 net/sctp/socket.c:4834\n __sys_connect_file net/socket.c:2048 [inline]\n __sys_connect+0x2df/0x310 net/socket.c:2065\n __do_sys_connect net/socket.c:2075 [inline]\n __se_sys_connect net/socket.c:2072 [inline]\n __x64_sys_connect+0x7a/0x90 net/socket.c:2072\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36902",
"url": "https://www.suse.com/security/cve/CVE-2024-36902"
},
{
"category": "external",
"summary": "SUSE Bug 1225719 for CVE-2024-36902",
"url": "https://bugzilla.suse.com/1225719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-36902"
},
{
"cve": "CVE-2024-36919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36919"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload\n\nThe session resources are used by FW and driver when session is offloaded,\nonce session is uploaded these resources are not used. The lock is not\nrequired as these fields won\u0027t be used any longer. The offload and upload\ncalls are sequential, hence lock is not required.\n\nThis will suppress following BUG_ON():\n\n[ 449.843143] ------------[ cut here ]------------\n[ 449.848302] kernel BUG at mm/vmalloc.c:2727!\n[ 449.853072] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[ 449.858712] CPU: 5 PID: 1996 Comm: kworker/u24:2 Not tainted 5.14.0-118.el9.x86_64 #1\nRebooting.\n[ 449.867454] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.3.4 11/08/2016\n[ 449.876966] Workqueue: fc_rport_eq fc_rport_work [libfc]\n[ 449.882910] RIP: 0010:vunmap+0x2e/0x30\n[ 449.887098] Code: 00 65 8b 05 14 a2 f0 4a a9 00 ff ff 00 75 1b 55 48 89 fd e8 34 36 79 00 48 85 ed 74 0b 48 89 ef 31 f6 5d e9 14 fc ff ff 5d c3 \u003c0f\u003e 0b 0f 1f 44 00 00 41 57 41 56 49 89 ce 41 55 49 89 fd 41 54 41\n[ 449.908054] RSP: 0018:ffffb83d878b3d68 EFLAGS: 00010206\n[ 449.913887] RAX: 0000000080000201 RBX: ffff8f4355133550 RCX: 000000000d400005\n[ 449.921843] RDX: 0000000000000001 RSI: 0000000000001000 RDI: ffffb83da53f5000\n[ 449.929808] RBP: ffff8f4ac6675800 R08: ffffb83d878b3d30 R09: 00000000000efbdf\n[ 449.937774] R10: 0000000000000003 R11: ffff8f434573e000 R12: 0000000000001000\n[ 449.945736] R13: 0000000000001000 R14: ffffb83da53f5000 R15: ffff8f43d4ea3ae0\n[ 449.953701] FS: 0000000000000000(0000) GS:ffff8f529fc80000(0000) knlGS:0000000000000000\n[ 449.962732] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 449.969138] CR2: 00007f8cf993e150 CR3: 0000000efbe10003 CR4: 00000000003706e0\n[ 449.977102] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 449.985065] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 449.993028] Call Trace:\n[ 449.995756] __iommu_dma_free+0x96/0x100\n[ 450.000139] bnx2fc_free_session_resc+0x67/0x240 [bnx2fc]\n[ 450.006171] bnx2fc_upload_session+0xce/0x100 [bnx2fc]\n[ 450.011910] bnx2fc_rport_event_handler+0x9f/0x240 [bnx2fc]\n[ 450.018136] fc_rport_work+0x103/0x5b0 [libfc]\n[ 450.023103] process_one_work+0x1e8/0x3c0\n[ 450.027581] worker_thread+0x50/0x3b0\n[ 450.031669] ? rescuer_thread+0x370/0x370\n[ 450.036143] kthread+0x149/0x170\n[ 450.039744] ? set_kthread_struct+0x40/0x40\n[ 450.044411] ret_from_fork+0x22/0x30\n[ 450.048404] Modules linked in: vfat msdos fat xfs nfs_layout_nfsv41_files rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver dm_service_time qedf qed crc8 bnx2fc libfcoe libfc scsi_transport_fc intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp dcdbas rapl intel_cstate intel_uncore mei_me pcspkr mei ipmi_ssif lpc_ich ipmi_si fuse zram ext4 mbcache jbd2 loop nfsv3 nfs_acl nfs lockd grace fscache netfs irdma ice sd_mod t10_pi sg ib_uverbs ib_core 8021q garp mrp stp llc mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt mxm_wmi fb_sys_fops cec crct10dif_pclmul ahci crc32_pclmul bnx2x drm ghash_clmulni_intel libahci rfkill i40e libata megaraid_sas mdio wmi sunrpc lrw dm_crypt dm_round_robin dm_multipath dm_snapshot dm_bufio dm_mirror dm_region_hash dm_log dm_zero dm_mod linear raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx raid6_pq libcrc32c crc32c_intel raid1 raid0 iscsi_ibft squashfs be2iscsi bnx2i cnic uio cxgb4i cxgb4 tls\n[ 450.048497] libcxgbi libcxgb qla4xxx iscsi_boot_sysfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi edd ipmi_devintf ipmi_msghandler\n[ 450.159753] ---[ end trace 712de2c57c64abc8 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36919",
"url": "https://www.suse.com/security/cve/CVE-2024-36919"
},
{
"category": "external",
"summary": "SUSE Bug 1225767 for CVE-2024-36919",
"url": "https://bugzilla.suse.com/1225767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-36919"
},
{
"cve": "CVE-2024-36924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()\n\nlpfc_worker_wake_up() calls the lpfc_work_done() routine, which takes the\nhbalock. Thus, lpfc_worker_wake_up() should not be called while holding the\nhbalock to avoid potential deadlock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36924",
"url": "https://www.suse.com/security/cve/CVE-2024-36924"
},
{
"category": "external",
"summary": "SUSE Bug 1225820 for CVE-2024-36924",
"url": "https://bugzilla.suse.com/1225820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-36924"
},
{
"cve": "CVE-2024-36939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36939"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Handle error of rpc_proc_register() in nfs_net_init().\n\nsyzkaller reported a warning [0] triggered while destroying immature\nnetns.\n\nrpc_proc_register() was called in init_nfs_fs(), but its error\nhas been ignored since at least the initial commit 1da177e4c3f4\n(\"Linux-2.6.12-rc2\").\n\nRecently, commit d47151b79e32 (\"nfs: expose /proc/net/sunrpc/nfs\nin net namespaces\") converted the procfs to per-netns and made\nthe problem more visible.\n\nEven when rpc_proc_register() fails, nfs_net_init() could succeed,\nand thus nfs_net_exit() will be called while destroying the netns.\n\nThen, remove_proc_entry() will be called for non-existing proc\ndirectory and trigger the warning below.\n\nLet\u0027s handle the error of rpc_proc_register() properly in nfs_net_init().\n\n[0]:\nname \u0027nfs\u0027\nWARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nModules linked in:\nCPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nCode: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff \u003c0f\u003e 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb\nRSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c\nRDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc\nR13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8\nFS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310\n nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438\n ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170\n setup_net+0x46c/0x660 net/core/net_namespace.c:372\n copy_net_ns+0x244/0x590 net/core/net_namespace.c:505\n create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228\n ksys_unshare+0x342/0x760 kernel/fork.c:3322\n __do_sys_unshare kernel/fork.c:3393 [inline]\n __se_sys_unshare kernel/fork.c:3391 [inline]\n __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0x7f30d0febe5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600\nRBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002\nR13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36939",
"url": "https://www.suse.com/security/cve/CVE-2024-36939"
},
{
"category": "external",
"summary": "SUSE Bug 1225838 for CVE-2024-36939",
"url": "https://bugzilla.suse.com/1225838"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-36939"
},
{
"cve": "CVE-2024-36941",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36941"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: don\u0027t free NULL coalescing rule\n\nIf the parsing fails, we can dereference a NULL pointer here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36941",
"url": "https://www.suse.com/security/cve/CVE-2024-36941"
},
{
"category": "external",
"summary": "SUSE Bug 1225835 for CVE-2024-36941",
"url": "https://bugzilla.suse.com/1225835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-36941"
},
{
"cve": "CVE-2024-36952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36952"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Move NPIV\u0027s transport unregistration to after resource clean up\n\nThere are cases after NPIV deletion where the fabric switch still believes\nthe NPIV is logged into the fabric. This occurs when a vport is\nunregistered before the Remove All DA_ID CT and LOGO ELS are sent to the\nfabric.\n\nCurrently fc_remove_host(), which calls dev_loss_tmo for all D_IDs including\nthe fabric D_ID, removes the last ndlp reference and frees the ndlp rport\nobject. This sometimes causes the race condition where the final DA_ID and\nLOGO are skipped from being sent to the fabric switch.\n\nFix by moving the fc_remove_host() and scsi_remove_host() calls after DA_ID\nand LOGO are sent.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36952",
"url": "https://www.suse.com/security/cve/CVE-2024-36952"
},
{
"category": "external",
"summary": "SUSE Bug 1225898 for CVE-2024-36952",
"url": "https://bugzilla.suse.com/1225898"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-36952"
},
{
"cve": "CVE-2024-38558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38558"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix overwriting ct original tuple for ICMPv6\n\nOVS_PACKET_CMD_EXECUTE has 3 main attributes:\n - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format.\n - OVS_PACKET_ATTR_PACKET - Binary packet content.\n - OVS_PACKET_ATTR_ACTIONS - Actions to execute on the packet.\n\nOVS_PACKET_ATTR_KEY is parsed first to populate sw_flow_key structure\nwith the metadata like conntrack state, input port, recirculation id,\netc. Then the packet itself gets parsed to populate the rest of the\nkeys from the packet headers.\n\nWhenever the packet parsing code starts parsing the ICMPv6 header, it\nfirst zeroes out fields in the key corresponding to Neighbor Discovery\ninformation even if it is not an ND packet.\n\nIt is an \u0027ipv6.nd\u0027 field. However, the \u0027ipv6\u0027 is a union that shares\nthe space between \u0027nd\u0027 and \u0027ct_orig\u0027 that holds the original tuple\nconntrack metadata parsed from the OVS_PACKET_ATTR_KEY.\n\nND packets should not normally have conntrack state, so it\u0027s fine to\nshare the space, but normal ICMPv6 Echo packets or maybe other types of\nICMPv6 can have the state attached and it should not be overwritten.\n\nThe issue results in all but the last 4 bytes of the destination\naddress being wiped from the original conntrack tuple leading to\nincorrect packet matching and potentially executing wrong actions\nin case this packet recirculates within the datapath or goes back\nto userspace.\n\nND fields should not be accessed in non-ND packets, so not clearing\nthem should be fine. Executing memset() only for actual ND packets to\navoid the issue.\n\nInitializing the whole thing before parsing is needed because ND packet\nmay not contain all the options.\n\nThe issue only affects the OVS_PACKET_CMD_EXECUTE path and doesn\u0027t\naffect packets entering OVS datapath from network interfaces, because\nin this case CT metadata is populated from skb after the packet is\nalready parsed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38558",
"url": "https://www.suse.com/security/cve/CVE-2024-38558"
},
{
"category": "external",
"summary": "SUSE Bug 1226783 for CVE-2024-38558",
"url": "https://bugzilla.suse.com/1226783"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-38558"
},
{
"cve": "CVE-2024-38560",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38560"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Ensure the copied buf is NUL terminated\n\nCurrently, we allocate a nbytes-sized kernel buffer and copy nbytes from\nuserspace to that buffer. Later, we use sscanf on this buffer but we don\u0027t\nensure that the string is terminated inside the buffer, this can lead to\nOOB read when using sscanf. Fix this issue by using memdup_user_nul instead\nof memdup_user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38560",
"url": "https://www.suse.com/security/cve/CVE-2024-38560"
},
{
"category": "external",
"summary": "SUSE Bug 1226786 for CVE-2024-38560",
"url": "https://bugzilla.suse.com/1226786"
},
{
"category": "external",
"summary": "SUSE Bug 1227319 for CVE-2024-38560",
"url": "https://bugzilla.suse.com/1227319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-38560"
},
{
"cve": "CVE-2024-38598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38598"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix resync softlockup when bitmap size is less than array size\n\nIs is reported that for dm-raid10, lvextend + lvchange --syncaction will\ntrigger following softlockup:\n\nkernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s! [mdX_resync:6976]\nCPU: 7 PID: 3588 Comm: mdX_resync Kdump: loaded Not tainted 6.9.0-rc4-next-20240419 #1\nRIP: 0010:_raw_spin_unlock_irq+0x13/0x30\nCall Trace:\n \u003cTASK\u003e\n md_bitmap_start_sync+0x6b/0xf0\n raid10_sync_request+0x25c/0x1b40 [raid10]\n md_do_sync+0x64b/0x1020\n md_thread+0xa7/0x170\n kthread+0xcf/0x100\n ret_from_fork+0x30/0x50\n ret_from_fork_asm+0x1a/0x30\n\nAnd the detailed process is as follows:\n\nmd_do_sync\n j = mddev-\u003eresync_min\n while (j \u003c max_sectors)\n sectors = raid10_sync_request(mddev, j, \u0026skipped)\n if (!md_bitmap_start_sync(..., \u0026sync_blocks))\n // md_bitmap_start_sync set sync_blocks to 0\n return sync_blocks + sectors_skippe;\n // sectors = 0;\n j += sectors;\n // j never change\n\nRoot cause is that commit 301867b1c168 (\"md/raid10: check\nslab-out-of-bounds in md_bitmap_get_counter\") return early from\nmd_bitmap_get_counter(), without setting returned blocks.\n\nFix this problem by always set returned blocks from\nmd_bitmap_get_counter\"(), as it used to be.\n\nNoted that this patch just fix the softlockup problem in kernel, the\ncase that bitmap size doesn\u0027t match array size still need to be fixed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38598",
"url": "https://www.suse.com/security/cve/CVE-2024-38598"
},
{
"category": "external",
"summary": "SUSE Bug 1226757 for CVE-2024-38598",
"url": "https://bugzilla.suse.com/1226757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-38598"
},
{
"cve": "CVE-2024-38619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38619"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb-storage: alauda: Check whether the media is initialized\n\nThe member \"uzonesize\" of struct alauda_info will remain 0\nif alauda_init_media() fails, potentially causing divide errors\nin alauda_read_data() and alauda_write_lba().\n- Add a member \"media_initialized\" to struct alauda_info.\n- Change a condition in alauda_check_media() to ensure the\n first initialization.\n- Add an error check for the return value of alauda_init_media().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38619",
"url": "https://www.suse.com/security/cve/CVE-2024-38619"
},
{
"category": "external",
"summary": "SUSE Bug 1226861 for CVE-2024-38619",
"url": "https://bugzilla.suse.com/1226861"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-38619"
},
{
"cve": "CVE-2024-38630",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38630"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger\n\nWhen the cpu5wdt module is removing, the origin code uses del_timer() to\nde-activate the timer. If the timer handler is running, del_timer() could\nnot stop it and will return directly. If the port region is released by\nrelease_region() and then the timer handler cpu5wdt_trigger() calls outb()\nto write into the region that is released, the use-after-free bug will\nhappen.\n\nChange del_timer() to timer_shutdown_sync() in order that the timer handler\ncould be finished before the port region is released.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38630",
"url": "https://www.suse.com/security/cve/CVE-2024-38630"
},
{
"category": "external",
"summary": "SUSE Bug 1226908 for CVE-2024-38630",
"url": "https://bugzilla.suse.com/1226908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-38630"
},
{
"cve": "CVE-2024-39301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39301"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: fix uninit-value in p9_client_rpc()\n\nSyzbot with the help of KMSAN reported the following error:\n\nBUG: KMSAN: uninit-value in trace_9p_client_res include/trace/events/9p.h:146 [inline]\nBUG: KMSAN: uninit-value in p9_client_rpc+0x1314/0x1340 net/9p/client.c:754\n trace_9p_client_res include/trace/events/9p.h:146 [inline]\n p9_client_rpc+0x1314/0x1340 net/9p/client.c:754\n p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031\n v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410\n v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122\n legacy_get_tree+0x114/0x290 fs/fs_context.c:662\n vfs_get_tree+0xa7/0x570 fs/super.c:1797\n do_new_mount+0x71f/0x15e0 fs/namespace.c:3352\n path_mount+0x742/0x1f20 fs/namespace.c:3679\n do_mount fs/namespace.c:3692 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x725/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n __alloc_pages+0x9d6/0xe70 mm/page_alloc.c:4598\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2175 [inline]\n allocate_slab mm/slub.c:2338 [inline]\n new_slab+0x2de/0x1400 mm/slub.c:2391\n ___slab_alloc+0x1184/0x33d0 mm/slub.c:3525\n __slab_alloc mm/slub.c:3610 [inline]\n __slab_alloc_node mm/slub.c:3663 [inline]\n slab_alloc_node mm/slub.c:3835 [inline]\n kmem_cache_alloc+0x6d3/0xbe0 mm/slub.c:3852\n p9_tag_alloc net/9p/client.c:278 [inline]\n p9_client_prepare_req+0x20a/0x1770 net/9p/client.c:641\n p9_client_rpc+0x27e/0x1340 net/9p/client.c:688\n p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031\n v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410\n v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122\n legacy_get_tree+0x114/0x290 fs/fs_context.c:662\n vfs_get_tree+0xa7/0x570 fs/super.c:1797\n do_new_mount+0x71f/0x15e0 fs/namespace.c:3352\n path_mount+0x742/0x1f20 fs/namespace.c:3679\n do_mount fs/namespace.c:3692 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x725/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nIf p9_check_errors() fails early in p9_client_rpc(), req-\u003erc.tag\nwill not be properly initialized. However, trace_9p_client_res()\nends up trying to print it out anyway before p9_client_rpc()\nfinishes.\n\nFix this issue by assigning default values to p9_fcall fields\nsuch as \u0027tag\u0027 and (just in case KMSAN unearths something new) \u0027id\u0027\nduring the tag allocation stage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39301",
"url": "https://www.suse.com/security/cve/CVE-2024-39301"
},
{
"category": "external",
"summary": "SUSE Bug 1226994 for CVE-2024-39301",
"url": "https://bugzilla.suse.com/1226994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-39301"
},
{
"cve": "CVE-2024-39475",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39475"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: savage: Handle err return when savagefb_check_var failed\n\nThe commit 04e5eac8f3ab(\"fbdev: savage: Error out if pixclock equals zero\")\nchecks the value of pixclock to avoid divide-by-zero error. However\nthe function savagefb_probe doesn\u0027t handle the error return of\nsavagefb_check_var. When pixclock is 0, it will cause divide-by-zero error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39475",
"url": "https://www.suse.com/security/cve/CVE-2024-39475"
},
{
"category": "external",
"summary": "SUSE Bug 1227435 for CVE-2024-39475",
"url": "https://bugzilla.suse.com/1227435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-39475"
},
{
"cve": "CVE-2024-39487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39487"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()\n\nIn function bond_option_arp_ip_targets_set(), if newval-\u003estring is an\nempty string, newval-\u003estring+1 will point to the byte after the\nstring, causing an out-of-bound read.\n\nBUG: KASAN: slab-out-of-bounds in strlen+0x7d/0xa0 lib/string.c:418\nRead of size 1 at addr ffff8881119c4781 by task syz-executor665/8107\nCPU: 1 PID: 8107 Comm: syz-executor665 Not tainted 6.7.0-rc7 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:364 [inline]\n print_report+0xc1/0x5e0 mm/kasan/report.c:475\n kasan_report+0xbe/0xf0 mm/kasan/report.c:588\n strlen+0x7d/0xa0 lib/string.c:418\n __fortify_strlen include/linux/fortify-string.h:210 [inline]\n in4_pton+0xa3/0x3f0 net/core/utils.c:130\n bond_option_arp_ip_targets_set+0xc2/0x910\ndrivers/net/bonding/bond_options.c:1201\n __bond_opt_set+0x2a4/0x1030 drivers/net/bonding/bond_options.c:767\n __bond_opt_set_notify+0x48/0x150 drivers/net/bonding/bond_options.c:792\n bond_opt_tryset_rtnl+0xda/0x160 drivers/net/bonding/bond_options.c:817\n bonding_sysfs_store_option+0xa1/0x120 drivers/net/bonding/bond_sysfs.c:156\n dev_attr_store+0x54/0x80 drivers/base/core.c:2366\n sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136\n kernfs_fop_write_iter+0x337/0x500 fs/kernfs/file.c:334\n call_write_iter include/linux/fs.h:2020 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x96a/0xd80 fs/read_write.c:584\n ksys_write+0x122/0x250 fs/read_write.c:637\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n---[ end trace ]---\n\nFix it by adding a check of string length before using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39487",
"url": "https://www.suse.com/security/cve/CVE-2024-39487"
},
{
"category": "external",
"summary": "SUSE Bug 1227573 for CVE-2024-39487",
"url": "https://bugzilla.suse.com/1227573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-39487"
},
{
"cve": "CVE-2024-39488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39488"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY\n\nWhen CONFIG_DEBUG_BUGVERBOSE=n, we fail to add necessary padding bytes\nto bug_table entries, and as a result the last entry in a bug table will\nbe ignored, potentially leading to an unexpected panic(). All prior\nentries in the table will be handled correctly.\n\nThe arm64 ABI requires that struct fields of up to 8 bytes are\nnaturally-aligned, with padding added within a struct such that struct\nare suitably aligned within arrays.\n\nWhen CONFIG_DEBUG_BUGVERPOSE=y, the layout of a bug_entry is:\n\n\tstruct bug_entry {\n\t\tsigned int bug_addr_disp;\t// 4 bytes\n\t\tsigned int file_disp;\t// 4 bytes\n\t\tunsigned short line;\t\t// 2 bytes\n\t\tunsigned short flags;\t\t// 2 bytes\n\t}\n\n... with 12 bytes total, requiring 4-byte alignment.\n\nWhen CONFIG_DEBUG_BUGVERBOSE=n, the layout of a bug_entry is:\n\n\tstruct bug_entry {\n\t\tsigned int bug_addr_disp;\t// 4 bytes\n\t\tunsigned short flags;\t\t// 2 bytes\n\t\t\u003c implicit padding \u003e\t\t// 2 bytes\n\t}\n\n... with 8 bytes total, with 6 bytes of data and 2 bytes of trailing\npadding, requiring 4-byte alginment.\n\nWhen we create a bug_entry in assembly, we align the start of the entry\nto 4 bytes, which implicitly handles padding for any prior entries.\nHowever, we do not align the end of the entry, and so when\nCONFIG_DEBUG_BUGVERBOSE=n, the final entry lacks the trailing padding\nbytes.\n\nFor the main kernel image this is not a problem as find_bug() doesn\u0027t\ndepend on the trailing padding bytes when searching for entries:\n\n\tfor (bug = __start___bug_table; bug \u003c __stop___bug_table; ++bug)\n\t\tif (bugaddr == bug_addr(bug))\n\t\t\treturn bug;\n\nHowever for modules, module_bug_finalize() depends on the trailing\nbytes when calculating the number of entries:\n\n\tmod-\u003enum_bugs = sechdrs[i].sh_size / sizeof(struct bug_entry);\n\n... and as the last bug_entry lacks the necessary padding bytes, this entry\nwill not be counted, e.g. in the case of a single entry:\n\n\tsechdrs[i].sh_size == 6\n\tsizeof(struct bug_entry) == 8;\n\n\tsechdrs[i].sh_size / sizeof(struct bug_entry) == 0;\n\nConsequently module_find_bug() will miss the last bug_entry when it does:\n\n\tfor (i = 0; i \u003c mod-\u003enum_bugs; ++i, ++bug)\n\t\tif (bugaddr == bug_addr(bug))\n\t\t\tgoto out;\n\n... which can lead to a kenrel panic due to an unhandled bug.\n\nThis can be demonstrated with the following module:\n\n\tstatic int __init buginit(void)\n\t{\n\t\tWARN(1, \"hello\\n\");\n\t\treturn 0;\n\t}\n\n\tstatic void __exit bugexit(void)\n\t{\n\t}\n\n\tmodule_init(buginit);\n\tmodule_exit(bugexit);\n\tMODULE_LICENSE(\"GPL\");\n\n... which will trigger a kernel panic when loaded:\n\n\t------------[ cut here ]------------\n\thello\n\tUnexpected kernel BRK exception at EL1\n\tInternal error: BRK handler: 00000000f2000800 [#1] PREEMPT SMP\n\tModules linked in: hello(O+)\n\tCPU: 0 PID: 50 Comm: insmod Tainted: G O 6.9.1 #8\n\tHardware name: linux,dummy-virt (DT)\n\tpstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n\tpc : buginit+0x18/0x1000 [hello]\n\tlr : buginit+0x18/0x1000 [hello]\n\tsp : ffff800080533ae0\n\tx29: ffff800080533ae0 x28: 0000000000000000 x27: 0000000000000000\n\tx26: ffffaba8c4e70510 x25: ffff800080533c30 x24: ffffaba8c4a28a58\n\tx23: 0000000000000000 x22: 0000000000000000 x21: ffff3947c0eab3c0\n\tx20: ffffaba8c4e3f000 x19: ffffaba846464000 x18: 0000000000000006\n\tx17: 0000000000000000 x16: ffffaba8c2492834 x15: 0720072007200720\n\tx14: 0720072007200720 x13: ffffaba8c49b27c8 x12: 0000000000000312\n\tx11: 0000000000000106 x10: ffffaba8c4a0a7c8 x9 : ffffaba8c49b27c8\n\tx8 : 00000000ffffefff x7 : ffffaba8c4a0a7c8 x6 : 80000000fffff000\n\tx5 : 0000000000000107 x4 : 0000000000000000 x3 : 0000000000000000\n\tx2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff3947c0eab3c0\n\tCall trace:\n\t buginit+0x18/0x1000 [hello]\n\t do_one_initcall+0x80/0x1c8\n\t do_init_module+0x60/0x218\n\t load_module+0x1ba4/0x1d70\n\t __do_sys_init_module+0x198/0x1d0\n\t __arm64_sys_init_module+0x1c/0x28\n\t invoke_syscall+0x48/0x114\n\t el0_svc\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39488",
"url": "https://www.suse.com/security/cve/CVE-2024-39488"
},
{
"category": "external",
"summary": "SUSE Bug 1227618 for CVE-2024-39488",
"url": "https://bugzilla.suse.com/1227618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-39488"
},
{
"cve": "CVE-2024-39490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39490"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix missing sk_buff release in seg6_input_core\n\nThe seg6_input() function is responsible for adding the SRH into a\npacket, delegating the operation to the seg6_input_core(). This function\nuses the skb_cow_head() to ensure that there is sufficient headroom in\nthe sk_buff for accommodating the link-layer header.\nIn the event that the skb_cow_header() function fails, the\nseg6_input_core() catches the error but it does not release the sk_buff,\nwhich will result in a memory leak.\n\nThis issue was introduced in commit af3b5158b89d (\"ipv6: sr: fix BUG due\nto headroom too small after SRH push\") and persists even after commit\n7a3f5b0de364 (\"netfilter: add netfilter hooks to SRv6 data plane\"),\nwhere the entire seg6_input() code was refactored to deal with netfilter\nhooks.\n\nThe proposed patch addresses the identified memory leak by requiring the\nseg6_input_core() function to release the sk_buff in the event that\nskb_cow_head() fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39490",
"url": "https://www.suse.com/security/cve/CVE-2024-39490"
},
{
"category": "external",
"summary": "SUSE Bug 1227626 for CVE-2024-39490",
"url": "https://bugzilla.suse.com/1227626"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "low"
}
],
"title": "CVE-2024-39490"
},
{
"cve": "CVE-2024-39494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39494"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: Fix use-after-free on a dentry\u0027s dname.name\n\n-\u003ed_name.name can change on rename and the earlier value can be freed;\nthere are conditions sufficient to stabilize it (-\u003ed_lock on dentry,\n-\u003ed_lock on its parent, -\u003ei_rwsem exclusive on the parent\u0027s inode,\nrename_lock), but none of those are met at any of the sites. Take a stable\nsnapshot of the name instead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39494",
"url": "https://www.suse.com/security/cve/CVE-2024-39494"
},
{
"category": "external",
"summary": "SUSE Bug 1227716 for CVE-2024-39494",
"url": "https://bugzilla.suse.com/1227716"
},
{
"category": "external",
"summary": "SUSE Bug 1227901 for CVE-2024-39494",
"url": "https://bugzilla.suse.com/1227901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "important"
}
],
"title": "CVE-2024-39494"
},
{
"cve": "CVE-2024-39499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39499"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmci: prevent speculation leaks by sanitizing event in event_deliver()\n\nCoverity spotted that event_msg is controlled by user-space,\nevent_msg-\u003eevent_data.event is passed to event_deliver() and used\nas an index without sanitization.\n\nThis change ensures that the event index is sanitized to mitigate any\npossibility of speculative information leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.\n\nOnly compile tested, no access to HW.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39499",
"url": "https://www.suse.com/security/cve/CVE-2024-39499"
},
{
"category": "external",
"summary": "SUSE Bug 1227725 for CVE-2024-39499",
"url": "https://bugzilla.suse.com/1227725"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-39499"
},
{
"cve": "CVE-2024-39501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39501"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: core: synchronize really_probe() and dev_uevent()\n\nSynchronize the dev-\u003edriver usage in really_probe() and dev_uevent().\nThese can run in different threads, what can result in the following\nrace condition for dev-\u003edriver uninitialization:\n\nThread #1:\n==========\n\nreally_probe() {\n...\nprobe_failed:\n...\ndevice_unbind_cleanup(dev) {\n ...\n dev-\u003edriver = NULL; // \u003c= Failed probe sets dev-\u003edriver to NULL\n ...\n }\n...\n}\n\nThread #2:\n==========\n\ndev_uevent() {\n...\nif (dev-\u003edriver)\n // If dev-\u003edriver is NULLed from really_probe() from here on,\n // after above check, the system crashes\n add_uevent_var(env, \"DRIVER=%s\", dev-\u003edriver-\u003ename);\n...\n}\n\nreally_probe() holds the lock, already. So nothing needs to be done\nthere. dev_uevent() is called with lock held, often, too. But not\nalways. What implies that we can\u0027t add any locking in dev_uevent()\nitself. So fix this race by adding the lock to the non-protected\npath. This is the path where above race is observed:\n\n dev_uevent+0x235/0x380\n uevent_show+0x10c/0x1f0 \u003c= Add lock here\n dev_attr_show+0x3a/0xa0\n sysfs_kf_seq_show+0x17c/0x250\n kernfs_seq_show+0x7c/0x90\n seq_read_iter+0x2d7/0x940\n kernfs_fop_read_iter+0xc6/0x310\n vfs_read+0x5bc/0x6b0\n ksys_read+0xeb/0x1b0\n __x64_sys_read+0x42/0x50\n x64_sys_call+0x27ad/0x2d30\n do_syscall_64+0xcd/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nSimilar cases are reported by syzkaller in\n\nhttps://syzkaller.appspot.com/bug?extid=ffa8143439596313a85a\n\nBut these are regarding the *initialization* of dev-\u003edriver\n\ndev-\u003edriver = drv;\n\nAs this switches dev-\u003edriver to non-NULL these reports can be considered\nto be false-positives (which should be \"fixed\" by this commit, as well,\nthough).\n\nThe same issue was reported and tried to be fixed back in 2015 in\n\nhttps://lore.kernel.org/lkml/1421259054-2574-1-git-send-email-a.sangwan@samsung.com/\n\nalready.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39501",
"url": "https://www.suse.com/security/cve/CVE-2024-39501"
},
{
"category": "external",
"summary": "SUSE Bug 1227754 for CVE-2024-39501",
"url": "https://bugzilla.suse.com/1227754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-39501"
},
{
"cve": "CVE-2024-39506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39506"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nliquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet\n\nIn lio_vf_rep_copy_packet() pg_info-\u003epage is compared to a NULL value,\nbut then it is unconditionally passed to skb_add_rx_frag() which looks\nstrange and could lead to null pointer dereference.\n\nlio_vf_rep_copy_packet() call trace looks like:\n\tocteon_droq_process_packets\n\t octeon_droq_fast_process_packets\n\t octeon_droq_dispatch_pkt\n\t octeon_create_recv_info\n\t ...search in the dispatch_list...\n\t -\u003edisp_fn(rdisp-\u003erinfo, ...)\n\t lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...)\nIn this path there is no code which sets pg_info-\u003epage to NULL.\nSo this check looks unneeded and doesn\u0027t solve potential problem.\nBut I guess the author had reason to add a check and I have no such card\nand can\u0027t do real test.\nIn addition, the code in the function liquidio_push_packet() in\nliquidio/lio_core.c does exactly the same.\n\nBased on this, I consider the most acceptable compromise solution to\nadjust this issue by moving skb_add_rx_frag() into conditional scope.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39506",
"url": "https://www.suse.com/security/cve/CVE-2024-39506"
},
{
"category": "external",
"summary": "SUSE Bug 1227729 for CVE-2024-39506",
"url": "https://bugzilla.suse.com/1227729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-39506"
},
{
"cve": "CVE-2024-39507",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39507"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash problem in concurrent scenario\n\nWhen link status change, the nic driver need to notify the roce\ndriver to handle this event, but at this time, the roce driver\nmay uninit, then cause kernel crash.\n\nTo fix the problem, when link status change, need to check\nwhether the roce registered, and when uninit, need to wait link\nupdate finish.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39507",
"url": "https://www.suse.com/security/cve/CVE-2024-39507"
},
{
"category": "external",
"summary": "SUSE Bug 1227730 for CVE-2024-39507",
"url": "https://bugzilla.suse.com/1227730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-39507"
},
{
"cve": "CVE-2024-39509",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39509"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: remove unnecessary WARN_ON() in implement()\n\nSyzkaller hit a warning [1] in a call to implement() when trying\nto write a value into a field of smaller size in an output report.\n\nSince implement() already has a warn message printed out with the\nhelp of hid_warn() and value in question gets trimmed with:\n\t...\n\tvalue \u0026= m;\n\t...\nWARN_ON may be considered superfluous. Remove it to suppress future\nsyzkaller triggers.\n\n[1]\nWARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 implement drivers/hid/hid-core.c:1451 [inline]\nWARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863\nModules linked in:\nCPU: 0 PID: 5084 Comm: syz-executor424 Not tainted 6.9.0-rc7-syzkaller-00183-gcf87f46fd34d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nRIP: 0010:implement drivers/hid/hid-core.c:1451 [inline]\nRIP: 0010:hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863\n...\nCall Trace:\n \u003cTASK\u003e\n __usbhid_submit_report drivers/hid/usbhid/hid-core.c:591 [inline]\n usbhid_submit_report+0x43d/0x9e0 drivers/hid/usbhid/hid-core.c:636\n hiddev_ioctl+0x138b/0x1f00 drivers/hid/usbhid/hiddev.c:726\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39509",
"url": "https://www.suse.com/security/cve/CVE-2024-39509"
},
{
"category": "external",
"summary": "SUSE Bug 1227733 for CVE-2024-39509",
"url": "https://bugzilla.suse.com/1227733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-39509"
},
{
"cve": "CVE-2024-40901",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40901"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory\n\nThere is a potential out-of-bounds access when using test_bit() on a single\nword. The test_bit() and set_bit() functions operate on long values, and\nwhen testing or setting a single word, they can exceed the word\nboundary. KASAN detects this issue and produces a dump:\n\n\t BUG: KASAN: slab-out-of-bounds in _scsih_add_device.constprop.0 (./arch/x86/include/asm/bitops.h:60 ./include/asm-generic/bitops/instrumented-atomic.h:29 drivers/scsi/mpt3sas/mpt3sas_scsih.c:7331) mpt3sas\n\n\t Write of size 8 at addr ffff8881d26e3c60 by task kworker/u1536:2/2965\n\nFor full log, please look at [1].\n\nMake the allocation at least the size of sizeof(unsigned long) so that\nset_bit() and test_bit() have sufficient room for read/write operations\nwithout overwriting unallocated memory.\n\n[1] Link: https://lore.kernel.org/all/ZkNcALr3W3KGYYJG@gmail.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40901",
"url": "https://www.suse.com/security/cve/CVE-2024-40901"
},
{
"category": "external",
"summary": "SUSE Bug 1227762 for CVE-2024-40901",
"url": "https://bugzilla.suse.com/1227762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-40901"
},
{
"cve": "CVE-2024-40904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40904"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages\n\nThe syzbot fuzzer found that the interrupt-URB completion callback in\nthe cdc-wdm driver was taking too long, and the driver\u0027s immediate\nresubmission of interrupt URBs with -EPROTO status combined with the\ndummy-hcd emulation to cause a CPU lockup:\n\ncdc_wdm 1-1:1.0: nonzero urb status received: -71\ncdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes\nwatchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]\nCPU#0 Utilization every 4s during lockup:\n\t#1: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#2: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#3: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#4: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#5: 98% system,\t 1% softirq,\t 3% hardirq,\t 0% idle\nModules linked in:\nirq event stamp: 73096\nhardirqs last enabled at (73095): [\u003cffff80008037bc00\u003e] console_emit_next_record kernel/printk/printk.c:2935 [inline]\nhardirqs last enabled at (73095): [\u003cffff80008037bc00\u003e] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994\nhardirqs last disabled at (73096): [\u003cffff80008af10b00\u003e] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\nhardirqs last disabled at (73096): [\u003cffff80008af10b00\u003e] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\nsoftirqs last enabled at (73048): [\u003cffff8000801ea530\u003e] softirq_handle_end kernel/softirq.c:400 [inline]\nsoftirqs last enabled at (73048): [\u003cffff8000801ea530\u003e] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582\nsoftirqs last disabled at (73043): [\u003cffff800080020de8\u003e] __do_softirq+0x14/0x20 kernel/softirq.c:588\nCPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n\nTesting showed that the problem did not occur if the two error\nmessages -- the first two lines above -- were removed; apparently adding\nmaterial to the kernel log takes a surprisingly large amount of time.\n\nIn any case, the best approach for preventing these lockups and to\navoid spamming the log with thousands of error messages per second is\nto ratelimit the two dev_err() calls. Therefore we replace them with\ndev_err_ratelimited().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40904",
"url": "https://www.suse.com/security/cve/CVE-2024-40904"
},
{
"category": "external",
"summary": "SUSE Bug 1227772 for CVE-2024-40904",
"url": "https://bugzilla.suse.com/1227772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-40904"
},
{
"cve": "CVE-2024-40912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40912"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()\n\nThe ieee80211_sta_ps_deliver_wakeup() function takes sta-\u003eps_lock to\nsynchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from\nsoftirq context. However using only spin_lock() to get sta-\u003eps_lock in\nieee80211_sta_ps_deliver_wakeup() does not prevent softirq to execute\non this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try to\ntake this same lock ending in deadlock. Below is an example of rcu stall\nthat arises in such situation.\n\n rcu: INFO: rcu_sched self-detected stall on CPU\n rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996\n rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4)\n CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742\n Hardware name: RPT (r1) (DT)\n pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : queued_spin_lock_slowpath+0x58/0x2d0\n lr : invoke_tx_handlers_early+0x5b4/0x5c0\n sp : ffff00001ef64660\n x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8\n x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000\n x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000\n x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000\n x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80\n x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da\n x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440\n x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880\n x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8\n Call trace:\n queued_spin_lock_slowpath+0x58/0x2d0\n ieee80211_tx+0x80/0x12c\n ieee80211_tx_pending+0x110/0x278\n tasklet_action_common.constprop.0+0x10c/0x144\n tasklet_action+0x20/0x28\n _stext+0x11c/0x284\n ____do_softirq+0xc/0x14\n call_on_irq_stack+0x24/0x34\n do_softirq_own_stack+0x18/0x20\n do_softirq+0x74/0x7c\n __local_bh_enable_ip+0xa0/0xa4\n _ieee80211_wake_txqs+0x3b0/0x4b8\n __ieee80211_wake_queue+0x12c/0x168\n ieee80211_add_pending_skbs+0xec/0x138\n ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480\n ieee80211_mps_sta_status_update.part.0+0xd8/0x11c\n ieee80211_mps_sta_status_update+0x18/0x24\n sta_apply_parameters+0x3bc/0x4c0\n ieee80211_change_station+0x1b8/0x2dc\n nl80211_set_station+0x444/0x49c\n genl_family_rcv_msg_doit.isra.0+0xa4/0xfc\n genl_rcv_msg+0x1b0/0x244\n netlink_rcv_skb+0x38/0x10c\n genl_rcv+0x34/0x48\n netlink_unicast+0x254/0x2bc\n netlink_sendmsg+0x190/0x3b4\n ____sys_sendmsg+0x1e8/0x218\n ___sys_sendmsg+0x68/0x8c\n __sys_sendmsg+0x44/0x84\n __arm64_sys_sendmsg+0x20/0x28\n do_el0_svc+0x6c/0xe8\n el0_svc+0x14/0x48\n el0t_64_sync_handler+0xb0/0xb4\n el0t_64_sync+0x14c/0x150\n\nUsing spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raise\non the same CPU that is holding the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40912",
"url": "https://www.suse.com/security/cve/CVE-2024-40912"
},
{
"category": "external",
"summary": "SUSE Bug 1227790 for CVE-2024-40912",
"url": "https://bugzilla.suse.com/1227790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-40912"
},
{
"cve": "CVE-2024-40923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40923"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: disable rx data ring on dma allocation failure\n\nWhen vmxnet3_rq_create() fails to allocate memory for rq-\u003edata_ring.base,\nthe subsequent call to vmxnet3_rq_destroy_all_rxdataring does not reset\nrq-\u003edata_ring.desc_size for the data ring that failed, which presumably\ncauses the hypervisor to reference it on packet reception.\n\nTo fix this bug, rq-\u003edata_ring.desc_size needs to be set to 0 to tell\nthe hypervisor to disable this feature.\n\n[ 95.436876] kernel BUG at net/core/skbuff.c:207!\n[ 95.439074] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[ 95.440411] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 6.9.3-dirty #1\n[ 95.441558] Hardware name: VMware, Inc. VMware Virtual\nPlatform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018\n[ 95.443481] RIP: 0010:skb_panic+0x4d/0x4f\n[ 95.444404] Code: 4f 70 50 8b 87 c0 00 00 00 50 8b 87 bc 00 00 00 50\nff b7 d0 00 00 00 4c 8b 8f c8 00 00 00 48 c7 c7 68 e8 be 9f e8 63 58 f9\nff \u003c0f\u003e 0b 48 8b 14 24 48 c7 c1 d0 73 65 9f e8 a1 ff ff ff 48 8b 14 24\n[ 95.447684] RSP: 0018:ffffa13340274dd0 EFLAGS: 00010246\n[ 95.448762] RAX: 0000000000000089 RBX: ffff8fbbc72b02d0 RCX: 000000000000083f\n[ 95.450148] RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000083f\n[ 95.451520] RBP: 000000000000002d R08: 0000000000000000 R09: ffffa13340274c60\n[ 95.452886] R10: ffffffffa04ed468 R11: 0000000000000002 R12: 0000000000000000\n[ 95.454293] R13: ffff8fbbdab3c2d0 R14: ffff8fbbdbd829e0 R15: ffff8fbbdbd809e0\n[ 95.455682] FS: 0000000000000000(0000) GS:ffff8fbeefd80000(0000) knlGS:0000000000000000\n[ 95.457178] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 95.458340] CR2: 00007fd0d1f650c8 CR3: 0000000115f28000 CR4: 00000000000406f0\n[ 95.459791] Call Trace:\n[ 95.460515] \u003cIRQ\u003e\n[ 95.461180] ? __die_body.cold+0x19/0x27\n[ 95.462150] ? die+0x2e/0x50\n[ 95.462976] ? do_trap+0xca/0x110\n[ 95.463973] ? do_error_trap+0x6a/0x90\n[ 95.464966] ? skb_panic+0x4d/0x4f\n[ 95.465901] ? exc_invalid_op+0x50/0x70\n[ 95.466849] ? skb_panic+0x4d/0x4f\n[ 95.467718] ? asm_exc_invalid_op+0x1a/0x20\n[ 95.468758] ? skb_panic+0x4d/0x4f\n[ 95.469655] skb_put.cold+0x10/0x10\n[ 95.470573] vmxnet3_rq_rx_complete+0x862/0x11e0 [vmxnet3]\n[ 95.471853] vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3]\n[ 95.473185] __napi_poll+0x2b/0x160\n[ 95.474145] net_rx_action+0x2c6/0x3b0\n[ 95.475115] handle_softirqs+0xe7/0x2a0\n[ 95.476122] __irq_exit_rcu+0x97/0xb0\n[ 95.477109] common_interrupt+0x85/0xa0\n[ 95.478102] \u003c/IRQ\u003e\n[ 95.478846] \u003cTASK\u003e\n[ 95.479603] asm_common_interrupt+0x26/0x40\n[ 95.480657] RIP: 0010:pv_native_safe_halt+0xf/0x20\n[ 95.481801] Code: 22 d7 e9 54 87 01 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 93 ba 3b 00 fb f4 \u003ce9\u003e 2c 87 01 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90\n[ 95.485563] RSP: 0018:ffffa133400ffe58 EFLAGS: 00000246\n[ 95.486882] RAX: 0000000000004000 RBX: ffff8fbbc1d14064 RCX: 0000000000000000\n[ 95.488477] RDX: ffff8fbeefd80000 RSI: ffff8fbbc1d14000 RDI: 0000000000000001\n[ 95.490067] RBP: ffff8fbbc1d14064 R08: ffffffffa0652260 R09: 00000000000010d3\n[ 95.491683] R10: 0000000000000018 R11: ffff8fbeefdb4764 R12: ffffffffa0652260\n[ 95.493389] R13: ffffffffa06522e0 R14: 0000000000000001 R15: 0000000000000000\n[ 95.495035] acpi_safe_halt+0x14/0x20\n[ 95.496127] acpi_idle_do_entry+0x2f/0x50\n[ 95.497221] acpi_idle_enter+0x7f/0xd0\n[ 95.498272] cpuidle_enter_state+0x81/0x420\n[ 95.499375] cpuidle_enter+0x2d/0x40\n[ 95.500400] do_idle+0x1e5/0x240\n[ 95.501385] cpu_startup_entry+0x29/0x30\n[ 95.502422] start_secondary+0x11c/0x140\n[ 95.503454] common_startup_64+0x13e/0x141\n[ 95.504466] \u003c/TASK\u003e\n[ 95.505197] Modules linked in: nft_fib_inet nft_fib_ipv4\nnft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6\nnft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ip\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40923",
"url": "https://www.suse.com/security/cve/CVE-2024-40923"
},
{
"category": "external",
"summary": "SUSE Bug 1227786 for CVE-2024-40923",
"url": "https://bugzilla.suse.com/1227786"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-40923"
},
{
"cve": "CVE-2024-40929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40929"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: check n_ssids before accessing the ssids\n\nIn some versions of cfg80211, the ssids poinet might be a valid one even\nthough n_ssids is 0. Accessing the pointer in this case will cuase an\nout-of-bound access. Fix this by checking n_ssids first.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40929",
"url": "https://www.suse.com/security/cve/CVE-2024-40929"
},
{
"category": "external",
"summary": "SUSE Bug 1227774 for CVE-2024-40929",
"url": "https://bugzilla.suse.com/1227774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-40929"
},
{
"cve": "CVE-2024-40932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40932"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos/vidi: fix memory leak in .get_modes()\n\nThe duplicated EDID is never freed. Fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40932",
"url": "https://www.suse.com/security/cve/CVE-2024-40932"
},
{
"category": "external",
"summary": "SUSE Bug 1227828 for CVE-2024-40932",
"url": "https://bugzilla.suse.com/1227828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-40932"
},
{
"cve": "CVE-2024-40937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Clear napi-\u003eskb before dev_kfree_skb_any()\n\ngve_rx_free_skb incorrectly leaves napi-\u003eskb referencing an skb after it\nis freed with dev_kfree_skb_any(). This can result in a subsequent call\nto napi_get_frags returning a dangling pointer.\n\nFix this by clearing napi-\u003eskb before the skb is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40937",
"url": "https://www.suse.com/security/cve/CVE-2024-40937"
},
{
"category": "external",
"summary": "SUSE Bug 1227836 for CVE-2024-40937",
"url": "https://bugzilla.suse.com/1227836"
},
{
"category": "external",
"summary": "SUSE Bug 1227903 for CVE-2024-40937",
"url": "https://bugzilla.suse.com/1227903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "important"
}
],
"title": "CVE-2024-40937"
},
{
"cve": "CVE-2024-40941",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40941"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don\u0027t read past the mfuart notifcation\n\nIn case the firmware sends a notification that claims it has more data\nthan it has, we will read past that was allocated for the notification.\nRemove the print of the buffer, we won\u0027t see it by default. If needed,\nwe can see the content with tracing.\n\nThis was reported by KFENCE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40941",
"url": "https://www.suse.com/security/cve/CVE-2024-40941"
},
{
"category": "external",
"summary": "SUSE Bug 1227771 for CVE-2024-40941",
"url": "https://bugzilla.suse.com/1227771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-40941"
},
{
"cve": "CVE-2024-40942",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40942"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: mesh: Fix leak of mesh_preq_queue objects\n\nThe hwmp code use objects of type mesh_preq_queue, added to a list in\nieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath\ngets deleted, ex mesh interface is removed, the entries in that list will\nnever get cleaned. Fix this by flushing all corresponding items of the\npreq_queue in mesh_path_flush_pending().\n\nThis should take care of KASAN reports like this:\n\nunreferenced object 0xffff00000668d800 (size 128):\n comm \"kworker/u8:4\", pid 67, jiffies 4295419552 (age 1836.444s)\n hex dump (first 32 bytes):\n 00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h.....\n 8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....\u003e...........\n backtrace:\n [\u003c000000007302a0b6\u003e] __kmem_cache_alloc_node+0x1e0/0x35c\n [\u003c00000000049bd418\u003e] kmalloc_trace+0x34/0x80\n [\u003c0000000000d792bb\u003e] mesh_queue_preq+0x44/0x2a8\n [\u003c00000000c99c3696\u003e] mesh_nexthop_resolve+0x198/0x19c\n [\u003c00000000926bf598\u003e] ieee80211_xmit+0x1d0/0x1f4\n [\u003c00000000fc8c2284\u003e] __ieee80211_subif_start_xmit+0x30c/0x764\n [\u003c000000005926ee38\u003e] ieee80211_subif_start_xmit+0x9c/0x7a4\n [\u003c000000004c86e916\u003e] dev_hard_start_xmit+0x174/0x440\n [\u003c0000000023495647\u003e] __dev_queue_xmit+0xe24/0x111c\n [\u003c00000000cfe9ca78\u003e] batadv_send_skb_packet+0x180/0x1e4\n [\u003c000000007bacc5d5\u003e] batadv_v_elp_periodic_work+0x2f4/0x508\n [\u003c00000000adc3cd94\u003e] process_one_work+0x4b8/0xa1c\n [\u003c00000000b36425d1\u003e] worker_thread+0x9c/0x634\n [\u003c0000000005852dd5\u003e] kthread+0x1bc/0x1c4\n [\u003c000000005fccd770\u003e] ret_from_fork+0x10/0x20\nunreferenced object 0xffff000009051f00 (size 128):\n comm \"kworker/u8:4\", pid 67, jiffies 4295419553 (age 1836.440s)\n hex dump (first 32 bytes):\n 90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h.....\n 36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6\u0027.......Xy.....\n backtrace:\n [\u003c000000007302a0b6\u003e] __kmem_cache_alloc_node+0x1e0/0x35c\n [\u003c00000000049bd418\u003e] kmalloc_trace+0x34/0x80\n [\u003c0000000000d792bb\u003e] mesh_queue_preq+0x44/0x2a8\n [\u003c00000000c99c3696\u003e] mesh_nexthop_resolve+0x198/0x19c\n [\u003c00000000926bf598\u003e] ieee80211_xmit+0x1d0/0x1f4\n [\u003c00000000fc8c2284\u003e] __ieee80211_subif_start_xmit+0x30c/0x764\n [\u003c000000005926ee38\u003e] ieee80211_subif_start_xmit+0x9c/0x7a4\n [\u003c000000004c86e916\u003e] dev_hard_start_xmit+0x174/0x440\n [\u003c0000000023495647\u003e] __dev_queue_xmit+0xe24/0x111c\n [\u003c00000000cfe9ca78\u003e] batadv_send_skb_packet+0x180/0x1e4\n [\u003c000000007bacc5d5\u003e] batadv_v_elp_periodic_work+0x2f4/0x508\n [\u003c00000000adc3cd94\u003e] process_one_work+0x4b8/0xa1c\n [\u003c00000000b36425d1\u003e] worker_thread+0x9c/0x634\n [\u003c0000000005852dd5\u003e] kthread+0x1bc/0x1c4\n [\u003c000000005fccd770\u003e] ret_from_fork+0x10/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40942",
"url": "https://www.suse.com/security/cve/CVE-2024-40942"
},
{
"category": "external",
"summary": "SUSE Bug 1227770 for CVE-2024-40942",
"url": "https://bugzilla.suse.com/1227770"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-40942"
},
{
"cve": "CVE-2024-40943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40943"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix races between hole punching and AIO+DIO\n\nAfter commit \"ocfs2: return real error code in ocfs2_dio_wr_get_block\",\nfstests/generic/300 become from always failed to sometimes failed:\n\n========================================================================\n[ 473.293420 ] run fstests generic/300\n\n[ 475.296983 ] JBD2: Ignoring recovery information on journal\n[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.\n[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found\n[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.\n[ 494.292018 ] OCFS2: File system is now read-only.\n[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30\n[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3\nfio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072\n=========================================================================\n\nIn __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten\nextents to a list. extents are also inserted into extent tree in\nocfs2_write_begin_nolock. Then another thread call fallocate to puch a\nhole at one of the unwritten extent. The extent at cpos was removed by\nocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list\nfound there is no such extent at the cpos.\n\n T1 T2 T3\n inode lock\n ...\n insert extents\n ...\n inode unlock\nocfs2_fallocate\n __ocfs2_change_file_space\n inode lock\n lock ip_alloc_sem\n ocfs2_remove_inode_range inode\n ocfs2_remove_btree_range\n ocfs2_remove_extent\n ^---remove the extent at cpos 78723\n ...\n unlock ip_alloc_sem\n inode unlock\n ocfs2_dio_end_io\n ocfs2_dio_end_io_write\n lock ip_alloc_sem\n ocfs2_mark_extent_written\n ocfs2_change_extent_flag\n ocfs2_search_extent_list\n ^---failed to find extent\n ...\n unlock ip_alloc_sem\n\nIn most filesystems, fallocate is not compatible with racing with AIO+DIO,\nso fix it by adding to wait for all dio before fallocate/punch_hole like\next4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40943",
"url": "https://www.suse.com/security/cve/CVE-2024-40943"
},
{
"category": "external",
"summary": "SUSE Bug 1227849 for CVE-2024-40943",
"url": "https://bugzilla.suse.com/1227849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-40943"
},
{
"cve": "CVE-2024-40953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40953"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()\n\nUse {READ,WRITE}_ONCE() to access kvm-\u003elast_boosted_vcpu to ensure the\nloads and stores are atomic. In the extremely unlikely scenario the\ncompiler tears the stores, it\u0027s theoretically possible for KVM to attempt\nto get a vCPU using an out-of-bounds index, e.g. if the write is split\ninto multiple 8-bit stores, and is paired with a 32-bit load on a VM with\n257 vCPUs:\n\n CPU0 CPU1\n last_boosted_vcpu = 0xff;\n\n (last_boosted_vcpu = 0x100)\n last_boosted_vcpu[15:8] = 0x01;\n i = (last_boosted_vcpu = 0x1ff)\n last_boosted_vcpu[7:0] = 0x00;\n\n vcpu = kvm-\u003evcpu_array[0x1ff];\n\nAs detected by KCSAN:\n\n BUG: KCSAN: data-race in kvm_vcpu_on_spin [kvm] / kvm_vcpu_on_spin [kvm]\n\n write to 0xffffc90025a92344 of 4 bytes by task 4340 on cpu 16:\n kvm_vcpu_on_spin (arch/x86/kvm/../../../virt/kvm/kvm_main.c:4112) kvm\n handle_pause (arch/x86/kvm/vmx/vmx.c:5929) kvm_intel\n vmx_handle_exit (arch/x86/kvm/vmx/vmx.c:?\n\t\t arch/x86/kvm/vmx/vmx.c:6606) kvm_intel\n vcpu_run (arch/x86/kvm/x86.c:11107 arch/x86/kvm/x86.c:11211) kvm\n kvm_arch_vcpu_ioctl_run (arch/x86/kvm/x86.c:?) kvm\n kvm_vcpu_ioctl (arch/x86/kvm/../../../virt/kvm/kvm_main.c:?) kvm\n __se_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:904 fs/ioctl.c:890)\n __x64_sys_ioctl (fs/ioctl.c:890)\n x64_sys_call (arch/x86/entry/syscall_64.c:33)\n do_syscall_64 (arch/x86/entry/common.c:?)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n read to 0xffffc90025a92344 of 4 bytes by task 4342 on cpu 4:\n kvm_vcpu_on_spin (arch/x86/kvm/../../../virt/kvm/kvm_main.c:4069) kvm\n handle_pause (arch/x86/kvm/vmx/vmx.c:5929) kvm_intel\n vmx_handle_exit (arch/x86/kvm/vmx/vmx.c:?\n\t\t\tarch/x86/kvm/vmx/vmx.c:6606) kvm_intel\n vcpu_run (arch/x86/kvm/x86.c:11107 arch/x86/kvm/x86.c:11211) kvm\n kvm_arch_vcpu_ioctl_run (arch/x86/kvm/x86.c:?) kvm\n kvm_vcpu_ioctl (arch/x86/kvm/../../../virt/kvm/kvm_main.c:?) kvm\n __se_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:904 fs/ioctl.c:890)\n __x64_sys_ioctl (fs/ioctl.c:890)\n x64_sys_call (arch/x86/entry/syscall_64.c:33)\n do_syscall_64 (arch/x86/entry/common.c:?)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n value changed: 0x00000012 -\u003e 0x00000000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40953",
"url": "https://www.suse.com/security/cve/CVE-2024-40953"
},
{
"category": "external",
"summary": "SUSE Bug 1227806 for CVE-2024-40953",
"url": "https://bugzilla.suse.com/1227806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-40953"
},
{
"cve": "CVE-2024-40959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40959"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()\n\nip6_dst_idev() can return NULL, xfrm6_get_saddr() must act accordingly.\n\nsyzbot reported:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 1 PID: 12 Comm: kworker/u8:1 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nWorkqueue: wg-kex-wg1 wg_packet_handshake_send_worker\n RIP: 0010:xfrm6_get_saddr+0x93/0x130 net/ipv6/xfrm6_policy.c:64\nCode: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 97 00 00 00 4c 8b ab d8 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 86 00 00 00 4d 8b 6d 00 e8 ca 13 47 01 48 b8 00\nRSP: 0018:ffffc90000117378 EFLAGS: 00010246\nRAX: dffffc0000000000 RBX: ffff88807b079dc0 RCX: ffffffff89a0d6d7\nRDX: 0000000000000000 RSI: ffffffff89a0d6e9 RDI: ffff88807b079e98\nRBP: ffff88807ad73248 R08: 0000000000000007 R09: fffffffffffff000\nR10: ffff88807b079dc0 R11: 0000000000000007 R12: ffffc90000117480\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f4586d00440 CR3: 0000000079042000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n xfrm_get_saddr net/xfrm/xfrm_policy.c:2452 [inline]\n xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2481 [inline]\n xfrm_tmpl_resolve+0xa26/0xf10 net/xfrm/xfrm_policy.c:2541\n xfrm_resolve_and_create_bundle+0x140/0x2570 net/xfrm/xfrm_policy.c:2835\n xfrm_bundle_lookup net/xfrm/xfrm_policy.c:3070 [inline]\n xfrm_lookup_with_ifid+0x4d1/0x1e60 net/xfrm/xfrm_policy.c:3201\n xfrm_lookup net/xfrm/xfrm_policy.c:3298 [inline]\n xfrm_lookup_route+0x3b/0x200 net/xfrm/xfrm_policy.c:3309\n ip6_dst_lookup_flow+0x15c/0x1d0 net/ipv6/ip6_output.c:1256\n send6+0x611/0xd20 drivers/net/wireguard/socket.c:139\n wg_socket_send_skb_to_peer+0xf9/0x220 drivers/net/wireguard/socket.c:178\n wg_socket_send_buffer_to_peer+0x12b/0x190 drivers/net/wireguard/socket.c:200\n wg_packet_send_handshake_initiation+0x227/0x360 drivers/net/wireguard/send.c:40\n wg_packet_handshake_send_worker+0x1c/0x30 drivers/net/wireguard/send.c:51\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40959",
"url": "https://www.suse.com/security/cve/CVE-2024-40959"
},
{
"category": "external",
"summary": "SUSE Bug 1227884 for CVE-2024-40959",
"url": "https://bugzilla.suse.com/1227884"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-40959"
},
{
"cve": "CVE-2024-40966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40966"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: add the option to have a tty reject a new ldisc\n\n... and use it to limit the virtual terminals to just N_TTY. They are\nkind of special, and in particular, the \"con_write()\" routine violates\nthe \"writes cannot sleep\" rule that some ldiscs rely on.\n\nThis avoids the\n\n BUG: sleeping function called from invalid context at kernel/printk/printk.c:2659\n\nwhen N_GSM has been attached to a virtual console, and gsmld_write()\ncalls con_write() while holding a spinlock, and con_write() then tries\nto get the console lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40966",
"url": "https://www.suse.com/security/cve/CVE-2024-40966"
},
{
"category": "external",
"summary": "SUSE Bug 1227886 for CVE-2024-40966",
"url": "https://bugzilla.suse.com/1227886"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-40966"
},
{
"cve": "CVE-2024-40967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40967"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: imx: Introduce timeout when waiting on transmitter empty\n\nBy waiting at most 1 second for USR2_TXDC to be set, we avoid a potential\ndeadlock.\n\nIn case of the timeout, there is not much we can do, so we simply ignore\nthe transmitter state and optimistically try to continue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40967",
"url": "https://www.suse.com/security/cve/CVE-2024-40967"
},
{
"category": "external",
"summary": "SUSE Bug 1227891 for CVE-2024-40967",
"url": "https://bugzilla.suse.com/1227891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-40967"
},
{
"cve": "CVE-2024-40978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedi: Fix crash while reading debugfs attribute\n\nThe qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly\non a __user pointer, which results into the crash.\n\nTo fix this issue, use a small local stack buffer for sprintf() and then\ncall simple_read_from_buffer(), which in turns make the copy_to_user()\ncall.\n\nBUG: unable to handle page fault for address: 00007f4801111000\nPGD 8000000864df6067 P4D 8000000864df6067 PUD 864df7067 PMD 846028067 PTE 0\nOops: 0002 [#1] PREEMPT SMP PTI\nHardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 06/15/2023\nRIP: 0010:memcpy_orig+0xcd/0x130\nRSP: 0018:ffffb7a18c3ffc40 EFLAGS: 00010202\nRAX: 00007f4801111000 RBX: 00007f4801111000 RCX: 000000000000000f\nRDX: 000000000000000f RSI: ffffffffc0bfd7a0 RDI: 00007f4801111000\nRBP: ffffffffc0bfd7a0 R08: 725f746f6e5f6f64 R09: 3d7265766f636572\nR10: ffffb7a18c3ffd08 R11: 0000000000000000 R12: 00007f4881110fff\nR13: 000000007fffffff R14: ffffb7a18c3ffca0 R15: ffffffffc0bfd7af\nFS: 00007f480118a740(0000) GS:ffff98e38af00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f4801111000 CR3: 0000000864b8e001 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x183/0x510\n ? exc_page_fault+0x69/0x150\n ? asm_exc_page_fault+0x22/0x30\n ? memcpy_orig+0xcd/0x130\n vsnprintf+0x102/0x4c0\n sprintf+0x51/0x80\n qedi_dbg_do_not_recover_cmd_read+0x2f/0x50 [qedi 6bcfdeeecdea037da47069eca2ba717c84a77324]\n full_proxy_read+0x50/0x80\n vfs_read+0xa5/0x2e0\n ? folio_add_new_anon_rmap+0x44/0xa0\n ? set_pte_at+0x15/0x30\n ? do_pte_missing+0x426/0x7f0\n ksys_read+0xa5/0xe0\n do_syscall_64+0x58/0x80\n ? __count_memcg_events+0x46/0x90\n ? count_memcg_event_mm+0x3d/0x60\n ? handle_mm_fault+0x196/0x2f0\n ? do_user_addr_fault+0x267/0x890\n ? exc_page_fault+0x69/0x150\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7f4800f20b4d",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40978",
"url": "https://www.suse.com/security/cve/CVE-2024-40978"
},
{
"category": "external",
"summary": "SUSE Bug 1227929 for CVE-2024-40978",
"url": "https://bugzilla.suse.com/1227929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-40978"
},
{
"cve": "CVE-2024-40982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40982"
}
],
"notes": [
{
"category": "general",
"text": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40982",
"url": "https://www.suse.com/security/cve/CVE-2024-40982"
},
{
"category": "external",
"summary": "SUSE Bug 1227865 for CVE-2024-40982",
"url": "https://bugzilla.suse.com/1227865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-40982"
},
{
"cve": "CVE-2024-40987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40987"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix UBSAN warning in kv_dpm.c\n\nAdds bounds check for sumo_vid_mapping_entry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40987",
"url": "https://www.suse.com/security/cve/CVE-2024-40987"
},
{
"category": "external",
"summary": "SUSE Bug 1228235 for CVE-2024-40987",
"url": "https://bugzilla.suse.com/1228235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-40987"
},
{
"cve": "CVE-2024-40988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40988"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: fix UBSAN warning in kv_dpm.c\n\nAdds bounds check for sumo_vid_mapping_entry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40988",
"url": "https://www.suse.com/security/cve/CVE-2024-40988"
},
{
"category": "external",
"summary": "SUSE Bug 1227957 for CVE-2024-40988",
"url": "https://bugzilla.suse.com/1227957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-40988"
},
{
"cve": "CVE-2024-40990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40990"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Add check for srq max_sge attribute\n\nmax_sge attribute is passed by the user, and is inserted and used\nunchecked, so verify that the value doesn\u0027t exceed maximum allowed value\nbefore using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40990",
"url": "https://www.suse.com/security/cve/CVE-2024-40990"
},
{
"category": "external",
"summary": "SUSE Bug 1227824 for CVE-2024-40990",
"url": "https://bugzilla.suse.com/1227824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-40990"
},
{
"cve": "CVE-2024-40995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()\n\nsyzbot found hanging tasks waiting on rtnl_lock [1]\n\nA reproducer is available in the syzbot bug.\n\nWhen a request to add multiple actions with the same index is sent, the\nsecond request will block forever on the first request. This holds\nrtnl_lock, and causes tasks to hang.\n\nReturn -EAGAIN to prevent infinite looping, while keeping documented\nbehavior.\n\n[1]\n\nINFO: task kworker/1:0:5088 blocked for more than 143 seconds.\nNot tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:kworker/1:0 state:D stack:23744 pid:5088 tgid:5088 ppid:2 flags:0x00004000\nWorkqueue: events_power_efficient reg_check_chans_work\nCall Trace:\n\u003cTASK\u003e\ncontext_switch kernel/sched/core.c:5409 [inline]\n__schedule+0xf15/0x5d00 kernel/sched/core.c:6746\n__schedule_loop kernel/sched/core.c:6823 [inline]\nschedule+0xe7/0x350 kernel/sched/core.c:6838\nschedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895\n__mutex_lock_common kernel/locking/mutex.c:684 [inline]\n__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752\nwiphy_lock include/net/cfg80211.h:5953 [inline]\nreg_leave_invalid_chans net/wireless/reg.c:2466 [inline]\nreg_check_chans_work+0x10a/0x10e0 net/wireless/reg.c:2481",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40995",
"url": "https://www.suse.com/security/cve/CVE-2024-40995"
},
{
"category": "external",
"summary": "SUSE Bug 1227830 for CVE-2024-40995",
"url": "https://bugzilla.suse.com/1227830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-40995"
},
{
"cve": "CVE-2024-40998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40998"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix uninitialized ratelimit_state-\u003elock access in __ext4_fill_super()\n\nIn the following concurrency we will access the uninitialized rs-\u003elock:\n\next4_fill_super\n ext4_register_sysfs\n // sysfs registered msg_ratelimit_interval_ms\n // Other processes modify rs-\u003einterval to\n // non-zero via msg_ratelimit_interval_ms\n ext4_orphan_cleanup\n ext4_msg(sb, KERN_INFO, \"Errors on filesystem, \"\n __ext4_msg\n ___ratelimit(\u0026(EXT4_SB(sb)-\u003es_msg_ratelimit_state)\n if (!rs-\u003einterval) // do nothing if interval is 0\n return 1;\n raw_spin_trylock_irqsave(\u0026rs-\u003elock, flags)\n raw_spin_trylock(lock)\n _raw_spin_trylock\n __raw_spin_trylock\n spin_acquire(\u0026lock-\u003edep_map, 0, 1, _RET_IP_)\n lock_acquire\n __lock_acquire\n register_lock_class\n assign_lock_key\n dump_stack();\n ratelimit_state_init(\u0026sbi-\u003es_msg_ratelimit_state, 5 * HZ, 10);\n raw_spin_lock_init(\u0026rs-\u003elock);\n // init rs-\u003elock here\n\nand get the following dump_stack:\n\n=========================================================\nINFO: trying to register non-static key.\nThe code is fine but needs lockdep annotation, or maybe\nyou didn\u0027t initialize this object before use?\nturning off the locking correctness validator.\nCPU: 12 PID: 753 Comm: mount Tainted: G E 6.7.0-rc6-next-20231222 #504\n[...]\nCall Trace:\n dump_stack_lvl+0xc5/0x170\n dump_stack+0x18/0x30\n register_lock_class+0x740/0x7c0\n __lock_acquire+0x69/0x13a0\n lock_acquire+0x120/0x450\n _raw_spin_trylock+0x98/0xd0\n ___ratelimit+0xf6/0x220\n __ext4_msg+0x7f/0x160 [ext4]\n ext4_orphan_cleanup+0x665/0x740 [ext4]\n __ext4_fill_super+0x21ea/0x2b10 [ext4]\n ext4_fill_super+0x14d/0x360 [ext4]\n[...]\n=========================================================\n\nNormally interval is 0 until s_msg_ratelimit_state is initialized, so\n___ratelimit() does nothing. But registering sysfs precedes initializing\nrs-\u003elock, so it is possible to change rs-\u003einterval to a non-zero value\nvia the msg_ratelimit_interval_ms interface of sysfs while rs-\u003elock is\nuninitialized, and then a call to ext4_msg triggers the problem by\naccessing an uninitialized rs-\u003elock. Therefore register sysfs after all\ninitializations are complete to avoid such problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40998",
"url": "https://www.suse.com/security/cve/CVE-2024-40998"
},
{
"category": "external",
"summary": "SUSE Bug 1227866 for CVE-2024-40998",
"url": "https://bugzilla.suse.com/1227866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-40998"
},
{
"cve": "CVE-2024-40999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40999"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ena: Add validation for completion descriptors consistency\n\nValidate that `first` flag is set only for the first\ndescriptor in multi-buffer packets.\nIn case of an invalid descriptor, a reset will occur.\nA new reset reason for RX data corruption has been added.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40999",
"url": "https://www.suse.com/security/cve/CVE-2024-40999"
},
{
"category": "external",
"summary": "SUSE Bug 1227913 for CVE-2024-40999",
"url": "https://bugzilla.suse.com/1227913"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "low"
}
],
"title": "CVE-2024-40999"
},
{
"cve": "CVE-2024-41014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n 1) Mount an image of xfs, and do some file operations to leave records\n 2) Before umounting, copy the image for subsequent steps to simulate\n abnormal exit. Because umount will ensure that tail_blk and\n head_blk are the same, which will result in the inability to enter\n xlog_recover_process_data\n 3) Write a tool to parse and modify the copied image in step 2\n 4) Make the end of the xlog_op_header entries only 1 byte away from\n xlog_rec_header-\u003eh_size\n 5) xlog_rec_header-\u003eh_num_logops++\n 6) Modify xlog_rec_header-\u003eh_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41014",
"url": "https://www.suse.com/security/cve/CVE-2024-41014"
},
{
"category": "external",
"summary": "SUSE Bug 1228408 for CVE-2024-41014",
"url": "https://bugzilla.suse.com/1228408"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-41014"
},
{
"cve": "CVE-2024-41015",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41015"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_check_dir_entry()\n\nThis adds sanity checks for ocfs2_dir_entry to make sure all members of\nocfs2_dir_entry don\u0027t stray beyond valid memory region.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41015",
"url": "https://www.suse.com/security/cve/CVE-2024-41015"
},
{
"category": "external",
"summary": "SUSE Bug 1228409 for CVE-2024-41015",
"url": "https://bugzilla.suse.com/1228409"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "low"
}
],
"title": "CVE-2024-41015"
},
{
"cve": "CVE-2024-41016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe \u0027non-indexed\u0027, which saved with additional space\nrequested. It\u0027s better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41016",
"url": "https://www.suse.com/security/cve/CVE-2024-41016"
},
{
"category": "external",
"summary": "SUSE Bug 1228410 for CVE-2024-41016",
"url": "https://bugzilla.suse.com/1228410"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-41016"
},
{
"cve": "CVE-2024-41044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41044"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: reject claimed-as-LCP but actually malformed packets\n\nSince \u0027ppp_async_encode()\u0027 assumes valid LCP packets (with code\nfrom 1 to 7 inclusive), add \u0027ppp_check_packet()\u0027 to ensure that\nLCP packet has an actual body beyond PPP_LCP header bytes, and\nreject claimed-as-LCP but actually malformed data otherwise.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41044",
"url": "https://www.suse.com/security/cve/CVE-2024-41044"
},
{
"category": "external",
"summary": "SUSE Bug 1228530 for CVE-2024-41044",
"url": "https://bugzilla.suse.com/1228530"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-41044"
},
{
"cve": "CVE-2024-41048",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41048"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nskmsg: Skip zero length skb in sk_msg_recvmsg\n\nWhen running BPF selftests (./test_progs -t sockmap_basic) on a Loongarch\nplatform, the following kernel panic occurs:\n\n [...]\n Oops[#1]:\n CPU: 22 PID: 2824 Comm: test_progs Tainted: G OE 6.10.0-rc2+ #18\n Hardware name: LOONGSON Dabieshan/Loongson-TC542F0, BIOS Loongson-UDK2018\n ... ...\n ra: 90000000048bf6c0 sk_msg_recvmsg+0x120/0x560\n ERA: 9000000004162774 copy_page_to_iter+0x74/0x1c0\n CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n PRMD: 0000000c (PPLV0 +PIE +PWE)\n EUEN: 00000007 (+FPE +SXE +ASXE -BTE)\n ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7)\n ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0)\n BADV: 0000000000000040\n PRID: 0014c011 (Loongson-64bit, Loongson-3C5000)\n Modules linked in: bpf_testmod(OE) xt_CHECKSUM xt_MASQUERADE xt_conntrack\n Process test_progs (pid: 2824, threadinfo=0000000000863a31, task=...)\n Stack : ...\n Call Trace:\n [\u003c9000000004162774\u003e] copy_page_to_iter+0x74/0x1c0\n [\u003c90000000048bf6c0\u003e] sk_msg_recvmsg+0x120/0x560\n [\u003c90000000049f2b90\u003e] tcp_bpf_recvmsg_parser+0x170/0x4e0\n [\u003c90000000049aae34\u003e] inet_recvmsg+0x54/0x100\n [\u003c900000000481ad5c\u003e] sock_recvmsg+0x7c/0xe0\n [\u003c900000000481e1a8\u003e] __sys_recvfrom+0x108/0x1c0\n [\u003c900000000481e27c\u003e] sys_recvfrom+0x1c/0x40\n [\u003c9000000004c076ec\u003e] do_syscall+0x8c/0xc0\n [\u003c9000000003731da4\u003e] handle_syscall+0xc4/0x160\n Code: ...\n ---[ end trace 0000000000000000 ]---\n Kernel panic - not syncing: Fatal exception\n Kernel relocated by 0x3510000\n .text @ 0x9000000003710000\n .data @ 0x9000000004d70000\n .bss @ 0x9000000006469400\n ---[ end Kernel panic - not syncing: Fatal exception ]---\n [...]\n\nThis crash happens every time when running sockmap_skb_verdict_shutdown\nsubtest in sockmap_basic.\n\nThis crash is because a NULL pointer is passed to page_address() in the\nsk_msg_recvmsg(). Due to the different implementations depending on the\narchitecture, page_address(NULL) will trigger a panic on Loongarch\nplatform but not on x86 platform. So this bug was hidden on x86 platform\nfor a while, but now it is exposed on Loongarch platform. The root cause\nis that a zero length skb (skb-\u003elen == 0) was put on the queue.\n\nThis zero length skb is a TCP FIN packet, which was sent by shutdown(),\ninvoked in test_sockmap_skb_verdict_shutdown():\n\n\tshutdown(p1, SHUT_WR);\n\nIn this case, in sk_psock_skb_ingress_enqueue(), num_sge is zero, and no\npage is put to this sge (see sg_set_page in sg_set_page), but this empty\nsge is queued into ingress_msg list.\n\nAnd in sk_msg_recvmsg(), this empty sge is used, and a NULL page is got by\nsg_page(sge). Pass this NULL page to copy_page_to_iter(), which passes it\nto kmap_local_page() and to page_address(), then kernel panics.\n\nTo solve this, we should skip this zero length skb. So in sk_msg_recvmsg(),\nif copy is zero, that means it\u0027s a zero length skb, skip invoking\ncopy_page_to_iter(). We are using the EFAULT return triggered by\ncopy_page_to_iter to check for is_fin in tcp_bpf.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41048",
"url": "https://www.suse.com/security/cve/CVE-2024-41048"
},
{
"category": "external",
"summary": "SUSE Bug 1228565 for CVE-2024-41048",
"url": "https://bugzilla.suse.com/1228565"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-41048"
},
{
"cve": "CVE-2024-41059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41059"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix uninit-value in copy_name\n\n[syzbot reported]\nBUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160\n sized_strscpy+0xc4/0x160\n copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411\n hfsplus_listxattr+0x11e9/0x1a50 fs/hfsplus/xattr.c:750\n vfs_listxattr fs/xattr.c:493 [inline]\n listxattr+0x1f3/0x6b0 fs/xattr.c:840\n path_listxattr fs/xattr.c:864 [inline]\n __do_sys_listxattr fs/xattr.c:876 [inline]\n __se_sys_listxattr fs/xattr.c:873 [inline]\n __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873\n x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3877 [inline]\n slab_alloc_node mm/slub.c:3918 [inline]\n kmalloc_trace+0x57b/0xbe0 mm/slub.c:4065\n kmalloc include/linux/slab.h:628 [inline]\n hfsplus_listxattr+0x4cc/0x1a50 fs/hfsplus/xattr.c:699\n vfs_listxattr fs/xattr.c:493 [inline]\n listxattr+0x1f3/0x6b0 fs/xattr.c:840\n path_listxattr fs/xattr.c:864 [inline]\n __do_sys_listxattr fs/xattr.c:876 [inline]\n __se_sys_listxattr fs/xattr.c:873 [inline]\n __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873\n x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[Fix]\nWhen allocating memory to strbuf, initialize memory to 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41059",
"url": "https://www.suse.com/security/cve/CVE-2024-41059"
},
{
"category": "external",
"summary": "SUSE Bug 1228561 for CVE-2024-41059",
"url": "https://bugzilla.suse.com/1228561"
},
{
"category": "external",
"summary": "SUSE Bug 1228573 for CVE-2024-41059",
"url": "https://bugzilla.suse.com/1228573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "important"
}
],
"title": "CVE-2024-41059"
},
{
"cve": "CVE-2024-41060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: check bo_va-\u003ebo is non-NULL before using it\n\nThe call to radeon_vm_clear_freed might clear bo_va-\u003ebo, so\nwe have to check it before dereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41060",
"url": "https://www.suse.com/security/cve/CVE-2024-41060"
},
{
"category": "external",
"summary": "SUSE Bug 1228567 for CVE-2024-41060",
"url": "https://bugzilla.suse.com/1228567"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-41060"
},
{
"cve": "CVE-2024-41063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: cancel all works upon hci_unregister_dev()\n\nsyzbot is reporting that calling hci_release_dev() from hci_error_reset()\ndue to hci_dev_put() from hci_error_reset() can cause deadlock at\ndestroy_workqueue(), for hci_error_reset() is called from\nhdev-\u003ereq_workqueue which destroy_workqueue() needs to flush.\n\nWe need to make sure that hdev-\u003e{rx_work,cmd_work,tx_work} which are\nqueued into hdev-\u003eworkqueue and hdev-\u003e{power_on,error_reset} which are\nqueued into hdev-\u003ereq_workqueue are no longer running by the moment\n\n destroy_workqueue(hdev-\u003eworkqueue);\n destroy_workqueue(hdev-\u003ereq_workqueue);\n\nare called from hci_release_dev().\n\nCall cancel_work_sync() on these work items from hci_unregister_dev()\nas soon as hdev-\u003elist is removed from hci_dev_list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41063",
"url": "https://www.suse.com/security/cve/CVE-2024-41063"
},
{
"category": "external",
"summary": "SUSE Bug 1228580 for CVE-2024-41063",
"url": "https://bugzilla.suse.com/1228580"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-41063"
},
{
"cve": "CVE-2024-41064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41064"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/eeh: avoid possible crash when edev-\u003epdev changes\n\nIf a PCI device is removed during eeh_pe_report_edev(), edev-\u003epdev\nwill change and can cause a crash, hold the PCI rescan/remove lock\nwhile taking a copy of edev-\u003epdev-\u003ebus.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41064",
"url": "https://www.suse.com/security/cve/CVE-2024-41064"
},
{
"category": "external",
"summary": "SUSE Bug 1228599 for CVE-2024-41064",
"url": "https://bugzilla.suse.com/1228599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-41064"
},
{
"cve": "CVE-2024-41066",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41066"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Add tx check to prevent skb leak\n\nBelow is a summary of how the driver stores a reference to an skb during\ntransmit:\n tx_buff[free_map[consumer_index]]-\u003eskb = new_skb;\n free_map[consumer_index] = IBMVNIC_INVALID_MAP;\n consumer_index ++;\nWhere variable data looks like this:\n free_map == [4, IBMVNIC_INVALID_MAP, IBMVNIC_INVALID_MAP, 0, 3]\n \tconsumer_index^\n tx_buff == [skb=null, skb=\u003cptr\u003e, skb=\u003cptr\u003e, skb=null, skb=null]\n\nThe driver has checks to ensure that free_map[consumer_index] pointed to\na valid index but there was no check to ensure that this index pointed\nto an unused/null skb address. So, if, by some chance, our free_map and\ntx_buff lists become out of sync then we were previously risking an\nskb memory leak. This could then cause tcp congestion control to stop\nsending packets, eventually leading to ETIMEDOUT.\n\nTherefore, add a conditional to ensure that the skb address is null. If\nnot then warn the user (because this is still a bug that should be\npatched) and free the old pointer to prevent memleak/tcp problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41066",
"url": "https://www.suse.com/security/cve/CVE-2024-41066"
},
{
"category": "external",
"summary": "SUSE Bug 1228640 for CVE-2024-41066",
"url": "https://bugzilla.suse.com/1228640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-41066"
},
{
"cve": "CVE-2024-41070",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41070"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()\n\nAl reported a possible use-after-free (UAF) in kvm_spapr_tce_attach_iommu_group().\n\nIt looks up `stt` from tablefd, but then continues to use it after doing\nfdput() on the returned fd. After the fdput() the tablefd is free to be\nclosed by another thread. The close calls kvm_spapr_tce_release() and\nthen release_spapr_tce_table() (via call_rcu()) which frees `stt`.\n\nAlthough there are calls to rcu_read_lock() in\nkvm_spapr_tce_attach_iommu_group() they are not sufficient to prevent\nthe UAF, because `stt` is used outside the locked regions.\n\nWith an artifcial delay after the fdput() and a userspace program which\ntriggers the race, KASAN detects the UAF:\n\n BUG: KASAN: slab-use-after-free in kvm_spapr_tce_attach_iommu_group+0x298/0x720 [kvm]\n Read of size 4 at addr c000200027552c30 by task kvm-vfio/2505\n CPU: 54 PID: 2505 Comm: kvm-vfio Not tainted 6.10.0-rc3-next-20240612-dirty #1\n Hardware name: 8335-GTH POWER9 0x4e1202 opal:skiboot-v6.5.3-35-g1851b2a06 PowerNV\n Call Trace:\n dump_stack_lvl+0xb4/0x108 (unreliable)\n print_report+0x2b4/0x6ec\n kasan_report+0x118/0x2b0\n __asan_load4+0xb8/0xd0\n kvm_spapr_tce_attach_iommu_group+0x298/0x720 [kvm]\n kvm_vfio_set_attr+0x524/0xac0 [kvm]\n kvm_device_ioctl+0x144/0x240 [kvm]\n sys_ioctl+0x62c/0x1810\n system_call_exception+0x190/0x440\n system_call_vectored_common+0x15c/0x2ec\n ...\n Freed by task 0:\n ...\n kfree+0xec/0x3e0\n release_spapr_tce_table+0xd4/0x11c [kvm]\n rcu_core+0x568/0x16a0\n handle_softirqs+0x23c/0x920\n do_softirq_own_stack+0x6c/0x90\n do_softirq_own_stack+0x58/0x90\n __irq_exit_rcu+0x218/0x2d0\n irq_exit+0x30/0x80\n arch_local_irq_restore+0x128/0x230\n arch_local_irq_enable+0x1c/0x30\n cpuidle_enter_state+0x134/0x5cc\n cpuidle_enter+0x6c/0xb0\n call_cpuidle+0x7c/0x100\n do_idle+0x394/0x410\n cpu_startup_entry+0x60/0x70\n start_secondary+0x3fc/0x410\n start_secondary_prolog+0x10/0x14\n\nFix it by delaying the fdput() until `stt` is no longer in use, which\nis effectively the entire function. To keep the patch minimal add a call\nto fdput() at each of the existing return paths. Future work can convert\nthe function to goto or __cleanup style cleanup.\n\nWith the fix in place the test case no longer triggers the UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41070",
"url": "https://www.suse.com/security/cve/CVE-2024-41070"
},
{
"category": "external",
"summary": "SUSE Bug 1228581 for CVE-2024-41070",
"url": "https://bugzilla.suse.com/1228581"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-41070"
},
{
"cve": "CVE-2024-41071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41071"
}
],
"notes": [
{
"category": "general",
"text": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41071",
"url": "https://www.suse.com/security/cve/CVE-2024-41071"
},
{
"category": "external",
"summary": "SUSE Bug 1228625 for CVE-2024-41071",
"url": "https://bugzilla.suse.com/1228625"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-41071"
},
{
"cve": "CVE-2024-41072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41072"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: wext: add extra SIOCSIWSCAN data check\n\nIn \u0027cfg80211_wext_siwscan()\u0027, add extra check whether number of\nchannels passed via \u0027ioctl(sock, SIOCSIWSCAN, ...)\u0027 doesn\u0027t exceed\nIW_MAX_FREQUENCIES and reject invalid request with -EINVAL otherwise.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41072",
"url": "https://www.suse.com/security/cve/CVE-2024-41072"
},
{
"category": "external",
"summary": "SUSE Bug 1228626 for CVE-2024-41072",
"url": "https://bugzilla.suse.com/1228626"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-41072"
},
{
"cve": "CVE-2024-41076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4: Fix memory leak in nfs4_set_security_label\n\nWe leak nfs_fattr and nfs4_label every time we set a security xattr.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41076",
"url": "https://www.suse.com/security/cve/CVE-2024-41076"
},
{
"category": "external",
"summary": "SUSE Bug 1228649 for CVE-2024-41076",
"url": "https://bugzilla.suse.com/1228649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "low"
}
],
"title": "CVE-2024-41076"
},
{
"cve": "CVE-2024-41078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: fix quota root leak after quota disable failure\n\nIf during the quota disable we fail when cleaning the quota tree or when\ndeleting the root from the root tree, we jump to the \u0027out\u0027 label without\never dropping the reference on the quota root, resulting in a leak of the\nroot since fs_info-\u003equota_root is no longer pointing to the root (we have\nset it to NULL just before those steps).\n\nFix this by always doing a btrfs_put_root() call under the \u0027out\u0027 label.\nThis is a problem that exists since qgroups were first added in 2012 by\ncommit bed92eae26cc (\"Btrfs: qgroup implementation and prototypes\"), but\nback then we missed a kfree on the quota root and free_extent_buffer()\ncalls on its root and commit root nodes, since back then roots were not\nyet reference counted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41078",
"url": "https://www.suse.com/security/cve/CVE-2024-41078"
},
{
"category": "external",
"summary": "SUSE Bug 1228655 for CVE-2024-41078",
"url": "https://bugzilla.suse.com/1228655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "low"
}
],
"title": "CVE-2024-41078"
},
{
"cve": "CVE-2024-41081",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41081"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: block BH in ila_output()\n\nAs explained in commit 1378817486d6 (\"tipc: block BH\nbefore using dst_cache\"), net/core/dst_cache.c\nhelpers need to be called with BH disabled.\n\nila_output() is called from lwtunnel_output()\npossibly from process context, and under rcu_read_lock().\n\nWe might be interrupted by a softirq, re-enter ila_output()\nand corrupt dst_cache data structures.\n\nFix the race by using local_bh_disable().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41081",
"url": "https://www.suse.com/security/cve/CVE-2024-41081"
},
{
"category": "external",
"summary": "SUSE Bug 1228617 for CVE-2024-41081",
"url": "https://bugzilla.suse.com/1228617"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-41081"
},
{
"cve": "CVE-2024-41089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes\n\nIn nv17_tv_get_hd_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). The same applies to drm_cvt_mode().\nAdd a check to avoid null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41089",
"url": "https://www.suse.com/security/cve/CVE-2024-41089"
},
{
"category": "external",
"summary": "SUSE Bug 1228658 for CVE-2024-41089",
"url": "https://bugzilla.suse.com/1228658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-41089"
},
{
"cve": "CVE-2024-41090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntap: add missing verification for short frame\n\nThe cited commit missed to check against the validity of the frame length\nin the tap_get_user_xdp() path, which could cause a corrupted skb to be\nsent downstack. Even before the skb is transmitted, the\ntap_get_user_xdp()--\u003eskb_set_network_header() may assume the size is more\nthan ETH_HLEN. Once transmitted, this could either cause out-of-bound\naccess beyond the actual length, or confuse the underlayer with incorrect\nor inconsistent header length in the skb metadata.\n\nIn the alternative path, tap_get_user() already prohibits short frame which\nhas the length less than Ethernet header size from being transmitted.\n\nThis is to drop any frame shorter than the Ethernet header size just like\nhow tap_get_user() does.\n\nCVE: CVE-2024-41090",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41090",
"url": "https://www.suse.com/security/cve/CVE-2024-41090"
},
{
"category": "external",
"summary": "SUSE Bug 1228328 for CVE-2024-41090",
"url": "https://bugzilla.suse.com/1228328"
},
{
"category": "external",
"summary": "SUSE Bug 1228714 for CVE-2024-41090",
"url": "https://bugzilla.suse.com/1228714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "important"
}
],
"title": "CVE-2024-41090"
},
{
"cve": "CVE-2024-41091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41091"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntun: add missing verification for short frame\n\nThe cited commit missed to check against the validity of the frame length\nin the tun_xdp_one() path, which could cause a corrupted skb to be sent\ndownstack. Even before the skb is transmitted, the\ntun_xdp_one--\u003eeth_type_trans() may access the Ethernet header although it\ncan be less than ETH_HLEN. Once transmitted, this could either cause\nout-of-bound access beyond the actual length, or confuse the underlayer\nwith incorrect or inconsistent header length in the skb metadata.\n\nIn the alternative path, tun_get_user() already prohibits short frame which\nhas the length less than Ethernet header size from being transmitted for\nIFF_TAP.\n\nThis is to drop any frame shorter than the Ethernet header size just like\nhow tun_get_user() does.\n\nCVE: CVE-2024-41091",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41091",
"url": "https://www.suse.com/security/cve/CVE-2024-41091"
},
{
"category": "external",
"summary": "SUSE Bug 1228327 for CVE-2024-41091",
"url": "https://bugzilla.suse.com/1228327"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-41091"
},
{
"cve": "CVE-2024-41095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes\n\nIn nv17_tv_get_ld_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41095",
"url": "https://www.suse.com/security/cve/CVE-2024-41095"
},
{
"category": "external",
"summary": "SUSE Bug 1228662 for CVE-2024-41095",
"url": "https://bugzilla.suse.com/1228662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-41095"
},
{
"cve": "CVE-2024-42070",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42070"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers\n\nregister store validation for NFT_DATA_VALUE is conditional, however,\nthe datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This\nonly requires a new helper function to infer the register type from the\nset datatype so this conditional check can be removed. Otherwise,\npointer to chain object can be leaked through the registers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42070",
"url": "https://www.suse.com/security/cve/CVE-2024-42070"
},
{
"category": "external",
"summary": "SUSE Bug 1228470 for CVE-2024-42070",
"url": "https://bugzilla.suse.com/1228470"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "low"
}
],
"title": "CVE-2024-42070"
},
{
"cve": "CVE-2024-42093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42093"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/dpaa2: Avoid explicit cpumask var allocation on stack\n\nFor CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask\nvariable on stack is not recommended since it can cause potential stack\noverflow.\n\nInstead, kernel code should always use *cpumask_var API(s) to allocate\ncpumask var in config-neutral way, leaving allocation strategy to\nCONFIG_CPUMASK_OFFSTACK.\n\nUse *cpumask_var API(s) to address it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42093",
"url": "https://www.suse.com/security/cve/CVE-2024-42093"
},
{
"category": "external",
"summary": "SUSE Bug 1228680 for CVE-2024-42093",
"url": "https://bugzilla.suse.com/1228680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-42093"
},
{
"cve": "CVE-2024-42096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86: stop playing stack games in profile_pc()\n\nThe \u0027profile_pc()\u0027 function is used for timer-based profiling, which\nisn\u0027t really all that relevant any more to begin with, but it also ends\nup making assumptions based on the stack layout that aren\u0027t necessarily\nvalid.\n\nBasically, the code tries to account the time spent in spinlocks to the\ncaller rather than the spinlock, and while I support that as a concept,\nit\u0027s not worth the code complexity or the KASAN warnings when no serious\nprofiling is done using timers anyway these days.\n\nAnd the code really does depend on stack layout that is only true in the\nsimplest of cases. We\u0027ve lost the comment at some point (I think when\nthe 32-bit and 64-bit code was unified), but it used to say:\n\n\tAssume the lock function has either no stack frame or a copy\n\tof eflags from PUSHF.\n\nwhich explains why it just blindly loads a word or two straight off the\nstack pointer and then takes a minimal look at the values to just check\nif they might be eflags or the return pc:\n\n\tEflags always has bits 22 and up cleared unlike kernel addresses\n\nbut that basic stack layout assumption assumes that there isn\u0027t any lock\ndebugging etc going on that would complicate the code and cause a stack\nframe.\n\nIt causes KASAN unhappiness reported for years by syzkaller [1] and\nothers [2].\n\nWith no real practical reason for this any more, just remove the code.\n\nJust for historical interest, here\u0027s some background commits relating to\nthis code from 2006:\n\n 0cb91a229364 (\"i386: Account spinlocks to the caller during profiling for !FP kernels\")\n 31679f38d886 (\"Simplify profile_pc on x86-64\")\n\nand a code unification from 2009:\n\n ef4512882dbe (\"x86: time_32/64.c unify profile_pc\")\n\nbut the basics of this thing actually goes back to before the git tree.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42096",
"url": "https://www.suse.com/security/cve/CVE-2024-42096"
},
{
"category": "external",
"summary": "SUSE Bug 1228633 for CVE-2024-42096",
"url": "https://bugzilla.suse.com/1228633"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-42096"
},
{
"cve": "CVE-2024-42119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42119"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip finding free audio for unknown engine_id\n\n[WHY]\nENGINE_ID_UNKNOWN = -1 and can not be used as an array index. Plus, it\nalso means it is uninitialized and does not need free audio.\n\n[HOW]\nSkip and return NULL.\n\nThis fixes 2 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42119",
"url": "https://www.suse.com/security/cve/CVE-2024-42119"
},
{
"category": "external",
"summary": "SUSE Bug 1228584 for CVE-2024-42119",
"url": "https://bugzilla.suse.com/1228584"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-42119"
},
{
"cve": "CVE-2024-42120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42120"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check pipe offset before setting vblank\n\npipe_ctx has a size of MAX_PIPES so checking its index before accessing\nthe array.\n\nThis fixes an OVERRUN issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42120",
"url": "https://www.suse.com/security/cve/CVE-2024-42120"
},
{
"category": "external",
"summary": "SUSE Bug 1228588 for CVE-2024-42120",
"url": "https://bugzilla.suse.com/1228588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-42120"
},
{
"cve": "CVE-2024-42124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Make qedf_execute_tmf() non-preemptible\n\nStop calling smp_processor_id() from preemptible code in\nqedf_execute_tmf90. This results in BUG_ON() when running an RT kernel.\n\n[ 659.343280] BUG: using smp_processor_id() in preemptible [00000000] code: sg_reset/3646\n[ 659.343282] caller is qedf_execute_tmf+0x8b/0x360 [qedf]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42124",
"url": "https://www.suse.com/security/cve/CVE-2024-42124"
},
{
"category": "external",
"summary": "SUSE Bug 1228705 for CVE-2024-42124",
"url": "https://bugzilla.suse.com/1228705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-42124"
},
{
"cve": "CVE-2024-42145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/core: Implement a limit on UMAD receive List\n\nThe existing behavior of ib_umad, which maintains received MAD\npackets in an unbounded list, poses a risk of uncontrolled growth.\nAs user-space applications extract packets from this list, the rate\nof extraction may not match the rate of incoming packets, leading\nto potential list overflow.\n\nTo address this, we introduce a limit to the size of the list. After\nconsidering typical scenarios, such as OpenSM processing, which can\nhandle approximately 100k packets per second, and the 1-second retry\ntimeout for most packets, we set the list size limit to 200k. Packets\nreceived beyond this limit are dropped, assuming they are likely timed\nout by the time they are handled by user-space.\n\nNotably, packets queued on the receive list due to reasons like\ntimed-out sends are preserved even when the list is full.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42145",
"url": "https://www.suse.com/security/cve/CVE-2024-42145"
},
{
"category": "external",
"summary": "SUSE Bug 1223384 for CVE-2024-42145",
"url": "https://bugzilla.suse.com/1223384"
},
{
"category": "external",
"summary": "SUSE Bug 1228743 for CVE-2024-42145",
"url": "https://bugzilla.suse.com/1228743"
},
{
"category": "external",
"summary": "SUSE Bug 1228744 for CVE-2024-42145",
"url": "https://bugzilla.suse.com/1228744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "important"
}
],
"title": "CVE-2024-42145"
},
{
"cve": "CVE-2024-42223",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42223"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: tda10048: Fix integer overflow\n\nstate-\u003extal_hz can be up to 16M, so it can overflow a 32 bit integer\nwhen multiplied by pll_mfactor.\n\nCreate a new 64 bit variable to hold the calculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42223",
"url": "https://www.suse.com/security/cve/CVE-2024-42223"
},
{
"category": "external",
"summary": "SUSE Bug 1228726 for CVE-2024-42223",
"url": "https://bugzilla.suse.com/1228726"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-42223"
},
{
"cve": "CVE-2024-42224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42224"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Correct check for empty list\n\nSince commit a3c53be55c95 (\"net: dsa: mv88e6xxx: Support multiple MDIO\nbusses\") mv88e6xxx_default_mdio_bus() has checked that the\nreturn value of list_first_entry() is non-NULL.\n\nThis appears to be intended to guard against the list chip-\u003emdios being\nempty. However, it is not the correct check as the implementation of\nlist_first_entry is not designed to return NULL for empty lists.\n\nInstead, use list_first_entry_or_null() which does return NULL if the\nlist is empty.\n\nFlagged by Smatch.\nCompile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42224",
"url": "https://www.suse.com/security/cve/CVE-2024-42224"
},
{
"category": "external",
"summary": "SUSE Bug 1228723 for CVE-2024-42224",
"url": "https://bugzilla.suse.com/1228723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.194.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.194.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.194.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:24:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-42224"
}
]
}
suse-su-2025:20047-1
Vulnerability from csaf_suse
Published
2025-02-03 08:55
Modified
2025-02-03 08:55
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Micro 6.0 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage (bsc#1221326).
- CVE-2023-52581: netfilter: nf_tables: fix memleak when more than 255 elements expired (bsc#1220877).
- CVE-2023-52859: perf: hisi: Fix use-after-free when register pmu fails (bsc#1225582).
- CVE-2023-52889: apparmor: Fix null pointer deref when receiving skb during sock creation (bsc#1229287).
- CVE-2024-26590: erofs: fix inconsistent per-file compression format (bsc#1220252).
- CVE-2024-26631: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).
- CVE-2024-26668: netfilter: nft_limit: reject configurations that cause integer overflow (bsc#1222335).
- CVE-2024-26669: kABI fix for net/sched: flower: Fix chain template offload (bsc#1222350).
- CVE-2024-26677: Blacklist e7870cf13d20 (" Fix delayed ACKs to not set the reference serial number") (bsc#1222387)
- CVE-2024-26735: ipv6: sr: fix possible use-after-free and null-ptr-deref (bsc#1222372).
- CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
- CVE-2024-26809: netfilter: nft_set_pipapo: release elements in clone only from destroy path (bsc#1222633).
- CVE-2024-26812: kABI: vfio: struct virqfd kABI workaround (bsc#1222808).
- CVE-2024-26835: netfilter: nf_tables: set dormant flag on hook register failure (bsc#1222967).
- CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973).
- CVE-2024-26851: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (bsc#1223074)
- CVE-2024-27010: net/sched: Fix mirred deadlock on device recursion (bsc#1223720).
- CVE-2024-27011: netfilter: nf_tables: fix memleak in map from abort path (bsc#1223803).
- CVE-2024-27024: net/rds: fix WARNING in rds_conn_connect_if_down (bsc#1223777).
- CVE-2024-27079: iommu/vt-d: Fix NULL domain on device release (bsc#1223742).
- CVE-2024-27403: kabi: restore const specifier in flow_offload_route_init() (bsc#1224415).
- CVE-2024-27433: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() (bsc#1224711).
- CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625).
- CVE-2024-35897: netfilter: nf_tables: discard table flag update with pending basechain deletion (bsc#1224510).
- CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535).
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
- CVE-2024-36286: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
- CVE-2024-36489: tls: fix missing memory barrier in tls_init (bsc#1226874)
- CVE-2024-36881: mm/userfaultfd: Fix reset ptes when close() for wr-protected (bsc#1225718).
- CVE-2024-36929: net: core: reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).
- CVE-2024-36933: net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).
- CVE-2024-36979: net: bridge: mst: fix vlan use-after-free (bsc#1226604).
- CVE-2024-38662: selftests/bpf: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
- CVE-2024-39489: ipv6: sr: fix memleak in seg6_hmac_init_algo (bsc#1227623)
- CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729).
- CVE-2024-40905: ipv6: fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)
- CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798).
- CVE-2024-40920: net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (bsc#1227781).
- CVE-2024-40921: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (bsc#1227784).
- CVE-2024-40938: landlock: fix d_parent walk (bsc#1227840).
- CVE-2024-40939: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail (bsc#1227799).
- CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).
- CVE-2024-40957: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (bsc#1227811).
- CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812).
- CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884).
- CVE-2024-40978: scsi: qedi: Fix crash while reading debugfs attribute (bsc#1227929).
- CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).
- CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).
- CVE-2024-40995: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
- CVE-2024-41000: block/ioctl: prefer different overflow check (bsc#1227867).
- CVE-2024-41007: tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).
- CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020).
- CVE-2024-41010: bpf: Fix too early release of tcx_entry (bsc#1228021).
- CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
- CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409).
- CVE-2024-41020: filelock: Fix fcntl/close race recovery compat path (bsc#1228427).
- CVE-2024-41032: mm: vmalloc: check if a hash-index is in cpu_possible_mask (bsc#1228460).
- CVE-2024-41036: net: ks8851: Fix deadlock with the SPI chip variant (bsc#1228496).
- CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518).
- CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520).
- CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530).
- CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565).
- CVE-2024-41050: cachefiles: cyclic allocation of msg_id to avoid reuse (bsc#1228499).
- CVE-2024-41051: cachefiles: wait for ondemand_object_worker to finish when dropping object (bsc#1228468).
- CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462).
- CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459).
- CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576).
- CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599).
- CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640).
- CVE-2024-41068: s390/sclp: Fix sclp_init() cleanup on failure (bsc#1228579).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
- CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581).
- CVE-2024-41074: cachefiles: Set object to close if ondemand_id < 0 in copen (bsc#1228643).
- CVE-2024-41075: cachefiles: add consistency check for copen/cread (bsc#1228646).
- CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649).
- CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655).
- CVE-2024-41080: io_uring: fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).
- CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617).
- CVE-2024-41084: cxl/region: Avoid null pointer dereference in region lookup (bsc#1228472).
- CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470).
- CVE-2024-42073: mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems (bsc#1228457).
- CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672).
- CVE-2024-42082: xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
- CVE-2024-42095: serial: 8250_omap: Fix Errata i2310 with RX FIFO level check (bsc#1228446).
- CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633).
- CVE-2024-42106: inet_diag: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
- CVE-2024-42107: ice: Do not process extts if PTP is disabled (bsc#1228494).
- CVE-2024-42109: netfilter: nf_tables: unconditionally flush pending work before notifier (bsc#1228505).
- CVE-2024-42110: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
- CVE-2024-42113: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts (bsc#1228568).
- CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591).
- CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705).
- CVE-2024-42138: mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file (bsc#1228500).
- CVE-2024-42139: ice: Fix improper extts handling (bsc#1228503).
- CVE-2024-42142: net/mlx5: E-switch, Create ingress ACL when needed (bsc#1228491).
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743).
- CVE-2024-42148: bnx2x: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
- CVE-2024-42155: s390/pkey: Wipe copies of protected- and secure-keys (bsc#1228733).
- CVE-2024-42156: s390/pkey: Wipe copies of clear-key structures on failure (bsc#1228722).
- CVE-2024-42157: s390/pkey: Wipe sensitive data on failure (bsc#1228727).
- CVE-2024-42158: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
- CVE-2024-42159: scsi: mpi3mr: fix sanitise num_phys (bsc#1228754).
- CVE-2024-42161: bpf: avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756).
- CVE-2024-42162: gve: Account for stopped queues when reading NIC stats (bsc#1228706).
- CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723).
- CVE-2024-42241: mm/shmem: disable PMD-sized page cache if needed (bsc#1228986).
- CVE-2024-42245: Revert "sched/fair: Make sure to try to detach at least one movable task" (bsc#1228978).
- CVE-2024-42246: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
- CVE-2024-42247: wireguard: allowedips: avoid unaligned 64-bit memory accesses (bsc#1228988).
- CVE-2024-42268: net/mlx5: Fix missing lock on sync reset reload (bsc#1229391).
- CVE-2024-42269: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init() (bsc#1229402).
- CVE-2024-42270: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init() (bsc#1229404).
- CVE-2024-42277: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).
- CVE-2024-42281: bpf: Fix a segment issue when downgrading gso_size (bsc#1229386).
- CVE-2024-42283: net: nexthop: Initialize all fields in dumped nexthops (bsc#1229383)
- CVE-2024-42284: tipc: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
- CVE-2024-42290: irqchip/imx-irqsteer: Handle runtime power management correctly (bsc#1229379).
- CVE-2024-42291: ice: Add a per-VF limit on number of FDIR filters (bsc#1229374).
- CVE-2024-42295: nilfs2: handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).
- CVE-2024-42301: dev/parport: fix the array out-of-bounds risk (bsc#1229407).
- CVE-2024-42312: sysctl: always initialize i_uid/i_gid (bsc#1229357)
- CVE-2024-42316: mm/mglru: fix div-by-zero in vmpressure_calc_level() (bsc#1229353).
- CVE-2024-42318: landlock: Do not lose track of restrictions on cred_transfer (bsc#1229351).
- CVE-2024-42322: ipvs: properly dereference pe in ip_vs_add_service (bsc#1229347)
- CVE-2024-43821: scsi: lpfc: Fix a possible null pointer dereference (bsc#1229315).
- CVE-2024-43831: media: mediatek: vcodec: Handle invalid decoder vsi (bsc#1229309).
- CVE-2024-43834: xdp: fix invalid wait context of page_pool_destroy() (bsc#1229314)
- CVE-2024-43837: bpf: Fix updating attached freplace prog in prog_array map (bsc#1229297).
- CVE-2024-43839: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
- CVE-2024-43850: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove (bsc#1229316).
- CVE-2024-43854: block: initialize integrity buffer to zero before writing it to media (bsc#1229345)
- CVE-2024-43855: md: fix deadlock between mddev_suspend and flush bio (bsc#1229342).
- CVE-2024-43864: net/mlx5e: Fix CT entry update leaks of modify header context (bsc#1229496).
- CVE-2024-43866: net/mlx5: Always drain health in shutdown callback (bsc#1229495).
- CVE-2024-43880: kabi: lib: objagg: Put back removed metod in struct objagg_ops (bsc#1229481).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2024-43899: drm/amd/display: Fix null pointer deref in dcn20_resource.c (bsc#1229754).
- CVE-2024-43911: wifi: mac80211: fix NULL dereference at band check in starting tx ba session (bsc#1229827).
The following non-security bugs were fixed:
- ACPI/NUMA: Apply SRAT proximity domain to entire CFMWS window (git-fixes).
- ACPI: SBS: manage alarm sysfs attribute through psy core (stable-fixes).
- ACPI: battery: create alarm sysfs attribute atomically (stable-fixes).
- ACPI: processor_idle: use raw_safe_halt() in acpi_idle_play_dead() (git-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).
- ALSA: hda/realtek - FIxed ALC285 headphone no sound (stable-fixes).
- ALSA: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).
- ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G (stable-fixes).
- ALSA: hda/realtek: Add support for new HP G12 laptops (stable-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs on HP Laptop 14-ey0xxx (stable-fixes).
- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book3 Ultra (stable-fixes).
- ALSA: hda/realtek: Implement sound init sequence for Samsung Galaxy Book3 Pro 360 (stable-fixes).
- ALSA: hda/realtek: support HP Pavilion Aero 13-bg0xxx Mute LED (stable-fixes).
- ALSA: hda/tas2781: Use correct endian conversion (git-fixes).
- ALSA: hda/tas2781: fix wrong calibrated data order (git-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).
- ALSA: hda: Conditionally use snooping for AMD HDMI (git-fixes).
- ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- ALSA: seq: Skip event type filtering for UMP events (git-fixes).
- ALSA: seq: ump: Explicitly reset RPN with Null RPN (stable-fixes).
- ALSA: seq: ump: Optimize conversions from SysEx to UMP (git-fixes).
- ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes).
- ALSA: seq: ump: Use the common RPN/bank conversion context (stable-fixes).
- ALSA: timer: Relax start tick time check for slave timer elements (git-fixes).
- ALSA: ump: Explicitly reset RPN with Null RPN (stable-fixes).
- ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes).
- ALSA: usb-audio: Correct surround channels in UAC1 channel map (git-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- ALSA: usb-audio: Support Yamaha P-125 quirk entry (stable-fixes).
- ALSA: usb: Fix UBSAN warning in parse_audio_unit() (stable-fixes).
- ASoC: SOF: Intel: hda-dsp: Make sure that no irq handler is pending before suspend (stable-fixes).
- ASoC: SOF: Remove libraries from topology lookups (git-fixes).
- ASoC: SOF: Remove libraries from topology lookups (git-fixes).
- ASoC: SOF: amd: Fix for acp init sequence (git-fixes).
- ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data (stable-fixes).
- ASoC: SOF: mediatek: Add missing board compatible (stable-fixes).
- ASoC: allow module autoloading for table board_ids (stable-fixes).
- ASoC: allow module autoloading for table db1200_pids (stable-fixes).
- ASoC: amd: acp: fix module autoloading (git-fixes).
- ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop 16-n0xxx (bsc#1227182).
- ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes).
- ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes).
- ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes).
- ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes).
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes).
- ASoC: cs35l45: Checks index of cs35l45_irqs[] (stable-fixes).
- ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes).
- ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes).
- ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes).
- ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes).
- ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes).
- ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes).
- ASoC: mediatek: mt8188: Mark AFE_DAC_CON0 register as volatile (stable-fixes).
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes).
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes).
- ASoC: nau8822: Lower debug print priority (stable-fixes).
- ASoC: nau8822: Lower debug print priority (stable-fixes).
- Bluetooth: Add device 13d3:3572 IMC Networks Bluetooth Radio (stable-fixes).
- Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes).
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- Bluetooth: MGMT: Add error handling to pair_device() (git-fixes).
- Bluetooth: SMP: Fix assumption of Central always being Initiator (git-fixes).
- Bluetooth: bnep: Fix out-of-bound access (stable-fixes).
- Bluetooth: btintel: Fail setup on error (git-fixes).
- Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading (stable-fixes).
- Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (stable-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (stable-fixes).
- Bluetooth: hci_conn: Check non NULL function before calling for HFP offload (stable-fixes).
- Bluetooth: hci_core: Fix LE quote calculation (git-fixes).
- Bluetooth: hci_core: Fix not handling hibernation actions (git-fixes).
- Bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes).
- Bluetooth: hci_sync: avoid dup filtering when passive scanning with adv monitor (git-fixes).
- Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (git-fixes).
- Drop libata patch that caused a regression (bsc#1229054)
- Fix build errors without patches.kabi (bsc#1226502)
- HID: wacom: Defer calculation of resolution until resolution_code is known (git-fixes).
- Input: MT - limit max slots (stable-fixes).
- Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (bsc#1229056).
- Input: i8042 - add forcenorestore quirk to leave controller untouched even on s3 (stable-fixes).
- Input: i8042 - use new forcenorestore quirk to replace old buggy quirk combination (stable-fixes).
- KVM: Always flush async #PF workqueue when vCPU is being destroyed (git-fixes).
- KVM: Make KVM_MEM_GUEST_MEMFD mutually exclusive with KVM_MEM_READONLY (git-fixes).
- KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869).
- KVM: PPC: Book3S HV: Handle pending exceptions on guest entry with MSR_EE (bsc#1215199).
- KVM: Protect vcpu->pid dereference via debugfs with RCU (git-fixes).
- KVM: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes).
- KVM: Stop processing *all* memslots when "null" mmu_notifier handler is found (git-fixes).
- KVM: VMX: Move posted interrupt descriptor out of VMX code (git-fixes).
- KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() (git-fixes).
- KVM: VMX: Switch __vmx_exit() and kvm_x86_vendor_exit() in vmx_exit() (git-fixes).
- KVM: arm64: AArch32: Fix spurious trapping of conditional instructions (git-fixes).
- KVM: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (git-fixes).
- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes).
- KVM: arm64: Fix AArch32 register narrowing on userspace write (git-fixes).
- KVM: arm64: Fix __pkvm_init_switch_pgd call ABI (git-fixes).
- KVM: arm64: Fix clobbered ELR in sync abort/SError (git-fixes)
- KVM: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes).
- KVM: arm64: timers: Correctly handle TGE flip with CNTPOFF_EL2 (git-fixes).
- KVM: arm64: timers: Fix resource leaks in kvm_timer_hyp_init() (git-fixes).
- KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes).
- KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes).
- KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes).
- KVM: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes).
- KVM: arm64: vgic: Add a non-locking primitive for kvm_vgic_vcpu_destroy() (git-fixes).
- KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy (git-fixes).
- KVM: arm64: vgic: Simplify kvm_vgic_destroy() (git-fixes).
- KVM: fix kvm_mmu_memory_cache allocation warning (git-fixes).
- KVM: nVMX: Add a helper to get highest pending from Posted Interrupt vector (git-fixes).
- KVM: nVMX: Check for pending posted interrupts when looking for nested events (git-fixes).
- KVM: nVMX: Request immediate exit iff pending nested event needs injection (git-fixes).
- KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes).
- KVM: s390: fix validity interception issue when gisa is switched off (git-fixes bsc#1229167).
- KVM: x86/mmu: Bug the VM if KVM tries to split a !hugepage SPTE (git-fixes).
- KVM: x86: Limit check IDs for KVM_SET_BOOT_CPU_ID (git-fixes).
- Move upstreamed powerpc patches into sorted section
- Move upstreamed sound patches into sorted section
- Moved upstreamed ASoC patch into sorted section
- NFSD: Support write delegations in LAYOUTGET (git-fixes).
- NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).
- PCI: Add Edimax Vendor ID to pci_ids.h (stable-fixes).
- PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes).
- PCI: loongson: Enable MSI in LS7A Root Complex (stable-fixes).
- RDMA/cache: Release GID table even if leak is detected (git-fixes)
- RDMA/device: Return error earlier if port in not valid (git-fixes)
- RDMA/hns: Check atomic wr length (git-fixes)
- RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes)
- RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes)
- RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes)
- RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes)
- RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes)
- RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes)
- RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes)
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes)
- RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes).
- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes)
- RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes)
- RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes)
- RDMA/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes)
- RDMA: Fix netdev tracker in ib_device_set_netdev (git-fixes)
- README.BRANCH: Add Petr Tesarik as branch maintainer
- Revert "ALSA: firewire-lib: obsolete workqueue for period update" (bsc#1208783).
- Revert "ALSA: firewire-lib: operate for period elapse event in process context" (bsc#1208783).
- Revert "KVM: Prevent module exit until all VMs are freed" (git-fixes).
- Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" (git-fixes).
- Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" (git-fixes).
- Revert "misc: fastrpc: Restrict untrusted app to attach to privileged PD" (git-fixes).
- Revert "usb: gadget: uvc: cleanup request when not in correct state" (stable-fixes).
- Revert "usb: typec: tcpm: clear pd_event queue in PORT_RESET" (git-fixes).
- SUNRPC: Fix a race to wake a sync task (git-fixes).
- SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes).
- Squashfs: fix variable overflow triggered by sysbot (git-fixes).
- USB: serial: debug: do not echo input by default (stable-fixes).
- Update config files. Disable vdpa drivers for Alibaba ENI and SolidNET (jsc#PED-8954, bsc#1227834)
- Update config files. Disable CONFIG_KFENCE on ppc64le (bsc#1226920)
- Update patch refefernce for MFD patch (jsc#PED-10029)
- Update patch reference for MD patch (jsc#PED-10029 jsc#PED-10045)
- Update patch reference for SPI patch (jsc#PED-10105)
- Update patch reference for iwlwifi fix (jsc#PED-10055)
- Update patch reference of USB patch (jsc#PED-10108)
- Update patch references for ASoC regression fixes (bsc#1229045 bsc#1229046)
- afs: fix __afs_break_callback() / afs_drop_open_mmap() race (git-fixes).
- apparmor: unpack transition table if dfa is not present (bsc#1226031).
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- arm64: Add Neoverse-V2 part (git-fixes)
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- arm64: barrier: Restore spec_bar() macro (git-fixes)
- arm64: cputype: Add Cortex-A720 definitions (git-fixes)
- arm64: cputype: Add Cortex-A725 definitions (git-fixes)
- arm64: cputype: Add Cortex-X1C definitions (git-fixes)
- arm64: cputype: Add Cortex-X3 definitions (git-fixes)
- arm64: cputype: Add Cortex-X4 definitions (git-fixes)
- arm64: cputype: Add Cortex-X925 definitions (git-fixes)
- arm64: cputype: Add Neoverse-V3 definitions (git-fixes)
- arm64: dts: imx8mp: Add NPU Node (git-fixes)
- arm64: dts: imx8mp: Fix pgc vpu locations (git-fixes)
- arm64: dts: imx8mp: Fix pgc_mlmix location (git-fixes)
- arm64: dts: imx8mp: add HDMI power-domains (git-fixes)
- arm64: errata: Expand speculative SSBS workaround (again) (git-fixes)
- arm64: errata: Expand speculative SSBS workaround (git-fixes)
- arm64: errata: Unify speculative SSBS errata logic (git-fixes). Update config files.
- arm64: jump_label: Ensure patched jump_labels are visible to all CPUs (git-fixes)
- ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1 (stable-fixes).
- ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error (stable-fixes).
- blacklist.conf: Add libata upstream revert entry (bsc#1229054)
- blacklist.conf: printk/sysctl: breaks kernel without pre-requisite patches (bsc#1229025)
- bnxt_re: Fix imm_data endianness (git-fixes)
- bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG (git-fixes)
- bpf, lpm: Fix check prefixlen before walking trie (git-fixes).
- bpf/tests: Remove duplicate JSGT tests (git-fixes).
- bpf: Add crosstask check to __bpf_get_stack (git-fixes).
- bpf: Detect IP == ksym.end as part of BPF program (git-fixes).
- bpf: Ensure proper register state printing for cond jumps (git-fixes).
- bpf: Fix a few selftest failures due to llvm18 change (git-fixes).
- bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903).
- bpf: Fix check_stack_write_fixed_off() to correctly spill imm (git-fixes).
- bpf: Fix kfunc callback register type handling (git-fixes).
- bpf: Fix prog_array_map_poke_run map poke update (git-fixes).
- bpf: Fix unnecessary -EBUSY from htab_lock_bucket (git-fixes).
- bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly (git-fixes).
- bpf: Remove unnecessary wait from bpf_map_copy_value() (git-fixes).
- bpf: Set uattr->batch.count as zero before batched update or deletion (git-fixes).
- bpf: do not infer PTR_TO_CTX for programs with unnamed context type (git-fixes).
- bpf: enforce precision of R0 on callback return (git-fixes).
- bpf: extract bpf_ctx_convert_map logic and make it more reusable (git-fixes).
- bpf: fix control-flow graph checking in privileged mode (git-fixes).
- bpf: handle bpf_user_pt_regs_t typedef explicitly for PTR_TO_CTX global arg (git-fixes).
- bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes() (git-fixes).
- bpf: kprobe: remove unused declaring of bpf_kprobe_override (git-fixes).
- bpf: simplify btf_get_prog_ctx_type() into btf_is_prog_ctx_type() (git-fixes).
- bpftool: Align output skeleton ELF code (git-fixes).
- bpftool: Fix -Wcast-qual warning (git-fixes).
- bpftool: Silence build warning about calloc() (git-fixes).
- bpftool: mark orphaned programs during prog show (git-fixes).
- btrfs: add a btrfs_finish_ordered_extent helper (git-fixes).
- btrfs: add a is_data_bbio helper (git-fixes).
- btrfs: add an ordered_extent pointer to struct btrfs_bio (git-fixes).
- btrfs: copy dir permission and time when creating a stub subvolume (bsc#1228321).
- btrfs: ensure fast fsync waits for ordered extents after a write failure (git-fixes).
- btrfs: factor out a btrfs_queue_ordered_fn helper (git-fixes).
- btrfs: factor out a can_finish_ordered_extent helper (git-fixes).
- btrfs: fix corruption after buffer fault in during direct IO append write (git-fixes).
- btrfs: fix double inode unlock for direct IO sync writes (git-fixes).
- btrfs: fix extent map use-after-free when adding pages to compressed bio (git-fixes).
- btrfs: fix leak of qgroup extent records after transaction abort (git-fixes).
- btrfs: fix ordered extent split error handling in btrfs_dio_submit_io (git-fixes).
- btrfs: limit write bios to a single ordered extent (git-fixes).
- btrfs: make btrfs_finish_ordered_extent() return void (git-fixes).
- btrfs: merge the two calls to btrfs_add_ordered_extent in run_delalloc_nocow (git-fixes).
- btrfs: open code btrfs_bio_end_io in btrfs_dio_submit_io (git-fixes).
- btrfs: open code end_extent_writepage in end_bio_extent_writepage (git-fixes).
- btrfs: pass a btrfs_inode to btrfs_fdatawrite_range() (git-fixes).
- btrfs: pass a btrfs_inode to btrfs_wait_ordered_range() (git-fixes).
- btrfs: pass an ordered_extent to btrfs_reloc_clone_csums (git-fixes).
- btrfs: pass an ordered_extent to btrfs_submit_compressed_write (git-fixes).
- btrfs: remove btrfs_add_ordered_extent (git-fixes).
- btrfs: rename err to ret in btrfs_direct_write() (git-fixes).
- btrfs: uninline some static inline helpers from tree-log.h (git-fixes).
- btrfs: use a btrfs_inode in the log context (struct btrfs_log_ctx) (git-fixes).
- btrfs: use a btrfs_inode local variable at btrfs_sync_file() (git-fixes).
- btrfs: use bbio->ordered in btrfs_csum_one_bio (git-fixes).
- btrfs: use btrfs_finish_ordered_extent to complete buffered writes (git-fixes).
- btrfs: use btrfs_finish_ordered_extent to complete compressed writes (git-fixes).
- btrfs: use btrfs_finish_ordered_extent to complete direct writes (git-fixes).
- btrfs: use irq safe locking when running and adding delayed iputs (git-fixes).
- cachefiles, erofs: Fix NULL deref in when cachefiles is not doing ondemand-mode (bsc#1229245).
- cachefiles: add missing lock protection when polling (bsc#1229256).
- cachefiles: add restore command to recover inflight ondemand read requests (bsc#1229244).
- cachefiles: add spin_lock for cachefiles_ondemand_info (bsc#1229249).
- cachefiles: cancel all requests for the object that is being dropped (bsc#1229255).
- cachefiles: defer exposing anon_fd until after copy_to_user() succeeds (bsc#1229251).
- cachefiles: extract ondemand info field from cachefiles_object (bsc#1229240).
- cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() (bsc#1229247).
- cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() (bsc#1229246).
- cachefiles: introduce object ondemand state (bsc#1229239).
- cachefiles: make on-demand read killable (bsc#1229252).
- cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode (bsc#1229243).
- cachefiles: never get a new anonymous fd if ondemand_id is valid (bsc#1229250).
- cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229253).
- cachefiles: remove err_put_fd label in cachefiles_ondemand_daemon_read() (bsc#1229248).
- cachefiles: resend an open request if the read request's object is closed (bsc#1229241).
- cachefiles: stop sending new request when dropping object (bsc#1229254).
- can: mcp251xfd: tef: prepare to workaround broken TEF FIFO tail index erratum (stable-fixes).
- can: mcp251xfd: tef: update workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes).
- ceph: periodically flush the cap releases (bsc#1230056).
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- char: xillybus: Check USB endpoints when probing device (git-fixes).
- char: xillybus: Do not destroy workqueue from work item running on it (stable-fixes).
- char: xillybus: Refine workqueue handling (git-fixes).
- check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN Mainline commit f2f6a8e88717 ("init/Kconfig: remove CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND") replaced GCC_ASM_GOTO_OUTPUT_WORKAROUND with GCC_ASM_GOTO_OUTPUT_BROKEN. Ignore both when checking config changes.
- clk: en7523: fix rate divider for slic and spi clocks (git-fixes).
- clk: qcom: Park shared RCGs upon registration (git-fixes).
- clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs (git-fixes).
- clk: qcom: gcc-sa8775p: Update the GDSC wait_val fields and flags (git-fixes).
- clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock (git-fixes).
- clk: qcom: gpucc-sa8775p: Park RCG's clk source at XO during disable (git-fixes).
- clk: qcom: gpucc-sa8775p: Remove the CLK_IS_CRITICAL and ALWAYS_ON flags (git-fixes).
- clk: qcom: gpucc-sa8775p: Update wait_val fields for GPU GDSC's (git-fixes).
- clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable (git-fixes).
- clk: qcom: kpss-xcc: Return of_clk_add_hw_provider to transfer the error (git-fixes).
- clk: visconti: Add bounds-checking coverage for struct visconti_pll_provider (stable-fixes).
- clocksource/drivers/sh_cmt: Address race condition for clock events (stable-fixes).
- config.sh: generate and install compile_commands.json (bsc#1228971) This file contains the command line options used to compile every C file. It's useful for the livepatching team.
- cpu/SMT: Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- cxl/region: Move cxl_dpa_to_region() work to the region driver (bsc#1228472)
- dev/parport: fix the array out-of-bounds risk (stable-fixes).
- device property: Add cleanup.h based fwnode_handle_put() scope based cleanup (stable-fixes).
- dmaengine: dw: Add memory bus width verification (git-fixes).
- dmaengine: dw: Add peripheral bus width verification (git-fixes).
- docs: KVM: Fix register ID of SPSR_FIQ (git-fixes).
- driver core: Fix uevent_show() vs driver detach race (git-fixes).
- drm/admgpu: fix dereferencing null pointer context (stable-fixes).
- drm/amd/display: Add delay to improve LTTPR UHBR interop (stable-fixes).
- drm/amd/display: Add null checker before passing variables (stable-fixes).
- drm/amd/display: Adjust cursor position (git-fixes).
- drm/amd/display: Check for NULL pointer (stable-fixes).
- drm/amd/display: Skip Recompute DSC Params if no Stream on Link (stable-fixes).
- drm/amd/display: avoid using null object of framebuffer (git-fixes).
- drm/amd/display: fix cursor offset on rotation 180 (git-fixes).
- drm/amd/display: fix s2idle entry for DCN3.5+ (stable-fixes).
- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (stable-fixes).
- drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes).
- drm/amdgpu/jpeg4: properly set atomics vmid field (stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference for smu7 (stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes).
- drm/amdgpu/pm: Fix the param type of set_power_profile_mode (stable-fixes).
- drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (stable-fixes).
- drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1 (git-fixes).
- drm/amdgpu: Actually check flags for all context ops (stable-fixes).
- drm/amdgpu: Add lock around VF RLCG interface (stable-fixes).
- drm/amdgpu: Fix the null pointer dereference to ras_manager (stable-fixes).
- drm/amdgpu: Forward soft recovery errors to userspace (stable-fixes).
- drm/amdgpu: Validate TA binary size (stable-fixes).
- drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes).
- drm/amdgpu: fix potential resource leak warning (stable-fixes).
- drm/amdgpu: reset vm state machine after gpu reset(vram lost) (stable-fixes).
- drm/bridge: analogix_dp: properly handle zero sized AUX transactions (stable-fixes).
- drm/client: fix null pointer dereference in drm_client_modeset_probe (git-fixes).
- drm/dp_mst: Skip CSN if topology probing is not done yet (stable-fixes).
- drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes).
- drm/i915/dsi: Make Lenovo Yoga Tab 3 X90F DMI match less strict (git-fixes).
- drm/i915/gem: Adjust vma offset for framebuffer mmap offset (stable-fixes).
- drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (git-fixes).
- drm/i915/hdcp: Fix HDCP2_STREAM_STATUS macro (git-fixes).
- drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll() (git-fixes).
- drm/lima: set gp bus_stop bit before hard reset (stable-fixes).
- drm/mediatek/dp: Fix spurious kfree() (git-fixes).
- drm/msm/dp: fix the max supported bpp logic (git-fixes).
- drm/msm/dp: reset the link phy params before link training (git-fixes).
- drm/msm/dpu: capture snapshot on the first commit_done timeout (stable-fixes).
- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (git-fixes).
- drm/msm/dpu: do not play tricks with debug macros (git-fixes).
- drm/msm/dpu: drop MSM_ENC_VBLANK support (stable-fixes).
- drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable() (git-fixes).
- drm/msm/dpu: split dpu_encoder_wait_for_event into two functions (stable-fixes).
- drm/msm/dpu: take plane rotation into account for wide planes (git-fixes).
- drm/msm/dpu: try multirect based on mdp clock limits (stable-fixes).
- drm/msm/dpu: use drmm-managed allocation for dpu_encoder_phys (stable-fixes).
- drm/msm/mdss: Rename path references to mdp_path (stable-fixes).
- drm/msm/mdss: switch mdss to use devm_of_icc_get() (stable-fixes).
- drm/msm: Reduce fallout of fence signaling vs reclaim hangs (stable-fixes).
- drm/nouveau: prime: fix refcount underflow (git-fixes).
- drm/panel: nt36523: Set 120Hz fps for xiaomi,elish panels (stable-fixes).
- drm/radeon/evergreen_cs: Clean up errors in evergreen_cs.c (bsc#1229024).
- drm/radeon: Remove __counted_by from StateArray.states[] (git-fixes).
- drm/rockchip: vop2: clear afbc en and transform bit for cluster window at linear mode (stable-fixes).
- drm/virtio: Fix type of dma-fence context variable (git-fixes).
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes).
- drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes).
- drm/vmwgfx: Fix prime with external buffers (git-fixes).
- efi/libstub: Zero initialize heap allocated struct screen_info (git-fixes).
- evm: do not copy up 'security.evm' xattr (git-fixes).
- firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid (stable-fixes).
- fs/netfs/fscache_cookie: add missing "n_accesses" check (bsc#1229455).
- fuse: Initialize beyond-EOF page contents before setting uptodate (bsc#1229456).
- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (git-fixes).
- genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (git-fixes).
- genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (git-fixes).
- gfs2: setattr_chown: Add missing initialization (git-fixes).
- gpio: mlxbf3: Support shutdown() function (git-fixes).
- gpio: prevent potential speculation leaks in gpio_device_get_desc() (stable-fixes).
- gpio: sysfs: extend the critical section for unregistering sysfs devices (stable-fixes).
- gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes).
- hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes).
- hwmon: (ltc2992) Avoid division by zero (stable-fixes).
- hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() (git-fixes).
- hwmon: (pc87360) Bounds check data->innr usage (stable-fixes).
- i2c: Fix conditional for substituting empty ACPI functions (stable-fixes).
- i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes).
- i2c: qcom-geni: Add missing clk_disable_unprepare in geni_i2c_runtime_resume (git-fixes).
- i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes).
- i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes).
- i2c: riic: avoid potential division by zero (stable-fixes).
- i2c: smbus: Improve handling of stuck alerts (git-fixes).
- i2c: smbus: Send alert notifications to all devices if source not found (git-fixes).
- i2c: stm32f7: Add atomic_xfer method to driver (stable-fixes).
- i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer (stable-fixes).
- i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out (stable-fixes).
- i915/perf: Remove code to update PWR_CLK_STATE for gen12 (git-fixes).
- ice: Fix NULL pointer access, if PF does not support SRIOV_LAG (bsc#1228737).
- io_uring/advise: support 64-bit lengths (git-fixes).
- io_uring: Drop per-ctx dummy_ubuf (git-fixes).
- io_uring: Fix probe of disabled operations (git-fixes).
- io_uring: fix io_match_task must_hold (git-fixes).
- io_uring: tighten task exit cancellations (git-fixes).
- iommu/amd: Convert comma to semicolon (git-fixes).
- iommu/vt-d: Fix identity map bounds in si_domain_init() (git-fixes).
- iommufd/device: Fix hwpt at err_unresv in iommufd_device_do_replace() (git-fixes).
- ip6_tunnel: Fix broken GRO (bsc#1229444).
- ipv6: sr: fix incorrect unregister order (git-fixes).
- irqdomain: Fixed unbalanced fwnode get and put (git-fixes).
- jfs: Fix shift-out-of-bounds in dbDiscardAG (git-fixes).
- jfs: define xtree root and page independently (git-fixes).
- jfs: fix null ptr deref in dtInsertEntry (git-fixes).
- jump_label: Clarify condition in static_key_fast_inc_not_disabled() (git-fixes).
- jump_label: Fix concurrency issues in static_key_slow_dec() (git-fixes).
- jump_label: Fix the fix, brown paper bags galore (git-fixes).
- jump_label: Simplify and clarify static_key_fast_inc_cpus_locked() (git-fixes).
- kABI fix of: virtio-crypto: handle config changed by work queue (git-fixes).
- kABI workaround for sound core UMP conversion (stable-fixes).
- kabi fix for KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes).
- kabi fix for SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes).
- kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783)
- kabi/severity: add nvme common code The nvme common code is also allowed to change the data structures, there are only internal users.
- kcov: properly check for softirq context (git-fixes).
- kernel-binary: generate and install compile_commands.json (bsc#1228971)
- kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy() (bsc#1229134).
- kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files (git-fixes).
- kprobes: Fix to check symbol prefixes correctly (git-fixes).
- kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
- kvm: s390: Reject memory region operations for ucontrol VMs (git-fixes bsc#1229168).
- libbpf: Add missing LIBBPF_API annotation to libbpf_set_memlock_rlim API (git-fixes).
- libbpf: Apply map_set_def_max_entries() for inner_maps on creation (git-fixes).
- libbpf: Fix faccessat() usage on Android (git-fixes).
- libbpf: Use OPTS_SET() macro in bpf_xdp_query() (git-fixes).
- md-cluster: fix hanging issue while a new disk adding (bsc#1223395).
- md-cluster: fix hanging issue while a new disk adding (bsc#1223395).
- md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395).
- md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395).
- md-cluster: keeping kabi compatibility for upstream commit 35a0a409fa26 (bsc#1223395).
- md/md-bitmap: fix writing non bitmap pages (git-fixes).
- md/raid1: set max_sectors during early return from choose_slow_rdev() (git-fixes).
- md/raid1: support read error check (git-fixes).
- md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (git-fixes).
- md/raid5: fix spares errors about rcu usage (git-fixes).
- md/raid5: recheck if reshape has finished with device_lock held (git-fixes).
- md: Do not wait for MD_RECOVERY_NEEDED for HOT_REMOVE_DISK ioctl (git-fixes).
- md: add a mddev_add_trace_msg helper (git-fixes).
- md: add check for sleepers in md_wakeup_thread() (git-fixes).
- md: change the return value type of md_write_start to void (git-fixes).
- md: do not account sync_io if iostats of the disk is disabled (git-fixes).
- md: do not delete safemode_timer in mddev_suspend (git-fixes).
- md: factor out a helper exceed_read_errors() to check read_errors (git-fixes).
- md: fix a suspicious RCU usage warning (git-fixes).
- media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()" (git-fixes).
- media: amphion: Remove lock in s_ctrl callback (stable-fixes).
- media: drivers/media/dvb-core: copy user arrays safely (stable-fixes).
- media: pci: cx23885: check cx23885_vdev_init() return (stable-fixes).
- media: uvcvideo: Add quirk for invalid dev_sof in Logitech C920 (git-fixes).
- media: uvcvideo: Disable autosuspend for Insta360 Link (stable-fixes).
- media: uvcvideo: Fix the bandwdith quirk on USB 3.x (stable-fixes).
- media: uvcvideo: Ignore empty TS packets (stable-fixes).
- media: uvcvideo: Quirk for invalid dev_sof in Logitech C922 (stable-fixes).
- media: xc2028: avoid use-after-free in load_firmware_cb() (stable-fixes).
- memcg: protect concurrent access to mem_cgroup_idr (git-fixes).
- memory: stm32-fmc2-ebi: check regmap_read return value (stable-fixes).
- memory: tegra: Skip SID programming if SID registers are not set (stable-fixes).
- minmax: add a few more MIN_T/MAX_T users (bsc#1229024).
- minmax: avoid overly complicated constant expressions in VM code (bsc#1229024).
- minmax: do not use max() in situations that want a C constant expression (bsc#1229024).
- minmax: fix up min3() and max3() too (bsc#1229024).
- minmax: improve macro expansion and type checking (bsc#1229024).
- minmax: make generic MIN() and MAX() macros available everywhere (bsc#1229024).
- minmax: simplify and clarify min_t()/max_t() implementation (bsc#1229024).
- minmax: simplify min()/max()/clamp() implementation (bsc#1229024).
- mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes).
- mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).
- mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes).
- mmc: mmc_test: Fix NULL dereference on allocation failure (git-fixes).
- mmc: mtk-sd: receive cmd8 data when hs400 tuning fail (git-fixes).
- net/iucv: fix the allocation size of iucv_path_table array (git-fixes bsc#1229451).
- net/iucv: fix use after free in iucv_sock_close() (bsc#1228973).
- net/rds: fix possible cp null dereference (git-fixes).
- net/sched: initialize noop_qdisc owner (git-fixes).
- net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes).
- net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() (git-fixes).
- net: fix sk_memory_allocated_{add|sub} vs softirqs (bsc#1228757).
- net: mana: Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530).
- net: mana: Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086).
- net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154).
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).
- net: missing check virtio (git-fixes).
- net: phy: micrel: Fix the KSZ9131 MDI-X status issue (git-fixes).
- net: phy: realtek: add support for RTL8366S Gigabit PHY (git-fixes).
- net: usb: qmi_wwan: fix memory leak for not ip packets (git-fixes).
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes).
- netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462).
- nfc: pn533: Add poll mod list filling check (git-fixes).
- nfs: do not invalidate dentries on transient errors (git-fixes).
- nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes).
- nfs: make the rpc_stat per net namespace (git-fixes).
- nfs: pass explicit offset/count to trace events (git-fixes).
- nfs: propagate readlink errors in nfs_symlink_filler (git-fixes).
- nouveau/firmware: use dma non-coherent allocator (git-fixes).
- nvme-multipath: find NUMA path only for online numa-node (git-fixes).
- nvme-multipath: implement "queue-depth" iopolicy (bsc#1227706).
- nvme-multipath: prepare for "queue-depth" iopolicy (bsc#1227706).
- nvme-pci: Fix the instructions for disabling power management (git-fixes).
- nvme-pci: add missing condition check for existence of mapped data (git-fixes).
- nvme-pci: do not directly handle subsys reset fallout (bsc#1220066).
- nvme-sysfs: add 'tls_configured_key' sysfs attribute (bsc#1221857).
- nvme-sysfs: add 'tls_keyring' attribute (bsc#1221857).
- nvme-tcp: check for invalidated or revoked key (bsc#1221857).
- nvme-tcp: sanitize TLS key handling (bsc#1221857).
- nvme: add a newline to the 'tls_key' sysfs attribute (bsc#1221857).
- nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes).
- nvme: avoid double free special payload (git-fixes).
- nvme: fix NVME_NS_DEAC may incorrectly identifying the disk as EXT_LBA (git-fixes).
- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
- nvme: split off TLS sysfs attributes into a separate group (bsc#1221857).
- nvme: tcp: remove unnecessary goto statement (bsc#1221857).
- nvme_core: scan namespaces asynchronously (bsc#1224105).
- nvmet-auth: fix nvmet_auth hash error handling (git-fixes).
- nvmet: always initialize cqe.result (git-fixes).
- nvmet: do not return 'reserved' for empty TSAS values (git-fixes).
- nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes).
- nvmet: make 'tsas' attribute idempotent for RDMA (git-fixes).
- ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410).
- padata: Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes).
- perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes).
- pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE (git-fixes).
- pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins (git-fixes).
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes).
- pinctrl: starfive: jh7110: Correct the level trigger configuration of iev register (git-fixes).
- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes).
- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes).
- platform/surface: aggregator: Fix warning when controller is destroyed in probe (git-fixes).
- platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779).
- platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779).
- platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779).
- platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779).
- platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779).
- platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779).
- platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779).
- platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779).
- platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779).
- platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779).
- platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779).
- platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779).
- platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779).
- platform/x86/intel/ifs: Initialize union ifs_status to zero (git-fixes).
- platform/x86: lg-laptop: fix %s null argument warning (stable-fixes).
- power: supply: axp288_charger: Fix constant_charge_voltage writes (git-fixes).
- power: supply: axp288_charger: Round constant_charge_voltage writes down (git-fixes).
- power: supply: qcom_battmgr: return EAGAIN when firmware service is not up (git-fixes).
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869).
- powerpc/io: Avoid clang null pointer arithmetic warnings (bsc#1194869).
- powerpc/kexec: make the update_cpus_node() function public (bsc#1194869).
- powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869).
- powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869).
- powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869).
- powerpc/pseries: Whitelist dtl slub object for copying to userspace (bsc#1194869).
- powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869).
- powerpc/topology: Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" (bsc#1194869).
- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869).
- powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869).
- printk/panic: Allow cpu backtraces to be written into ringbuffer during panic (bsc#1225607).
- reiserfs: fix uninit-value in comp_keys (git-fixes).
- rtc: nct3018y: fix possible NULL dereference (stable-fixes).
- s390/cpum_cf: Fix endless loop in CF_DIAG event stop (git-fixes bsc#1229171).
- s390/dasd: fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229173).
- s390/dasd: fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229452).
- s390/pci: Add missing virt_to_phys() for directed DIBV (git-fixes bsc#1229174).
- s390/pci: Allow allocation of more than 1 MSI interrupt (git-fixes bsc#1229172).
- s390/pci: Refactor arch_setup_msi_irqs() (git-fixes bsc#1229172).
- s390/pkey: harmonize pkey s390 debug feature calls (bsc#1228720).
- s390/pkey: introduce dynamic debugging for pkey (bsc#1228720).
- s390/sclp: Prevent release of buffer in I/O (git-fixes bsc#1229169).
- s390/uv: Panic for set and remove shared access UVC errors (git-fixes bsc#1229170).
- samples/bpf: syscall_tp_user: Fix array out-of-bound access (git-fixes).
- samples/bpf: syscall_tp_user: Rename num_progs into nr_tests (git-fixes).
- sbitmap: use READ_ONCE to access map->word (stable-fixes).
- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857).
- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857).
- scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857).
- scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857).
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857).
- scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857).
- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857).
- scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857).
- scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850).
- scsi: qla2xxx: Complete command early within lock (bsc#1228850).
- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
- scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850).
- scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850).
- scsi: qla2xxx: Fix flash read failure (bsc#1228850).
- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
- scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850).
- scsi: qla2xxx: Indent help text (bsc#1228850).
- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
- scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850).
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850).
- scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850).
- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
- selftest/bpf: Add map_in_maps with BPF_MAP_TYPE_PERF_EVENT_ARRAY values (git-fixes).
- selftests/bpf: Add a test to verify previous stacksafe() fix (bsc#1225903).
- selftests/bpf: Add assert for user stacks in test_task_stack (git-fixes).
- selftests/bpf: Add netkit to tc_redirect selftest (git-fixes).
- selftests/bpf: De-veth-ize the tc_redirect test case (git-fixes).
- selftests/bpf: Disable IPv6 for lwt_redirect test (git-fixes).
- selftests/bpf: Fix erroneous bitmask operation (git-fixes).
- selftests/bpf: Fix issues in setup_classid_environment() (git-fixes).
- selftests/bpf: Fix potential premature unload in bpf_testmod (git-fixes).
- selftests/bpf: Fix pyperf180 compilation failure with clang18 (git-fixes).
- selftests/bpf: Fix the flaky tc_redirect_dtime test (git-fixes).
- selftests/bpf: Fix up xdp bonding test wrt feature flags (git-fixes).
- selftests/bpf: Make linked_list failure test more robust (git-fixes).
- selftests/bpf: Relax time_tai test for equal timestamps in tai_forward (git-fixes).
- selftests/bpf: Skip module_fentry_shadow test when bpf_testmod is not available (git-fixes).
- selftests/bpf: Wait for the netstamp_needed_key static key to be turned on (git-fixes).
- selftests/bpf: fix RELEASE=1 build for tc_opts (git-fixes).
- selftests/bpf: fix bpf_loop_bench for new callback verification scheme (git-fixes).
- selftests/bpf: fix compiler warnings in RELEASE=1 mode (git-fixes).
- selftests/bpf: satisfy compiler by having explicit return in btf test (git-fixes).
- serial: core: check uartclk for zero to avoid divide by zero (stable-fixes).
- soc: qcom: cmd-db: Map shared memory as WC, not WB (git-fixes).
- soc: qcom: pmic_glink: Actually communicate when remote goes down (git-fixes).
- soundwire: stream: fix programming slave ports for non-continous port maps (git-fixes).
- spi: Add empty versions of ACPI functions (stable-fixes).
- spi: microchip-core: fix init function not setting the master and motorola modes (git-fixes).
- spi: microchip-core: switch to use modern name (stable-fixes).
- spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes).
- spi: spidev: Add missing spi_device_id for bh2228fv (git-fixes).
- squashfs: squashfs_read_data need to check if the length is 0 (git-fixes).
- ssb: Fix division by zero issue in ssb_calc_clock_rate (stable-fixes).
- staging: iio: resolver: ad2s1210: fix use before initialization (stable-fixes).
- staging: ks7010: disable bh on tx_dev_lock (stable-fixes).
- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228849).
- sunrpc: add a struct rpc_stats arg to rpc_create_args (git-fixes).
- swiotlb: do not set total_used to 0 in swiotlb_create_debugfs_files() (git-fixes).
- swiotlb: fix swiotlb_bounce() to do partial sync's correctly (git-fixes).
- syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes).
- thermal/drivers/broadcom: Fix race between removal and clock disable (git-fixes).
- thermal: bcm2835: Convert to platform remove callback returning void (stable-fixes).
- thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes).
- tools/perf: Fix perf bench epoll to enable the run when some CPU's are offline (bsc#1227747).
- tools/perf: Fix perf bench futex to enable the run when some CPU's are offline (bsc#1227747).
- tools/perf: Fix timing issue with parallel threads in perf bench wake-up-parallel (bsc#1227747).
- tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids (git-fixes).
- tools/resolve_btfids: Fix cross-compilation to non-host endianness (git-fixes).
- tools/resolve_btfids: Refactor set sorting with types from btf_ids.h (git-fixes).
- tools/resolve_btfids: fix build with musl libc (git-fixes).
- trace/pid_list: Change gfp flags in pid_list_fill_irq() (git-fixes).
- tracing: Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes).
- tty: atmel_serial: use the correct RTS flag (git-fixes).
- tty: serial: fsl_lpuart: mark last busy before uart_add_one_port (git-fixes).
- usb: cdnsp: fix for Link TRB with TC (git-fixes).
- usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function (git-fixes).
- usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (git-fixes).
- usb: dwc3: core: Skip setting event buffers for host only controllers (stable-fixes).
- usb: dwc3: omap: add missing depopulate in probe error path (git-fixes).
- usb: dwc3: st: add missing depopulate in probe error path (git-fixes).
- usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes).
- usb: gadget: core: Check for unset descriptor (git-fixes).
- usb: gadget: fsl: Increase size of name buffer for endpoints (stable-fixes).
- usb: gadget: u_audio: Check return codes from usb_ep_enable and config_ep_by_speed (git-fixes).
- usb: gadget: u_serial: Set start_delayed during suspend (git-fixes).
- usb: gadget: uvc: cleanup request when not in correct state (stable-fixes).
- usb: typec: fsa4480: Add support to swap SBU orientation (git-fixes).
- usb: typec: fsa4480: Check if the chip is really there (git-fixes).
- usb: typec: fsa4480: Relax CHIP_ID check (git-fixes).
- usb: typec: fsa4480: add support for Audio Accessory Mode (git-fixes).
- usb: typec: fsa4480: rework mux & switch setup to handle more states (git-fixes).
- usb: vhci-hcd: Do not drop references before new references are gained (stable-fixes).
- vfio/pci: fix potential memory leak in vfio_intx_enable() (git-fixes).
- vhost-scsi: Handle vhost_vq_work_queue failures for events (git-fixes).
- vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes).
- vhost/vsock: always initialize seqpacket_allow (git-fixes).
- vhost: Release worker mutex during flushes (git-fixes).
- vhost: Use virtqueue mutex for swapping worker (git-fixes).
- virt: guest_memfd: fix reference leak on hwpoisoned page (git-fixes).
- virtio-crypto: handle config changed by work queue (git-fixes).
- virtio: reenable config if freezing device failed (git-fixes).
- virtio_net: use u64_stats_t infra to avoid data-races (git-fixes).
- virtiofs: forbid newlines in tags (bsc#1229940).
- wifi: ath12k: fix memory leak in ath12k_dp_rx_peer_frag_setup() (stable-fixes).
- wifi: ath12k: fix soft lockup on suspend (git-fixes).
- wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion (git-fixes).
- wifi: cfg80211: fix reporting failed MLO links status with cfg80211_connect_done (git-fixes).
- wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes).
- wifi: mac80211: use monitor sdata with driver only if desired (git-fixes).
- wifi: mwifiex: duplicate static structs used in driver instances (git-fixes).
- wifi: nl80211: disallow setting special AP channel widths (stable-fixes).
- wifi: nl80211: do not give key data to userspace (stable-fixes).
- wifi: rtw88: usb: Fix disconnection after beacon loss (stable-fixes).
- wifi: wfx: repair open network AP mode (git-fixes).
- workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).
- workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454).
- x86/asm: Use %c/%n instead of %P operand modifier in asm templates (git-fixes).
- x86/entry/64: Remove obsolete comment on tracing vs. SYSRET (git-fixes).
- x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes).
- x86/mm: Fix pti_clone_pgtable() alignment assumption (git-fixes).
- x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes).
- x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks() (git-fixes).
- x86/numa: Fix the address overlap check in numa_fill_memblks() (git-fixes).
- x86/numa: Fix the sort compare func used in numa_fill_memblks() (git-fixes).
- x86/numa: Introduce numa_fill_memblks() (git-fixes).
- x86/pci: Skip early E820 check for ECAM region (git-fixes).
- x86/xen: Convert comma to semicolon (git-fixes).
- xfs: Fix missing interval for missing_owner in xfs fsmap (git-fixes).
- xfs: Fix the owner setting issue for rmap query in xfs fsmap (git-fixes).
- xfs: allow cross-linking special files without project quota (git-fixes).
- xfs: allow symlinks with short remote targets (bsc#1229160).
- xfs: allow unlinked symlinks and dirs with zero size (git-fixes).
- xfs: attr forks require attr, not attr2 (git-fixes).
- xfs: convert comma to semicolon (git-fixes).
- xfs: do not use current->journal_info (git-fixes).
- xfs: fix unlink vs cluster buffer instantiation race (git-fixes).
- xfs: honor init_xattrs in xfs_init_new_inode for !ATTR fs (git-fixes).
- xfs: journal geometry is not properly bounds checked (git-fixes).
- xfs: match lock mode in xfs_buffered_write_iomap_begin() (git-fixes).
- xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery (git-fixes).
- xfs: upgrade the extent counters in xfs_reflink_end_cow_extent later (git-fixes).
- xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes).
- xfs: use consistent uid/gid when grabbing dquots for inodes (git-fixes).
- xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes).
- xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes).
Patchnames
SUSE-SLE-Micro-6.0-63
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise Micro 6.0 RT kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section-\u003eusage (bsc#1221326).\n- CVE-2023-52581: netfilter: nf_tables: fix memleak when more than 255 elements expired (bsc#1220877).\n- CVE-2023-52859: perf: hisi: Fix use-after-free when register pmu fails (bsc#1225582).\n- CVE-2023-52889: apparmor: Fix null pointer deref when receiving skb during sock creation (bsc#1229287).\n- CVE-2024-26590: erofs: fix inconsistent per-file compression format (bsc#1220252).\n- CVE-2024-26631: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).\n- CVE-2024-26668: netfilter: nft_limit: reject configurations that cause integer overflow (bsc#1222335).\n- CVE-2024-26669: kABI fix for net/sched: flower: Fix chain template offload (bsc#1222350).\n- CVE-2024-26677: Blacklist e7870cf13d20 (\" Fix delayed ACKs to not set the reference serial number\") (bsc#1222387)\n- CVE-2024-26735: ipv6: sr: fix possible use-after-free and null-ptr-deref (bsc#1222372).\n- CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).\n- CVE-2024-26809: netfilter: nft_set_pipapo: release elements in clone only from destroy path (bsc#1222633).\n- CVE-2024-26812: kABI: vfio: struct virqfd kABI workaround (bsc#1222808).\n- CVE-2024-26835: netfilter: nf_tables: set dormant flag on hook register failure (bsc#1222967).\n- CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973).\n- CVE-2024-26851: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (bsc#1223074)\n- CVE-2024-27010: net/sched: Fix mirred deadlock on device recursion (bsc#1223720).\n- CVE-2024-27011: netfilter: nf_tables: fix memleak in map from abort path (bsc#1223803).\n- CVE-2024-27024: net/rds: fix WARNING in rds_conn_connect_if_down (bsc#1223777).\n- CVE-2024-27079: iommu/vt-d: Fix NULL domain on device release (bsc#1223742).\n- CVE-2024-27403: kabi: restore const specifier in flow_offload_route_init() (bsc#1224415).\n- CVE-2024-27433: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() (bsc#1224711).\n- CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625).\n- CVE-2024-35897: netfilter: nf_tables: discard table flag update with pending basechain deletion (bsc#1224510).\n- CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535).\n- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).\n- CVE-2024-36286: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)\n- CVE-2024-36489: tls: fix missing memory barrier in tls_init (bsc#1226874)\n- CVE-2024-36881: mm/userfaultfd: Fix reset ptes when close() for wr-protected (bsc#1225718).\n- CVE-2024-36929: net: core: reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).\n- CVE-2024-36933: net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).\n- CVE-2024-36979: net: bridge: mst: fix vlan use-after-free (bsc#1226604).\n- CVE-2024-38662: selftests/bpf: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).\n- CVE-2024-39489: ipv6: sr: fix memleak in seg6_hmac_init_algo (bsc#1227623)\n- CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729).\n- CVE-2024-40905: ipv6: fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)\n- CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798).\n- CVE-2024-40920: net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (bsc#1227781).\n- CVE-2024-40921: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (bsc#1227784).\n- CVE-2024-40938: landlock: fix d_parent walk (bsc#1227840).\n- CVE-2024-40939: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail (bsc#1227799).\n- CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)\n- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).\n- CVE-2024-40957: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (bsc#1227811).\n- CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812).\n- CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884).\n- CVE-2024-40978: scsi: qedi: Fix crash while reading debugfs attribute (bsc#1227929).\n- CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).\n- CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).\n- CVE-2024-40995: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).\n- CVE-2024-41000: block/ioctl: prefer different overflow check (bsc#1227867).\n- CVE-2024-41007: tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).\n- CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020).\n- CVE-2024-41010: bpf: Fix too early release of tcx_entry (bsc#1228021).\n- CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).\n- CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409).\n- CVE-2024-41020: filelock: Fix fcntl/close race recovery compat path (bsc#1228427).\n- CVE-2024-41032: mm: vmalloc: check if a hash-index is in cpu_possible_mask (bsc#1228460).\n- CVE-2024-41036: net: ks8851: Fix deadlock with the SPI chip variant (bsc#1228496).\n- CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518).\n- CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520).\n- CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530).\n- CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565).\n- CVE-2024-41050: cachefiles: cyclic allocation of msg_id to avoid reuse (bsc#1228499).\n- CVE-2024-41051: cachefiles: wait for ondemand_object_worker to finish when dropping object (bsc#1228468).\n- CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462).\n- CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459).\n- CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576).\n- CVE-2024-41064: powerpc/eeh: avoid possible crash when edev-\u003epdev changes (bsc#1228599).\n- CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640).\n- CVE-2024-41068: s390/sclp: Fix sclp_init() cleanup on failure (bsc#1228579).\n- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).\n- CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581).\n- CVE-2024-41074: cachefiles: Set object to close if ondemand_id \u003c 0 in copen (bsc#1228643).\n- CVE-2024-41075: cachefiles: add consistency check for copen/cread (bsc#1228646).\n- CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649).\n- CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655).\n- CVE-2024-41080: io_uring: fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).\n- CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617).\n- CVE-2024-41084: cxl/region: Avoid null pointer dereference in region lookup (bsc#1228472).\n- CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470).\n- CVE-2024-42073: mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems (bsc#1228457).\n- CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672).\n- CVE-2024-42082: xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).\n- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).\n- CVE-2024-42095: serial: 8250_omap: Fix Errata i2310 with RX FIFO level check (bsc#1228446).\n- CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633).\n- CVE-2024-42106: inet_diag: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).\n- CVE-2024-42107: ice: Do not process extts if PTP is disabled (bsc#1228494).\n- CVE-2024-42109: netfilter: nf_tables: unconditionally flush pending work before notifier (bsc#1228505).\n- CVE-2024-42110: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).\n- CVE-2024-42113: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts (bsc#1228568).\n- CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591).\n- CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705).\n- CVE-2024-42138: mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file (bsc#1228500).\n- CVE-2024-42139: ice: Fix improper extts handling (bsc#1228503).\n- CVE-2024-42142: net/mlx5: E-switch, Create ingress ACL when needed (bsc#1228491).\n- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743).\n- CVE-2024-42148: bnx2x: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).\n- CVE-2024-42155: s390/pkey: Wipe copies of protected- and secure-keys (bsc#1228733).\n- CVE-2024-42156: s390/pkey: Wipe copies of clear-key structures on failure (bsc#1228722).\n- CVE-2024-42157: s390/pkey: Wipe sensitive data on failure (bsc#1228727).\n- CVE-2024-42158: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).\n- CVE-2024-42159: scsi: mpi3mr: fix sanitise num_phys (bsc#1228754).\n- CVE-2024-42161: bpf: avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756).\n- CVE-2024-42162: gve: Account for stopped queues when reading NIC stats (bsc#1228706).\n- CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723).\n- CVE-2024-42241: mm/shmem: disable PMD-sized page cache if needed (bsc#1228986).\n- CVE-2024-42245: Revert \"sched/fair: Make sure to try to detach at least one movable task\" (bsc#1228978).\n- CVE-2024-42246: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).\n- CVE-2024-42247: wireguard: allowedips: avoid unaligned 64-bit memory accesses (bsc#1228988).\n- CVE-2024-42268: net/mlx5: Fix missing lock on sync reset reload (bsc#1229391).\n- CVE-2024-42269: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init() (bsc#1229402).\n- CVE-2024-42270: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init() (bsc#1229404).\n- CVE-2024-42277: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).\n- CVE-2024-42281: bpf: Fix a segment issue when downgrading gso_size (bsc#1229386).\n- CVE-2024-42283: net: nexthop: Initialize all fields in dumped nexthops (bsc#1229383)\n- CVE-2024-42284: tipc: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)\n- CVE-2024-42290: irqchip/imx-irqsteer: Handle runtime power management correctly (bsc#1229379).\n- CVE-2024-42291: ice: Add a per-VF limit on number of FDIR filters (bsc#1229374).\n- CVE-2024-42295: nilfs2: handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).\n- CVE-2024-42301: dev/parport: fix the array out-of-bounds risk (bsc#1229407).\n- CVE-2024-42312: sysctl: always initialize i_uid/i_gid (bsc#1229357)\n- CVE-2024-42316: mm/mglru: fix div-by-zero in vmpressure_calc_level() (bsc#1229353).\n- CVE-2024-42318: landlock: Do not lose track of restrictions on cred_transfer (bsc#1229351).\n- CVE-2024-42322: ipvs: properly dereference pe in ip_vs_add_service (bsc#1229347)\n- CVE-2024-43821: scsi: lpfc: Fix a possible null pointer dereference (bsc#1229315).\n- CVE-2024-43831: media: mediatek: vcodec: Handle invalid decoder vsi (bsc#1229309).\n- CVE-2024-43834: xdp: fix invalid wait context of page_pool_destroy() (bsc#1229314)\n- CVE-2024-43837: bpf: Fix updating attached freplace prog in prog_array map (bsc#1229297).\n- CVE-2024-43839: bna: adjust \u0027name\u0027 buf size of bna_tcb and bna_ccb structures (bsc#1229301).\n- CVE-2024-43850: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove (bsc#1229316).\n- CVE-2024-43854: block: initialize integrity buffer to zero before writing it to media (bsc#1229345)\n- CVE-2024-43855: md: fix deadlock between mddev_suspend and flush bio (bsc#1229342).\n- CVE-2024-43864: net/mlx5e: Fix CT entry update leaks of modify header context (bsc#1229496).\n- CVE-2024-43866: net/mlx5: Always drain health in shutdown callback (bsc#1229495).\n- CVE-2024-43880: kabi: lib: objagg: Put back removed metod in struct objagg_ops (bsc#1229481).\n- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)\n- CVE-2024-43899: drm/amd/display: Fix null pointer deref in dcn20_resource.c (bsc#1229754).\n- CVE-2024-43911: wifi: mac80211: fix NULL dereference at band check in starting tx ba session (bsc#1229827).\n\nThe following non-security bugs were fixed:\n\n- ACPI/NUMA: Apply SRAT proximity domain to entire CFMWS window (git-fixes).\n- ACPI: SBS: manage alarm sysfs attribute through psy core (stable-fixes).\n- ACPI: battery: create alarm sysfs attribute atomically (stable-fixes).\n- ACPI: processor_idle: use raw_safe_halt() in acpi_idle_play_dead() (git-fixes).\n- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).\n- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).\n- ALSA: hda/realtek - FIxed ALC285 headphone no sound (stable-fixes).\n- ALSA: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes).\n- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).\n- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).\n- ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G (stable-fixes).\n- ALSA: hda/realtek: Add support for new HP G12 laptops (stable-fixes).\n- ALSA: hda/realtek: Enable mute/micmute LEDs on HP Laptop 14-ey0xxx (stable-fixes).\n- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes).\n- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book3 Ultra (stable-fixes).\n- ALSA: hda/realtek: Implement sound init sequence for Samsung Galaxy Book3 Pro 360 (stable-fixes).\n- ALSA: hda/realtek: support HP Pavilion Aero 13-bg0xxx Mute LED (stable-fixes).\n- ALSA: hda/tas2781: Use correct endian conversion (git-fixes).\n- ALSA: hda/tas2781: fix wrong calibrated data order (git-fixes).\n- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).\n- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).\n- ALSA: hda: Conditionally use snooping for AMD HDMI (git-fixes).\n- ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes).\n- ALSA: line6: Fix racy access to midibuf (stable-fixes).\n- ALSA: line6: Fix racy access to midibuf (stable-fixes).\n- ALSA: seq: Skip event type filtering for UMP events (git-fixes).\n- ALSA: seq: ump: Explicitly reset RPN with Null RPN (stable-fixes).\n- ALSA: seq: ump: Optimize conversions from SysEx to UMP (git-fixes).\n- ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes).\n- ALSA: seq: ump: Use the common RPN/bank conversion context (stable-fixes).\n- ALSA: timer: Relax start tick time check for slave timer elements (git-fixes).\n- ALSA: ump: Explicitly reset RPN with Null RPN (stable-fixes).\n- ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes).\n- ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes).\n- ALSA: usb-audio: Correct surround channels in UAC1 channel map (git-fixes).\n- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).\n- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).\n- ALSA: usb-audio: Support Yamaha P-125 quirk entry (stable-fixes).\n- ALSA: usb: Fix UBSAN warning in parse_audio_unit() (stable-fixes).\n- ASoC: SOF: Intel: hda-dsp: Make sure that no irq handler is pending before suspend (stable-fixes).\n- ASoC: SOF: Remove libraries from topology lookups (git-fixes).\n- ASoC: SOF: Remove libraries from topology lookups (git-fixes).\n- ASoC: SOF: amd: Fix for acp init sequence (git-fixes).\n- ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data (stable-fixes).\n- ASoC: SOF: mediatek: Add missing board compatible (stable-fixes).\n- ASoC: allow module autoloading for table board_ids (stable-fixes).\n- ASoC: allow module autoloading for table db1200_pids (stable-fixes).\n- ASoC: amd: acp: fix module autoloading (git-fixes).\n- ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop 16-n0xxx (bsc#1227182).\n- ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes).\n- ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes).\n- ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes).\n- ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes).\n- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes).\n- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes).\n- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).\n- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).\n- ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes).\n- ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes).\n- ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes).\n- ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes).\n- ASoC: cs35l45: Checks index of cs35l45_irqs[] (stable-fixes).\n- ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes).\n- ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes).\n- ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes).\n- ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes).\n- ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes).\n- ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes).\n- ASoC: mediatek: mt8188: Mark AFE_DAC_CON0 register as volatile (stable-fixes).\n- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes).\n- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes).\n- ASoC: nau8822: Lower debug print priority (stable-fixes).\n- ASoC: nau8822: Lower debug print priority (stable-fixes).\n- Bluetooth: Add device 13d3:3572 IMC Networks Bluetooth Radio (stable-fixes).\n- Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes).\n- Bluetooth: L2CAP: Fix deadlock (git-fixes).\n- Bluetooth: MGMT: Add error handling to pair_device() (git-fixes).\n- Bluetooth: SMP: Fix assumption of Central always being Initiator (git-fixes).\n- Bluetooth: bnep: Fix out-of-bound access (stable-fixes).\n- Bluetooth: btintel: Fail setup on error (git-fixes).\n- Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading (stable-fixes).\n- Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (stable-fixes).\n- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (stable-fixes).\n- Bluetooth: hci_conn: Check non NULL function before calling for HFP offload (stable-fixes).\n- Bluetooth: hci_core: Fix LE quote calculation (git-fixes).\n- Bluetooth: hci_core: Fix not handling hibernation actions (git-fixes).\n- Bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes).\n- Bluetooth: hci_sync: avoid dup filtering when passive scanning with adv monitor (git-fixes).\n- Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (git-fixes).\n- Drop libata patch that caused a regression (bsc#1229054)\n- Fix build errors without patches.kabi (bsc#1226502)\n- HID: wacom: Defer calculation of resolution until resolution_code is known (git-fixes).\n- Input: MT - limit max slots (stable-fixes).\n- Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (bsc#1229056).\n- Input: i8042 - add forcenorestore quirk to leave controller untouched even on s3 (stable-fixes).\n- Input: i8042 - use new forcenorestore quirk to replace old buggy quirk combination (stable-fixes).\n- KVM: Always flush async #PF workqueue when vCPU is being destroyed (git-fixes).\n- KVM: Make KVM_MEM_GUEST_MEMFD mutually exclusive with KVM_MEM_READONLY (git-fixes).\n- KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869).\n- KVM: PPC: Book3S HV: Handle pending exceptions on guest entry with MSR_EE (bsc#1215199).\n- KVM: Protect vcpu-\u003epid dereference via debugfs with RCU (git-fixes).\n- KVM: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes).\n- KVM: Stop processing *all* memslots when \"null\" mmu_notifier handler is found (git-fixes).\n- KVM: VMX: Move posted interrupt descriptor out of VMX code (git-fixes).\n- KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() (git-fixes).\n- KVM: VMX: Switch __vmx_exit() and kvm_x86_vendor_exit() in vmx_exit() (git-fixes).\n- KVM: arm64: AArch32: Fix spurious trapping of conditional instructions (git-fixes).\n- KVM: arm64: Add missing memory barriers when switching to pKVM\u0027s hyp pgd (git-fixes).\n- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes).\n- KVM: arm64: Fix AArch32 register narrowing on userspace write (git-fixes).\n- KVM: arm64: Fix __pkvm_init_switch_pgd call ABI (git-fixes).\n- KVM: arm64: Fix clobbered ELR in sync abort/SError (git-fixes)\n- KVM: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes).\n- KVM: arm64: timers: Correctly handle TGE flip with CNTPOFF_EL2 (git-fixes).\n- KVM: arm64: timers: Fix resource leaks in kvm_timer_hyp_init() (git-fixes).\n- KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes).\n- KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes).\n- KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes).\n- KVM: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes).\n- KVM: arm64: vgic: Add a non-locking primitive for kvm_vgic_vcpu_destroy() (git-fixes).\n- KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy (git-fixes).\n- KVM: arm64: vgic: Simplify kvm_vgic_destroy() (git-fixes).\n- KVM: fix kvm_mmu_memory_cache allocation warning (git-fixes).\n- KVM: nVMX: Add a helper to get highest pending from Posted Interrupt vector (git-fixes).\n- KVM: nVMX: Check for pending posted interrupts when looking for nested events (git-fixes).\n- KVM: nVMX: Request immediate exit iff pending nested event needs injection (git-fixes).\n- KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes).\n- KVM: s390: fix validity interception issue when gisa is switched off (git-fixes bsc#1229167).\n- KVM: x86/mmu: Bug the VM if KVM tries to split a !hugepage SPTE (git-fixes).\n- KVM: x86: Limit check IDs for KVM_SET_BOOT_CPU_ID (git-fixes).\n- Move upstreamed powerpc patches into sorted section\n- Move upstreamed sound patches into sorted section\n- Moved upstreamed ASoC patch into sorted section\n- NFSD: Support write delegations in LAYOUTGET (git-fixes).\n- NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).\n- PCI: Add Edimax Vendor ID to pci_ids.h (stable-fixes).\n- PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes).\n- PCI: loongson: Enable MSI in LS7A Root Complex (stable-fixes).\n- RDMA/cache: Release GID table even if leak is detected (git-fixes)\n- RDMA/device: Return error earlier if port in not valid (git-fixes)\n- RDMA/hns: Check atomic wr length (git-fixes)\n- RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes)\n- RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes)\n- RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes)\n- RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes)\n- RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes)\n- RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes)\n- RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes)\n- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes)\n- RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes).\n- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes)\n- RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes)\n- RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes)\n- RDMA/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes)\n- RDMA: Fix netdev tracker in ib_device_set_netdev (git-fixes)\n- README.BRANCH: Add Petr Tesarik as branch maintainer\n- Revert \"ALSA: firewire-lib: obsolete workqueue for period update\" (bsc#1208783).\n- Revert \"ALSA: firewire-lib: operate for period elapse event in process context\" (bsc#1208783).\n- Revert \"KVM: Prevent module exit until all VMs are freed\" (git-fixes).\n- Revert \"Revert \"md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d\"\" (git-fixes).\n- Revert \"md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d\" (git-fixes).\n- Revert \"misc: fastrpc: Restrict untrusted app to attach to privileged PD\" (git-fixes).\n- Revert \"usb: gadget: uvc: cleanup request when not in correct state\" (stable-fixes).\n- Revert \"usb: typec: tcpm: clear pd_event queue in PORT_RESET\" (git-fixes).\n- SUNRPC: Fix a race to wake a sync task (git-fixes).\n- SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes).\n- Squashfs: fix variable overflow triggered by sysbot (git-fixes).\n- USB: serial: debug: do not echo input by default (stable-fixes).\n- Update config files. Disable vdpa drivers for Alibaba ENI and SolidNET (jsc#PED-8954, bsc#1227834)\n- Update config files. Disable CONFIG_KFENCE on ppc64le (bsc#1226920)\n- Update patch refefernce for MFD patch (jsc#PED-10029)\n- Update patch reference for MD patch (jsc#PED-10029 jsc#PED-10045)\n- Update patch reference for SPI patch (jsc#PED-10105)\n- Update patch reference for iwlwifi fix (jsc#PED-10055)\n- Update patch reference of USB patch (jsc#PED-10108)\n- Update patch references for ASoC regression fixes (bsc#1229045 bsc#1229046)\n- afs: fix __afs_break_callback() / afs_drop_open_mmap() race (git-fixes).\n- apparmor: unpack transition table if dfa is not present (bsc#1226031).\n- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)\n- arm64: Add Neoverse-V2 part (git-fixes)\n- arm64: Fix KASAN random tag seed initialization (git-fixes)\n- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)\n- arm64: barrier: Restore spec_bar() macro (git-fixes)\n- arm64: cputype: Add Cortex-A720 definitions (git-fixes)\n- arm64: cputype: Add Cortex-A725 definitions (git-fixes)\n- arm64: cputype: Add Cortex-X1C definitions (git-fixes)\n- arm64: cputype: Add Cortex-X3 definitions (git-fixes)\n- arm64: cputype: Add Cortex-X4 definitions (git-fixes)\n- arm64: cputype: Add Cortex-X925 definitions (git-fixes)\n- arm64: cputype: Add Neoverse-V3 definitions (git-fixes)\n- arm64: dts: imx8mp: Add NPU Node (git-fixes)\n- arm64: dts: imx8mp: Fix pgc vpu locations (git-fixes)\n- arm64: dts: imx8mp: Fix pgc_mlmix location (git-fixes)\n- arm64: dts: imx8mp: add HDMI power-domains (git-fixes)\n- arm64: errata: Expand speculative SSBS workaround (again) (git-fixes)\n- arm64: errata: Expand speculative SSBS workaround (git-fixes)\n- arm64: errata: Unify speculative SSBS errata logic (git-fixes). Update config files.\n- arm64: jump_label: Ensure patched jump_labels are visible to all CPUs (git-fixes)\n- ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1 (stable-fixes).\n- ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error (stable-fixes).\n- blacklist.conf: Add libata upstream revert entry (bsc#1229054)\n- blacklist.conf: printk/sysctl: breaks kernel without pre-requisite patches (bsc#1229025)\n- bnxt_re: Fix imm_data endianness (git-fixes)\n- bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG (git-fixes)\n- bpf, lpm: Fix check prefixlen before walking trie (git-fixes).\n- bpf/tests: Remove duplicate JSGT tests (git-fixes).\n- bpf: Add crosstask check to __bpf_get_stack (git-fixes).\n- bpf: Detect IP == ksym.end as part of BPF program (git-fixes).\n- bpf: Ensure proper register state printing for cond jumps (git-fixes).\n- bpf: Fix a few selftest failures due to llvm18 change (git-fixes).\n- bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903).\n- bpf: Fix check_stack_write_fixed_off() to correctly spill imm (git-fixes).\n- bpf: Fix kfunc callback register type handling (git-fixes).\n- bpf: Fix prog_array_map_poke_run map poke update (git-fixes).\n- bpf: Fix unnecessary -EBUSY from htab_lock_bucket (git-fixes).\n- bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly (git-fixes).\n- bpf: Remove unnecessary wait from bpf_map_copy_value() (git-fixes).\n- bpf: Set uattr-\u003ebatch.count as zero before batched update or deletion (git-fixes).\n- bpf: do not infer PTR_TO_CTX for programs with unnamed context type (git-fixes).\n- bpf: enforce precision of R0 on callback return (git-fixes).\n- bpf: extract bpf_ctx_convert_map logic and make it more reusable (git-fixes).\n- bpf: fix control-flow graph checking in privileged mode (git-fixes).\n- bpf: handle bpf_user_pt_regs_t typedef explicitly for PTR_TO_CTX global arg (git-fixes).\n- bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes() (git-fixes).\n- bpf: kprobe: remove unused declaring of bpf_kprobe_override (git-fixes).\n- bpf: simplify btf_get_prog_ctx_type() into btf_is_prog_ctx_type() (git-fixes).\n- bpftool: Align output skeleton ELF code (git-fixes).\n- bpftool: Fix -Wcast-qual warning (git-fixes).\n- bpftool: Silence build warning about calloc() (git-fixes).\n- bpftool: mark orphaned programs during prog show (git-fixes).\n- btrfs: add a btrfs_finish_ordered_extent helper (git-fixes).\n- btrfs: add a is_data_bbio helper (git-fixes).\n- btrfs: add an ordered_extent pointer to struct btrfs_bio (git-fixes).\n- btrfs: copy dir permission and time when creating a stub subvolume (bsc#1228321).\n- btrfs: ensure fast fsync waits for ordered extents after a write failure (git-fixes).\n- btrfs: factor out a btrfs_queue_ordered_fn helper (git-fixes).\n- btrfs: factor out a can_finish_ordered_extent helper (git-fixes).\n- btrfs: fix corruption after buffer fault in during direct IO append write (git-fixes).\n- btrfs: fix double inode unlock for direct IO sync writes (git-fixes).\n- btrfs: fix extent map use-after-free when adding pages to compressed bio (git-fixes).\n- btrfs: fix leak of qgroup extent records after transaction abort (git-fixes).\n- btrfs: fix ordered extent split error handling in btrfs_dio_submit_io (git-fixes).\n- btrfs: limit write bios to a single ordered extent (git-fixes).\n- btrfs: make btrfs_finish_ordered_extent() return void (git-fixes).\n- btrfs: merge the two calls to btrfs_add_ordered_extent in run_delalloc_nocow (git-fixes).\n- btrfs: open code btrfs_bio_end_io in btrfs_dio_submit_io (git-fixes).\n- btrfs: open code end_extent_writepage in end_bio_extent_writepage (git-fixes).\n- btrfs: pass a btrfs_inode to btrfs_fdatawrite_range() (git-fixes).\n- btrfs: pass a btrfs_inode to btrfs_wait_ordered_range() (git-fixes).\n- btrfs: pass an ordered_extent to btrfs_reloc_clone_csums (git-fixes).\n- btrfs: pass an ordered_extent to btrfs_submit_compressed_write (git-fixes).\n- btrfs: remove btrfs_add_ordered_extent (git-fixes).\n- btrfs: rename err to ret in btrfs_direct_write() (git-fixes).\n- btrfs: uninline some static inline helpers from tree-log.h (git-fixes).\n- btrfs: use a btrfs_inode in the log context (struct btrfs_log_ctx) (git-fixes).\n- btrfs: use a btrfs_inode local variable at btrfs_sync_file() (git-fixes).\n- btrfs: use bbio-\u003eordered in btrfs_csum_one_bio (git-fixes).\n- btrfs: use btrfs_finish_ordered_extent to complete buffered writes (git-fixes).\n- btrfs: use btrfs_finish_ordered_extent to complete compressed writes (git-fixes).\n- btrfs: use btrfs_finish_ordered_extent to complete direct writes (git-fixes).\n- btrfs: use irq safe locking when running and adding delayed iputs (git-fixes).\n- cachefiles, erofs: Fix NULL deref in when cachefiles is not doing ondemand-mode (bsc#1229245).\n- cachefiles: add missing lock protection when polling (bsc#1229256).\n- cachefiles: add restore command to recover inflight ondemand read requests (bsc#1229244).\n- cachefiles: add spin_lock for cachefiles_ondemand_info (bsc#1229249).\n- cachefiles: cancel all requests for the object that is being dropped (bsc#1229255).\n- cachefiles: defer exposing anon_fd until after copy_to_user() succeeds (bsc#1229251).\n- cachefiles: extract ondemand info field from cachefiles_object (bsc#1229240).\n- cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() (bsc#1229247).\n- cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() (bsc#1229246).\n- cachefiles: introduce object ondemand state (bsc#1229239).\n- cachefiles: make on-demand read killable (bsc#1229252).\n- cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode (bsc#1229243).\n- cachefiles: never get a new anonymous fd if ondemand_id is valid (bsc#1229250).\n- cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229253).\n- cachefiles: remove err_put_fd label in cachefiles_ondemand_daemon_read() (bsc#1229248).\n- cachefiles: resend an open request if the read request\u0027s object is closed (bsc#1229241).\n- cachefiles: stop sending new request when dropping object (bsc#1229254).\n- can: mcp251xfd: tef: prepare to workaround broken TEF FIFO tail index erratum (stable-fixes).\n- can: mcp251xfd: tef: update workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes).\n- ceph: periodically flush the cap releases (bsc#1230056).\n- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).\n- cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254).\n- cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254).\n- cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).\n- cgroup: Remove unnecessary list_empty() (bsc#1222254).\n- cgroup: preserve KABI of cgroup_root (bsc#1222254).\n- char: xillybus: Check USB endpoints when probing device (git-fixes).\n- char: xillybus: Do not destroy workqueue from work item running on it (stable-fixes).\n- char: xillybus: Refine workqueue handling (git-fixes).\n- check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN Mainline commit f2f6a8e88717 (\"init/Kconfig: remove CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND\") replaced GCC_ASM_GOTO_OUTPUT_WORKAROUND with GCC_ASM_GOTO_OUTPUT_BROKEN. Ignore both when checking config changes.\n- clk: en7523: fix rate divider for slic and spi clocks (git-fixes).\n- clk: qcom: Park shared RCGs upon registration (git-fixes).\n- clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs (git-fixes).\n- clk: qcom: gcc-sa8775p: Update the GDSC wait_val fields and flags (git-fixes).\n- clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock (git-fixes).\n- clk: qcom: gpucc-sa8775p: Park RCG\u0027s clk source at XO during disable (git-fixes).\n- clk: qcom: gpucc-sa8775p: Remove the CLK_IS_CRITICAL and ALWAYS_ON flags (git-fixes).\n- clk: qcom: gpucc-sa8775p: Update wait_val fields for GPU GDSC\u0027s (git-fixes).\n- clk: qcom: gpucc-sm8350: Park RCG\u0027s clk source at XO during disable (git-fixes).\n- clk: qcom: kpss-xcc: Return of_clk_add_hw_provider to transfer the error (git-fixes).\n- clk: visconti: Add bounds-checking coverage for struct visconti_pll_provider (stable-fixes).\n- clocksource/drivers/sh_cmt: Address race condition for clock events (stable-fixes).\n- config.sh: generate and install compile_commands.json (bsc#1228971) This file contains the command line options used to compile every C file. It\u0027s useful for the livepatching team.\n- cpu/SMT: Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).\n- cxl/region: Move cxl_dpa_to_region() work to the region driver (bsc#1228472)\n- dev/parport: fix the array out-of-bounds risk (stable-fixes).\n- device property: Add cleanup.h based fwnode_handle_put() scope based cleanup (stable-fixes).\n- dmaengine: dw: Add memory bus width verification (git-fixes).\n- dmaengine: dw: Add peripheral bus width verification (git-fixes).\n- docs: KVM: Fix register ID of SPSR_FIQ (git-fixes).\n- driver core: Fix uevent_show() vs driver detach race (git-fixes).\n- drm/admgpu: fix dereferencing null pointer context (stable-fixes).\n- drm/amd/display: Add delay to improve LTTPR UHBR interop (stable-fixes).\n- drm/amd/display: Add null checker before passing variables (stable-fixes).\n- drm/amd/display: Adjust cursor position (git-fixes).\n- drm/amd/display: Check for NULL pointer (stable-fixes).\n- drm/amd/display: Skip Recompute DSC Params if no Stream on Link (stable-fixes).\n- drm/amd/display: avoid using null object of framebuffer (git-fixes).\n- drm/amd/display: fix cursor offset on rotation 180 (git-fixes).\n- drm/amd/display: fix s2idle entry for DCN3.5+ (stable-fixes).\n- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (stable-fixes).\n- drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes).\n- drm/amdgpu/jpeg4: properly set atomics vmid field (stable-fixes).\n- drm/amdgpu/pm: Fix the null pointer dereference for smu7 (stable-fixes).\n- drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes).\n- drm/amdgpu/pm: Fix the param type of set_power_profile_mode (stable-fixes).\n- drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (stable-fixes).\n- drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1 (git-fixes).\n- drm/amdgpu: Actually check flags for all context ops (stable-fixes).\n- drm/amdgpu: Add lock around VF RLCG interface (stable-fixes).\n- drm/amdgpu: Fix the null pointer dereference to ras_manager (stable-fixes).\n- drm/amdgpu: Forward soft recovery errors to userspace (stable-fixes).\n- drm/amdgpu: Validate TA binary size (stable-fixes).\n- drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes).\n- drm/amdgpu: fix potential resource leak warning (stable-fixes).\n- drm/amdgpu: reset vm state machine after gpu reset(vram lost) (stable-fixes).\n- drm/bridge: analogix_dp: properly handle zero sized AUX transactions (stable-fixes).\n- drm/client: fix null pointer dereference in drm_client_modeset_probe (git-fixes).\n- drm/dp_mst: Skip CSN if topology probing is not done yet (stable-fixes).\n- drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes).\n- drm/i915/dsi: Make Lenovo Yoga Tab 3 X90F DMI match less strict (git-fixes).\n- drm/i915/gem: Adjust vma offset for framebuffer mmap offset (stable-fixes).\n- drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (git-fixes).\n- drm/i915/hdcp: Fix HDCP2_STREAM_STATUS macro (git-fixes).\n- drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll() (git-fixes).\n- drm/lima: set gp bus_stop bit before hard reset (stable-fixes).\n- drm/mediatek/dp: Fix spurious kfree() (git-fixes).\n- drm/msm/dp: fix the max supported bpp logic (git-fixes).\n- drm/msm/dp: reset the link phy params before link training (git-fixes).\n- drm/msm/dpu: capture snapshot on the first commit_done timeout (stable-fixes).\n- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (git-fixes).\n- drm/msm/dpu: do not play tricks with debug macros (git-fixes).\n- drm/msm/dpu: drop MSM_ENC_VBLANK support (stable-fixes).\n- drm/msm/dpu: move dpu_encoder\u0027s connector assignment to atomic_enable() (git-fixes).\n- drm/msm/dpu: split dpu_encoder_wait_for_event into two functions (stable-fixes).\n- drm/msm/dpu: take plane rotation into account for wide planes (git-fixes).\n- drm/msm/dpu: try multirect based on mdp clock limits (stable-fixes).\n- drm/msm/dpu: use drmm-managed allocation for dpu_encoder_phys (stable-fixes).\n- drm/msm/mdss: Rename path references to mdp_path (stable-fixes).\n- drm/msm/mdss: switch mdss to use devm_of_icc_get() (stable-fixes).\n- drm/msm: Reduce fallout of fence signaling vs reclaim hangs (stable-fixes).\n- drm/nouveau: prime: fix refcount underflow (git-fixes).\n- drm/panel: nt36523: Set 120Hz fps for xiaomi,elish panels (stable-fixes).\n- drm/radeon/evergreen_cs: Clean up errors in evergreen_cs.c (bsc#1229024).\n- drm/radeon: Remove __counted_by from StateArray.states[] (git-fixes).\n- drm/rockchip: vop2: clear afbc en and transform bit for cluster window at linear mode (stable-fixes).\n- drm/virtio: Fix type of dma-fence context variable (git-fixes).\n- drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes).\n- drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes).\n- drm/vmwgfx: Fix prime with external buffers (git-fixes).\n- efi/libstub: Zero initialize heap allocated struct screen_info (git-fixes).\n- evm: do not copy up \u0027security.evm\u0027 xattr (git-fixes).\n- firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid (stable-fixes).\n- fs/netfs/fscache_cookie: add missing \"n_accesses\" check (bsc#1229455).\n- fuse: Initialize beyond-EOF page contents before setting uptodate (bsc#1229456).\n- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (git-fixes).\n- genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (git-fixes).\n- genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (git-fixes).\n- gfs2: setattr_chown: Add missing initialization (git-fixes).\n- gpio: mlxbf3: Support shutdown() function (git-fixes).\n- gpio: prevent potential speculation leaks in gpio_device_get_desc() (stable-fixes).\n- gpio: sysfs: extend the critical section for unregistering sysfs devices (stable-fixes).\n- gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes).\n- hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes).\n- hwmon: (ltc2992) Avoid division by zero (stable-fixes).\n- hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() (git-fixes).\n- hwmon: (pc87360) Bounds check data-\u003einnr usage (stable-fixes).\n- i2c: Fix conditional for substituting empty ACPI functions (stable-fixes).\n- i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes).\n- i2c: qcom-geni: Add missing clk_disable_unprepare in geni_i2c_runtime_resume (git-fixes).\n- i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes).\n- i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes).\n- i2c: riic: avoid potential division by zero (stable-fixes).\n- i2c: smbus: Improve handling of stuck alerts (git-fixes).\n- i2c: smbus: Send alert notifications to all devices if source not found (git-fixes).\n- i2c: stm32f7: Add atomic_xfer method to driver (stable-fixes).\n- i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer (stable-fixes).\n- i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out (stable-fixes).\n- i915/perf: Remove code to update PWR_CLK_STATE for gen12 (git-fixes).\n- ice: Fix NULL pointer access, if PF does not support SRIOV_LAG (bsc#1228737).\n- io_uring/advise: support 64-bit lengths (git-fixes).\n- io_uring: Drop per-ctx dummy_ubuf (git-fixes).\n- io_uring: Fix probe of disabled operations (git-fixes).\n- io_uring: fix io_match_task must_hold (git-fixes).\n- io_uring: tighten task exit cancellations (git-fixes).\n- iommu/amd: Convert comma to semicolon (git-fixes).\n- iommu/vt-d: Fix identity map bounds in si_domain_init() (git-fixes).\n- iommufd/device: Fix hwpt at err_unresv in iommufd_device_do_replace() (git-fixes).\n- ip6_tunnel: Fix broken GRO (bsc#1229444).\n- ipv6: sr: fix incorrect unregister order (git-fixes).\n- irqdomain: Fixed unbalanced fwnode get and put (git-fixes).\n- jfs: Fix shift-out-of-bounds in dbDiscardAG (git-fixes).\n- jfs: define xtree root and page independently (git-fixes).\n- jfs: fix null ptr deref in dtInsertEntry (git-fixes).\n- jump_label: Clarify condition in static_key_fast_inc_not_disabled() (git-fixes).\n- jump_label: Fix concurrency issues in static_key_slow_dec() (git-fixes).\n- jump_label: Fix the fix, brown paper bags galore (git-fixes).\n- jump_label: Simplify and clarify static_key_fast_inc_cpus_locked() (git-fixes).\n- kABI fix of: virtio-crypto: handle config changed by work queue (git-fixes).\n- kABI workaround for sound core UMP conversion (stable-fixes).\n- kabi fix for KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes).\n- kabi fix for SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes).\n- kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783)\n- kabi/severity: add nvme common code The nvme common code is also allowed to change the data structures, there are only internal users.\n- kcov: properly check for softirq context (git-fixes).\n- kernel-binary: generate and install compile_commands.json (bsc#1228971)\n- kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy() (bsc#1229134).\n- kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files (git-fixes).\n- kprobes: Fix to check symbol prefixes correctly (git-fixes).\n- kprobes: Prohibit probing on CFI preamble symbol (git-fixes).\n- kvm: s390: Reject memory region operations for ucontrol VMs (git-fixes bsc#1229168).\n- libbpf: Add missing LIBBPF_API annotation to libbpf_set_memlock_rlim API (git-fixes).\n- libbpf: Apply map_set_def_max_entries() for inner_maps on creation (git-fixes).\n- libbpf: Fix faccessat() usage on Android (git-fixes).\n- libbpf: Use OPTS_SET() macro in bpf_xdp_query() (git-fixes).\n- md-cluster: fix hanging issue while a new disk adding (bsc#1223395).\n- md-cluster: fix hanging issue while a new disk adding (bsc#1223395).\n- md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395).\n- md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395).\n- md-cluster: keeping kabi compatibility for upstream commit 35a0a409fa26 (bsc#1223395).\n- md/md-bitmap: fix writing non bitmap pages (git-fixes).\n- md/raid1: set max_sectors during early return from choose_slow_rdev() (git-fixes).\n- md/raid1: support read error check (git-fixes).\n- md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (git-fixes).\n- md/raid5: fix spares errors about rcu usage (git-fixes).\n- md/raid5: recheck if reshape has finished with device_lock held (git-fixes).\n- md: Do not wait for MD_RECOVERY_NEEDED for HOT_REMOVE_DISK ioctl (git-fixes).\n- md: add a mddev_add_trace_msg helper (git-fixes).\n- md: add check for sleepers in md_wakeup_thread() (git-fixes).\n- md: change the return value type of md_write_start to void (git-fixes).\n- md: do not account sync_io if iostats of the disk is disabled (git-fixes).\n- md: do not delete safemode_timer in mddev_suspend (git-fixes).\n- md: factor out a helper exceed_read_errors() to check read_errors (git-fixes).\n- md: fix a suspicious RCU usage warning (git-fixes).\n- media: Revert \"media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()\" (git-fixes).\n- media: amphion: Remove lock in s_ctrl callback (stable-fixes).\n- media: drivers/media/dvb-core: copy user arrays safely (stable-fixes).\n- media: pci: cx23885: check cx23885_vdev_init() return (stable-fixes).\n- media: uvcvideo: Add quirk for invalid dev_sof in Logitech C920 (git-fixes).\n- media: uvcvideo: Disable autosuspend for Insta360 Link (stable-fixes).\n- media: uvcvideo: Fix the bandwdith quirk on USB 3.x (stable-fixes).\n- media: uvcvideo: Ignore empty TS packets (stable-fixes).\n- media: uvcvideo: Quirk for invalid dev_sof in Logitech C922 (stable-fixes).\n- media: xc2028: avoid use-after-free in load_firmware_cb() (stable-fixes).\n- memcg: protect concurrent access to mem_cgroup_idr (git-fixes).\n- memory: stm32-fmc2-ebi: check regmap_read return value (stable-fixes).\n- memory: tegra: Skip SID programming if SID registers are not set (stable-fixes).\n- minmax: add a few more MIN_T/MAX_T users (bsc#1229024).\n- minmax: avoid overly complicated constant expressions in VM code (bsc#1229024).\n- minmax: do not use max() in situations that want a C constant expression (bsc#1229024).\n- minmax: fix up min3() and max3() too (bsc#1229024).\n- minmax: improve macro expansion and type checking (bsc#1229024).\n- minmax: make generic MIN() and MAX() macros available everywhere (bsc#1229024).\n- minmax: simplify and clarify min_t()/max_t() implementation (bsc#1229024).\n- minmax: simplify min()/max()/clamp() implementation (bsc#1229024).\n- mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes).\n- mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).\n- mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes).\n- mmc: mmc_test: Fix NULL dereference on allocation failure (git-fixes).\n- mmc: mtk-sd: receive cmd8 data when hs400 tuning fail (git-fixes).\n- net/iucv: fix the allocation size of iucv_path_table array (git-fixes bsc#1229451).\n- net/iucv: fix use after free in iucv_sock_close() (bsc#1228973).\n- net/rds: fix possible cp null dereference (git-fixes).\n- net/sched: initialize noop_qdisc owner (git-fixes).\n- net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes).\n- net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() (git-fixes).\n- net: fix sk_memory_allocated_{add|sub} vs softirqs (bsc#1228757).\n- net: mana: Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530).\n- net: mana: Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086).\n- net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154).\n- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).\n- net: missing check virtio (git-fixes).\n- net: phy: micrel: Fix the KSZ9131 MDI-X status issue (git-fixes).\n- net: phy: realtek: add support for RTL8366S Gigabit PHY (git-fixes).\n- net: usb: qmi_wwan: fix memory leak for not ip packets (git-fixes).\n- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes).\n- netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462).\n- nfc: pn533: Add poll mod list filling check (git-fixes).\n- nfs: do not invalidate dentries on transient errors (git-fixes).\n- nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes).\n- nfs: make the rpc_stat per net namespace (git-fixes).\n- nfs: pass explicit offset/count to trace events (git-fixes).\n- nfs: propagate readlink errors in nfs_symlink_filler (git-fixes).\n- nouveau/firmware: use dma non-coherent allocator (git-fixes).\n- nvme-multipath: find NUMA path only for online numa-node (git-fixes).\n- nvme-multipath: implement \"queue-depth\" iopolicy (bsc#1227706).\n- nvme-multipath: prepare for \"queue-depth\" iopolicy (bsc#1227706).\n- nvme-pci: Fix the instructions for disabling power management (git-fixes).\n- nvme-pci: add missing condition check for existence of mapped data (git-fixes).\n- nvme-pci: do not directly handle subsys reset fallout (bsc#1220066).\n- nvme-sysfs: add \u0027tls_configured_key\u0027 sysfs attribute (bsc#1221857).\n- nvme-sysfs: add \u0027tls_keyring\u0027 attribute (bsc#1221857).\n- nvme-tcp: check for invalidated or revoked key (bsc#1221857).\n- nvme-tcp: sanitize TLS key handling (bsc#1221857).\n- nvme: add a newline to the \u0027tls_key\u0027 sysfs attribute (bsc#1221857).\n- nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes).\n- nvme: avoid double free special payload (git-fixes).\n- nvme: fix NVME_NS_DEAC may incorrectly identifying the disk as EXT_LBA (git-fixes).\n- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).\n- nvme: split off TLS sysfs attributes into a separate group (bsc#1221857).\n- nvme: tcp: remove unnecessary goto statement (bsc#1221857).\n- nvme_core: scan namespaces asynchronously (bsc#1224105).\n- nvmet-auth: fix nvmet_auth hash error handling (git-fixes).\n- nvmet: always initialize cqe.result (git-fixes).\n- nvmet: do not return \u0027reserved\u0027 for empty TSAS values (git-fixes).\n- nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes).\n- nvmet: make \u0027tsas\u0027 attribute idempotent for RDMA (git-fixes).\n- ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410).\n- padata: Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes).\n- perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes).\n- pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE (git-fixes).\n- pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins (git-fixes).\n- pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes).\n- pinctrl: starfive: jh7110: Correct the level trigger configuration of iev register (git-fixes).\n- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes).\n- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes).\n- platform/surface: aggregator: Fix warning when controller is destroyed in probe (git-fixes).\n- platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779).\n- platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779).\n- platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779).\n- platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779).\n- platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779).\n- platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779).\n- platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779).\n- platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779).\n- platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779).\n- platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779).\n- platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779).\n- platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779).\n- platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779).\n- platform/x86/intel/ifs: Initialize union ifs_status to zero (git-fixes).\n- platform/x86: lg-laptop: fix %s null argument warning (stable-fixes).\n- power: supply: axp288_charger: Fix constant_charge_voltage writes (git-fixes).\n- power: supply: axp288_charger: Round constant_charge_voltage writes down (git-fixes).\n- power: supply: qcom_battmgr: return EAGAIN when firmware service is not up (git-fixes).\n- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869).\n- powerpc/io: Avoid clang null pointer arithmetic warnings (bsc#1194869).\n- powerpc/kexec: make the update_cpus_node() function public (bsc#1194869).\n- powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869).\n- powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869).\n- powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869).\n- powerpc/pseries: Whitelist dtl slub object for copying to userspace (bsc#1194869).\n- powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869).\n- powerpc/topology: Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).\n- powerpc/xmon: Check cpu id in commands \"c#\", \"dp#\" and \"dx#\" (bsc#1194869).\n- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869).\n- powerpc: xor_vmx: Add \u0027-mhard-float\u0027 to CFLAGS (bsc#1194869).\n- printk/panic: Allow cpu backtraces to be written into ringbuffer during panic (bsc#1225607).\n- reiserfs: fix uninit-value in comp_keys (git-fixes).\n- rtc: nct3018y: fix possible NULL dereference (stable-fixes).\n- s390/cpum_cf: Fix endless loop in CF_DIAG event stop (git-fixes bsc#1229171).\n- s390/dasd: fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229173).\n- s390/dasd: fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229452).\n- s390/pci: Add missing virt_to_phys() for directed DIBV (git-fixes bsc#1229174).\n- s390/pci: Allow allocation of more than 1 MSI interrupt (git-fixes bsc#1229172).\n- s390/pci: Refactor arch_setup_msi_irqs() (git-fixes bsc#1229172).\n- s390/pkey: harmonize pkey s390 debug feature calls (bsc#1228720).\n- s390/pkey: introduce dynamic debugging for pkey (bsc#1228720).\n- s390/sclp: Prevent release of buffer in I/O (git-fixes bsc#1229169).\n- s390/uv: Panic for set and remove shared access UVC errors (git-fixes bsc#1229170).\n- samples/bpf: syscall_tp_user: Fix array out-of-bound access (git-fixes).\n- samples/bpf: syscall_tp_user: Rename num_progs into nr_tests (git-fixes).\n- sbitmap: use READ_ONCE to access map-\u003eword (stable-fixes).\n- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857).\n- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857).\n- scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857).\n- scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857).\n- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857).\n- scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857).\n- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857).\n- scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857).\n- scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850).\n- scsi: qla2xxx: Complete command early within lock (bsc#1228850).\n- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).\n- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).\n- scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850).\n- scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850).\n- scsi: qla2xxx: Fix flash read failure (bsc#1228850).\n- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).\n- scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850).\n- scsi: qla2xxx: Indent help text (bsc#1228850).\n- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).\n- scsi: qla2xxx: Remove unused struct \u0027scsi_dif_tuple\u0027 (bsc#1228850).\n- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850).\n- scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850).\n- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).\n- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).\n- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).\n- selftest/bpf: Add map_in_maps with BPF_MAP_TYPE_PERF_EVENT_ARRAY values (git-fixes).\n- selftests/bpf: Add a test to verify previous stacksafe() fix (bsc#1225903).\n- selftests/bpf: Add assert for user stacks in test_task_stack (git-fixes).\n- selftests/bpf: Add netkit to tc_redirect selftest (git-fixes).\n- selftests/bpf: De-veth-ize the tc_redirect test case (git-fixes).\n- selftests/bpf: Disable IPv6 for lwt_redirect test (git-fixes).\n- selftests/bpf: Fix erroneous bitmask operation (git-fixes).\n- selftests/bpf: Fix issues in setup_classid_environment() (git-fixes).\n- selftests/bpf: Fix potential premature unload in bpf_testmod (git-fixes).\n- selftests/bpf: Fix pyperf180 compilation failure with clang18 (git-fixes).\n- selftests/bpf: Fix the flaky tc_redirect_dtime test (git-fixes).\n- selftests/bpf: Fix up xdp bonding test wrt feature flags (git-fixes).\n- selftests/bpf: Make linked_list failure test more robust (git-fixes).\n- selftests/bpf: Relax time_tai test for equal timestamps in tai_forward (git-fixes).\n- selftests/bpf: Skip module_fentry_shadow test when bpf_testmod is not available (git-fixes).\n- selftests/bpf: Wait for the netstamp_needed_key static key to be turned on (git-fixes).\n- selftests/bpf: fix RELEASE=1 build for tc_opts (git-fixes).\n- selftests/bpf: fix bpf_loop_bench for new callback verification scheme (git-fixes).\n- selftests/bpf: fix compiler warnings in RELEASE=1 mode (git-fixes).\n- selftests/bpf: satisfy compiler by having explicit return in btf test (git-fixes).\n- serial: core: check uartclk for zero to avoid divide by zero (stable-fixes).\n- soc: qcom: cmd-db: Map shared memory as WC, not WB (git-fixes).\n- soc: qcom: pmic_glink: Actually communicate when remote goes down (git-fixes).\n- soundwire: stream: fix programming slave ports for non-continous port maps (git-fixes).\n- spi: Add empty versions of ACPI functions (stable-fixes).\n- spi: microchip-core: fix init function not setting the master and motorola modes (git-fixes).\n- spi: microchip-core: switch to use modern name (stable-fixes).\n- spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes).\n- spi: spidev: Add missing spi_device_id for bh2228fv (git-fixes).\n- squashfs: squashfs_read_data need to check if the length is 0 (git-fixes).\n- ssb: Fix division by zero issue in ssb_calc_clock_rate (stable-fixes).\n- staging: iio: resolver: ad2s1210: fix use before initialization (stable-fixes).\n- staging: ks7010: disable bh on tx_dev_lock (stable-fixes).\n- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228849).\n- sunrpc: add a struct rpc_stats arg to rpc_create_args (git-fixes).\n- swiotlb: do not set total_used to 0 in swiotlb_create_debugfs_files() (git-fixes).\n- swiotlb: fix swiotlb_bounce() to do partial sync\u0027s correctly (git-fixes).\n- syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes).\n- thermal/drivers/broadcom: Fix race between removal and clock disable (git-fixes).\n- thermal: bcm2835: Convert to platform remove callback returning void (stable-fixes).\n- thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes).\n- tools/perf: Fix perf bench epoll to enable the run when some CPU\u0027s are offline (bsc#1227747).\n- tools/perf: Fix perf bench futex to enable the run when some CPU\u0027s are offline (bsc#1227747).\n- tools/perf: Fix timing issue with parallel threads in perf bench wake-up-parallel (bsc#1227747).\n- tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids (git-fixes).\n- tools/resolve_btfids: Fix cross-compilation to non-host endianness (git-fixes).\n- tools/resolve_btfids: Refactor set sorting with types from btf_ids.h (git-fixes).\n- tools/resolve_btfids: fix build with musl libc (git-fixes).\n- trace/pid_list: Change gfp flags in pid_list_fill_irq() (git-fixes).\n- tracing: Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes).\n- tty: atmel_serial: use the correct RTS flag (git-fixes).\n- tty: serial: fsl_lpuart: mark last busy before uart_add_one_port (git-fixes).\n- usb: cdnsp: fix for Link TRB with TC (git-fixes).\n- usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function (git-fixes).\n- usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (git-fixes).\n- usb: dwc3: core: Skip setting event buffers for host only controllers (stable-fixes).\n- usb: dwc3: omap: add missing depopulate in probe error path (git-fixes).\n- usb: dwc3: st: add missing depopulate in probe error path (git-fixes).\n- usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes).\n- usb: gadget: core: Check for unset descriptor (git-fixes).\n- usb: gadget: fsl: Increase size of name buffer for endpoints (stable-fixes).\n- usb: gadget: u_audio: Check return codes from usb_ep_enable and config_ep_by_speed (git-fixes).\n- usb: gadget: u_serial: Set start_delayed during suspend (git-fixes).\n- usb: gadget: uvc: cleanup request when not in correct state (stable-fixes).\n- usb: typec: fsa4480: Add support to swap SBU orientation (git-fixes).\n- usb: typec: fsa4480: Check if the chip is really there (git-fixes).\n- usb: typec: fsa4480: Relax CHIP_ID check (git-fixes).\n- usb: typec: fsa4480: add support for Audio Accessory Mode (git-fixes).\n- usb: typec: fsa4480: rework mux \u0026 switch setup to handle more states (git-fixes).\n- usb: vhci-hcd: Do not drop references before new references are gained (stable-fixes).\n- vfio/pci: fix potential memory leak in vfio_intx_enable() (git-fixes).\n- vhost-scsi: Handle vhost_vq_work_queue failures for events (git-fixes).\n- vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes).\n- vhost/vsock: always initialize seqpacket_allow (git-fixes).\n- vhost: Release worker mutex during flushes (git-fixes).\n- vhost: Use virtqueue mutex for swapping worker (git-fixes).\n- virt: guest_memfd: fix reference leak on hwpoisoned page (git-fixes).\n- virtio-crypto: handle config changed by work queue (git-fixes).\n- virtio: reenable config if freezing device failed (git-fixes).\n- virtio_net: use u64_stats_t infra to avoid data-races (git-fixes).\n- virtiofs: forbid newlines in tags (bsc#1229940).\n- wifi: ath12k: fix memory leak in ath12k_dp_rx_peer_frag_setup() (stable-fixes).\n- wifi: ath12k: fix soft lockup on suspend (git-fixes).\n- wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion (git-fixes).\n- wifi: cfg80211: fix reporting failed MLO links status with cfg80211_connect_done (git-fixes).\n- wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes).\n- wifi: mac80211: use monitor sdata with driver only if desired (git-fixes).\n- wifi: mwifiex: duplicate static structs used in driver instances (git-fixes).\n- wifi: nl80211: disallow setting special AP channel widths (stable-fixes).\n- wifi: nl80211: do not give key data to userspace (stable-fixes).\n- wifi: rtw88: usb: Fix disconnection after beacon loss (stable-fixes).\n- wifi: wfx: repair open network AP mode (git-fixes).\n- workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).\n- workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454).\n- x86/asm: Use %c/%n instead of %P operand modifier in asm templates (git-fixes).\n- x86/entry/64: Remove obsolete comment on tracing vs. SYSRET (git-fixes).\n- x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes).\n- x86/mm: Fix pti_clone_pgtable() alignment assumption (git-fixes).\n- x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes).\n- x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks() (git-fixes).\n- x86/numa: Fix the address overlap check in numa_fill_memblks() (git-fixes).\n- x86/numa: Fix the sort compare func used in numa_fill_memblks() (git-fixes).\n- x86/numa: Introduce numa_fill_memblks() (git-fixes).\n- x86/pci: Skip early E820 check for ECAM region (git-fixes).\n- x86/xen: Convert comma to semicolon (git-fixes).\n- xfs: Fix missing interval for missing_owner in xfs fsmap (git-fixes).\n- xfs: Fix the owner setting issue for rmap query in xfs fsmap (git-fixes).\n- xfs: allow cross-linking special files without project quota (git-fixes).\n- xfs: allow symlinks with short remote targets (bsc#1229160).\n- xfs: allow unlinked symlinks and dirs with zero size (git-fixes).\n- xfs: attr forks require attr, not attr2 (git-fixes).\n- xfs: convert comma to semicolon (git-fixes).\n- xfs: do not use current-\u003ejournal_info (git-fixes).\n- xfs: fix unlink vs cluster buffer instantiation race (git-fixes).\n- xfs: honor init_xattrs in xfs_init_new_inode for !ATTR fs (git-fixes).\n- xfs: journal geometry is not properly bounds checked (git-fixes).\n- xfs: match lock mode in xfs_buffered_write_iomap_begin() (git-fixes).\n- xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery (git-fixes).\n- xfs: upgrade the extent counters in xfs_reflink_end_cow_extent later (git-fixes).\n- xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes).\n- xfs: use consistent uid/gid when grabbing dquots for inodes (git-fixes).\n- xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes).\n- xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-63",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20047-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20047-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520047-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20047-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021306.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1193454",
"url": "https://bugzilla.suse.com/1193454"
},
{
"category": "self",
"summary": "SUSE Bug 1194869",
"url": "https://bugzilla.suse.com/1194869"
},
{
"category": "self",
"summary": "SUSE Bug 1205462",
"url": "https://bugzilla.suse.com/1205462"
},
{
"category": "self",
"summary": "SUSE Bug 1208783",
"url": "https://bugzilla.suse.com/1208783"
},
{
"category": "self",
"summary": "SUSE Bug 1213123",
"url": "https://bugzilla.suse.com/1213123"
},
{
"category": "self",
"summary": "SUSE Bug 1214285",
"url": "https://bugzilla.suse.com/1214285"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1220066",
"url": "https://bugzilla.suse.com/1220066"
},
{
"category": "self",
"summary": "SUSE Bug 1220252",
"url": "https://bugzilla.suse.com/1220252"
},
{
"category": "self",
"summary": "SUSE Bug 1220877",
"url": "https://bugzilla.suse.com/1220877"
},
{
"category": "self",
"summary": "SUSE Bug 1221326",
"url": "https://bugzilla.suse.com/1221326"
},
{
"category": "self",
"summary": "SUSE Bug 1221630",
"url": "https://bugzilla.suse.com/1221630"
},
{
"category": "self",
"summary": "SUSE Bug 1221645",
"url": "https://bugzilla.suse.com/1221645"
},
{
"category": "self",
"summary": "SUSE Bug 1221652",
"url": "https://bugzilla.suse.com/1221652"
},
{
"category": "self",
"summary": "SUSE Bug 1221857",
"url": "https://bugzilla.suse.com/1221857"
},
{
"category": "self",
"summary": "SUSE Bug 1222254",
"url": "https://bugzilla.suse.com/1222254"
},
{
"category": "self",
"summary": "SUSE Bug 1222335",
"url": "https://bugzilla.suse.com/1222335"
},
{
"category": "self",
"summary": "SUSE Bug 1222350",
"url": "https://bugzilla.suse.com/1222350"
},
{
"category": "self",
"summary": "SUSE Bug 1222364",
"url": "https://bugzilla.suse.com/1222364"
},
{
"category": "self",
"summary": "SUSE Bug 1222372",
"url": "https://bugzilla.suse.com/1222372"
},
{
"category": "self",
"summary": "SUSE Bug 1222387",
"url": "https://bugzilla.suse.com/1222387"
},
{
"category": "self",
"summary": "SUSE Bug 1222433",
"url": "https://bugzilla.suse.com/1222433"
},
{
"category": "self",
"summary": "SUSE Bug 1222434",
"url": "https://bugzilla.suse.com/1222434"
},
{
"category": "self",
"summary": "SUSE Bug 1222625",
"url": "https://bugzilla.suse.com/1222625"
},
{
"category": "self",
"summary": "SUSE Bug 1222633",
"url": "https://bugzilla.suse.com/1222633"
},
{
"category": "self",
"summary": "SUSE Bug 1222634",
"url": "https://bugzilla.suse.com/1222634"
},
{
"category": "self",
"summary": "SUSE Bug 1222808",
"url": "https://bugzilla.suse.com/1222808"
},
{
"category": "self",
"summary": "SUSE Bug 1222967",
"url": "https://bugzilla.suse.com/1222967"
},
{
"category": "self",
"summary": "SUSE Bug 1222973",
"url": "https://bugzilla.suse.com/1222973"
},
{
"category": "self",
"summary": "SUSE Bug 1223053",
"url": "https://bugzilla.suse.com/1223053"
},
{
"category": "self",
"summary": "SUSE Bug 1223074",
"url": "https://bugzilla.suse.com/1223074"
},
{
"category": "self",
"summary": "SUSE Bug 1223191",
"url": "https://bugzilla.suse.com/1223191"
},
{
"category": "self",
"summary": "SUSE Bug 1223395",
"url": "https://bugzilla.suse.com/1223395"
},
{
"category": "self",
"summary": "SUSE Bug 1223635",
"url": "https://bugzilla.suse.com/1223635"
},
{
"category": "self",
"summary": "SUSE Bug 1223720",
"url": "https://bugzilla.suse.com/1223720"
},
{
"category": "self",
"summary": "SUSE Bug 1223731",
"url": "https://bugzilla.suse.com/1223731"
},
{
"category": "self",
"summary": "SUSE Bug 1223742",
"url": "https://bugzilla.suse.com/1223742"
},
{
"category": "self",
"summary": "SUSE Bug 1223763",
"url": "https://bugzilla.suse.com/1223763"
},
{
"category": "self",
"summary": "SUSE Bug 1223767",
"url": "https://bugzilla.suse.com/1223767"
},
{
"category": "self",
"summary": "SUSE Bug 1223777",
"url": "https://bugzilla.suse.com/1223777"
},
{
"category": "self",
"summary": "SUSE Bug 1223803",
"url": "https://bugzilla.suse.com/1223803"
},
{
"category": "self",
"summary": "SUSE Bug 1224105",
"url": "https://bugzilla.suse.com/1224105"
},
{
"category": "self",
"summary": "SUSE Bug 1224415",
"url": "https://bugzilla.suse.com/1224415"
},
{
"category": "self",
"summary": "SUSE Bug 1224485",
"url": "https://bugzilla.suse.com/1224485"
},
{
"category": "self",
"summary": "SUSE Bug 1224496",
"url": "https://bugzilla.suse.com/1224496"
},
{
"category": "self",
"summary": "SUSE Bug 1224510",
"url": "https://bugzilla.suse.com/1224510"
},
{
"category": "self",
"summary": "SUSE Bug 1224535",
"url": "https://bugzilla.suse.com/1224535"
},
{
"category": "self",
"summary": "SUSE Bug 1224631",
"url": "https://bugzilla.suse.com/1224631"
},
{
"category": "self",
"summary": "SUSE Bug 1224636",
"url": "https://bugzilla.suse.com/1224636"
},
{
"category": "self",
"summary": "SUSE Bug 1224690",
"url": "https://bugzilla.suse.com/1224690"
},
{
"category": "self",
"summary": "SUSE Bug 1224694",
"url": "https://bugzilla.suse.com/1224694"
},
{
"category": "self",
"summary": "SUSE Bug 1224700",
"url": "https://bugzilla.suse.com/1224700"
},
{
"category": "self",
"summary": "SUSE Bug 1224711",
"url": "https://bugzilla.suse.com/1224711"
},
{
"category": "self",
"summary": "SUSE Bug 1225475",
"url": "https://bugzilla.suse.com/1225475"
},
{
"category": "self",
"summary": "SUSE Bug 1225582",
"url": "https://bugzilla.suse.com/1225582"
},
{
"category": "self",
"summary": "SUSE Bug 1225607",
"url": "https://bugzilla.suse.com/1225607"
},
{
"category": "self",
"summary": "SUSE Bug 1225718",
"url": "https://bugzilla.suse.com/1225718"
},
{
"category": "self",
"summary": "SUSE Bug 1225751",
"url": "https://bugzilla.suse.com/1225751"
},
{
"category": "self",
"summary": "SUSE Bug 1225814",
"url": "https://bugzilla.suse.com/1225814"
},
{
"category": "self",
"summary": "SUSE Bug 1225832",
"url": "https://bugzilla.suse.com/1225832"
},
{
"category": "self",
"summary": "SUSE Bug 1225838",
"url": "https://bugzilla.suse.com/1225838"
},
{
"category": "self",
"summary": "SUSE Bug 1225903",
"url": "https://bugzilla.suse.com/1225903"
},
{
"category": "self",
"summary": "SUSE Bug 1226031",
"url": "https://bugzilla.suse.com/1226031"
},
{
"category": "self",
"summary": "SUSE Bug 1226127",
"url": "https://bugzilla.suse.com/1226127"
},
{
"category": "self",
"summary": "SUSE Bug 1226502",
"url": "https://bugzilla.suse.com/1226502"
},
{
"category": "self",
"summary": "SUSE Bug 1226530",
"url": "https://bugzilla.suse.com/1226530"
},
{
"category": "self",
"summary": "SUSE Bug 1226588",
"url": "https://bugzilla.suse.com/1226588"
},
{
"category": "self",
"summary": "SUSE Bug 1226604",
"url": "https://bugzilla.suse.com/1226604"
},
{
"category": "self",
"summary": "SUSE Bug 1226743",
"url": "https://bugzilla.suse.com/1226743"
},
{
"category": "self",
"summary": "SUSE Bug 1226751",
"url": "https://bugzilla.suse.com/1226751"
},
{
"category": "self",
"summary": "SUSE Bug 1226765",
"url": "https://bugzilla.suse.com/1226765"
},
{
"category": "self",
"summary": "SUSE Bug 1226798",
"url": "https://bugzilla.suse.com/1226798"
},
{
"category": "self",
"summary": "SUSE Bug 1226801",
"url": "https://bugzilla.suse.com/1226801"
},
{
"category": "self",
"summary": "SUSE Bug 1226834",
"url": "https://bugzilla.suse.com/1226834"
},
{
"category": "self",
"summary": "SUSE Bug 1226874",
"url": "https://bugzilla.suse.com/1226874"
},
{
"category": "self",
"summary": "SUSE Bug 1226885",
"url": "https://bugzilla.suse.com/1226885"
},
{
"category": "self",
"summary": "SUSE Bug 1226920",
"url": "https://bugzilla.suse.com/1226920"
},
{
"category": "self",
"summary": "SUSE Bug 1227149",
"url": "https://bugzilla.suse.com/1227149"
},
{
"category": "self",
"summary": "SUSE Bug 1227182",
"url": "https://bugzilla.suse.com/1227182"
},
{
"category": "self",
"summary": "SUSE Bug 1227383",
"url": "https://bugzilla.suse.com/1227383"
},
{
"category": "self",
"summary": "SUSE Bug 1227437",
"url": "https://bugzilla.suse.com/1227437"
},
{
"category": "self",
"summary": "SUSE Bug 1227492",
"url": "https://bugzilla.suse.com/1227492"
},
{
"category": "self",
"summary": "SUSE Bug 1227493",
"url": "https://bugzilla.suse.com/1227493"
},
{
"category": "self",
"summary": "SUSE Bug 1227494",
"url": "https://bugzilla.suse.com/1227494"
},
{
"category": "self",
"summary": "SUSE Bug 1227618",
"url": "https://bugzilla.suse.com/1227618"
},
{
"category": "self",
"summary": "SUSE Bug 1227620",
"url": "https://bugzilla.suse.com/1227620"
},
{
"category": "self",
"summary": "SUSE Bug 1227623",
"url": "https://bugzilla.suse.com/1227623"
},
{
"category": "self",
"summary": "SUSE Bug 1227627",
"url": "https://bugzilla.suse.com/1227627"
},
{
"category": "self",
"summary": "SUSE Bug 1227634",
"url": "https://bugzilla.suse.com/1227634"
},
{
"category": "self",
"summary": "SUSE Bug 1227706",
"url": "https://bugzilla.suse.com/1227706"
},
{
"category": "self",
"summary": "SUSE Bug 1227722",
"url": "https://bugzilla.suse.com/1227722"
},
{
"category": "self",
"summary": "SUSE Bug 1227724",
"url": "https://bugzilla.suse.com/1227724"
},
{
"category": "self",
"summary": "SUSE Bug 1227725",
"url": "https://bugzilla.suse.com/1227725"
},
{
"category": "self",
"summary": "SUSE Bug 1227728",
"url": "https://bugzilla.suse.com/1227728"
},
{
"category": "self",
"summary": "SUSE Bug 1227729",
"url": "https://bugzilla.suse.com/1227729"
},
{
"category": "self",
"summary": "SUSE Bug 1227732",
"url": "https://bugzilla.suse.com/1227732"
},
{
"category": "self",
"summary": "SUSE Bug 1227733",
"url": "https://bugzilla.suse.com/1227733"
},
{
"category": "self",
"summary": "SUSE Bug 1227734",
"url": "https://bugzilla.suse.com/1227734"
},
{
"category": "self",
"summary": "SUSE Bug 1227747",
"url": "https://bugzilla.suse.com/1227747"
},
{
"category": "self",
"summary": "SUSE Bug 1227750",
"url": "https://bugzilla.suse.com/1227750"
},
{
"category": "self",
"summary": "SUSE Bug 1227754",
"url": "https://bugzilla.suse.com/1227754"
},
{
"category": "self",
"summary": "SUSE Bug 1227758",
"url": "https://bugzilla.suse.com/1227758"
},
{
"category": "self",
"summary": "SUSE Bug 1227760",
"url": "https://bugzilla.suse.com/1227760"
},
{
"category": "self",
"summary": "SUSE Bug 1227761",
"url": "https://bugzilla.suse.com/1227761"
},
{
"category": "self",
"summary": "SUSE Bug 1227764",
"url": "https://bugzilla.suse.com/1227764"
},
{
"category": "self",
"summary": "SUSE Bug 1227766",
"url": "https://bugzilla.suse.com/1227766"
},
{
"category": "self",
"summary": "SUSE Bug 1227770",
"url": "https://bugzilla.suse.com/1227770"
},
{
"category": "self",
"summary": "SUSE Bug 1227771",
"url": "https://bugzilla.suse.com/1227771"
},
{
"category": "self",
"summary": "SUSE Bug 1227772",
"url": "https://bugzilla.suse.com/1227772"
},
{
"category": "self",
"summary": "SUSE Bug 1227774",
"url": "https://bugzilla.suse.com/1227774"
},
{
"category": "self",
"summary": "SUSE Bug 1227781",
"url": "https://bugzilla.suse.com/1227781"
},
{
"category": "self",
"summary": "SUSE Bug 1227784",
"url": "https://bugzilla.suse.com/1227784"
},
{
"category": "self",
"summary": "SUSE Bug 1227785",
"url": "https://bugzilla.suse.com/1227785"
},
{
"category": "self",
"summary": "SUSE Bug 1227787",
"url": "https://bugzilla.suse.com/1227787"
},
{
"category": "self",
"summary": "SUSE Bug 1227790",
"url": "https://bugzilla.suse.com/1227790"
},
{
"category": "self",
"summary": "SUSE Bug 1227791",
"url": "https://bugzilla.suse.com/1227791"
},
{
"category": "self",
"summary": "SUSE Bug 1227792",
"url": "https://bugzilla.suse.com/1227792"
},
{
"category": "self",
"summary": "SUSE Bug 1227796",
"url": "https://bugzilla.suse.com/1227796"
},
{
"category": "self",
"summary": "SUSE Bug 1227798",
"url": "https://bugzilla.suse.com/1227798"
},
{
"category": "self",
"summary": "SUSE Bug 1227799",
"url": "https://bugzilla.suse.com/1227799"
},
{
"category": "self",
"summary": "SUSE Bug 1227802",
"url": "https://bugzilla.suse.com/1227802"
},
{
"category": "self",
"summary": "SUSE Bug 1227808",
"url": "https://bugzilla.suse.com/1227808"
},
{
"category": "self",
"summary": "SUSE Bug 1227810",
"url": "https://bugzilla.suse.com/1227810"
},
{
"category": "self",
"summary": "SUSE Bug 1227811",
"url": "https://bugzilla.suse.com/1227811"
},
{
"category": "self",
"summary": "SUSE Bug 1227812",
"url": "https://bugzilla.suse.com/1227812"
},
{
"category": "self",
"summary": "SUSE Bug 1227815",
"url": "https://bugzilla.suse.com/1227815"
},
{
"category": "self",
"summary": "SUSE Bug 1227816",
"url": "https://bugzilla.suse.com/1227816"
},
{
"category": "self",
"summary": "SUSE Bug 1227818",
"url": "https://bugzilla.suse.com/1227818"
},
{
"category": "self",
"summary": "SUSE Bug 1227820",
"url": "https://bugzilla.suse.com/1227820"
},
{
"category": "self",
"summary": "SUSE Bug 1227823",
"url": "https://bugzilla.suse.com/1227823"
},
{
"category": "self",
"summary": "SUSE Bug 1227824",
"url": "https://bugzilla.suse.com/1227824"
},
{
"category": "self",
"summary": "SUSE Bug 1227826",
"url": "https://bugzilla.suse.com/1227826"
},
{
"category": "self",
"summary": "SUSE Bug 1227828",
"url": "https://bugzilla.suse.com/1227828"
},
{
"category": "self",
"summary": "SUSE Bug 1227829",
"url": "https://bugzilla.suse.com/1227829"
},
{
"category": "self",
"summary": "SUSE Bug 1227830",
"url": "https://bugzilla.suse.com/1227830"
},
{
"category": "self",
"summary": "SUSE Bug 1227832",
"url": "https://bugzilla.suse.com/1227832"
},
{
"category": "self",
"summary": "SUSE Bug 1227833",
"url": "https://bugzilla.suse.com/1227833"
},
{
"category": "self",
"summary": "SUSE Bug 1227834",
"url": "https://bugzilla.suse.com/1227834"
},
{
"category": "self",
"summary": "SUSE Bug 1227839",
"url": "https://bugzilla.suse.com/1227839"
},
{
"category": "self",
"summary": "SUSE Bug 1227840",
"url": "https://bugzilla.suse.com/1227840"
},
{
"category": "self",
"summary": "SUSE Bug 1227846",
"url": "https://bugzilla.suse.com/1227846"
},
{
"category": "self",
"summary": "SUSE Bug 1227849",
"url": "https://bugzilla.suse.com/1227849"
},
{
"category": "self",
"summary": "SUSE Bug 1227851",
"url": "https://bugzilla.suse.com/1227851"
},
{
"category": "self",
"summary": "SUSE Bug 1227853",
"url": "https://bugzilla.suse.com/1227853"
},
{
"category": "self",
"summary": "SUSE Bug 1227863",
"url": "https://bugzilla.suse.com/1227863"
},
{
"category": "self",
"summary": "SUSE Bug 1227864",
"url": "https://bugzilla.suse.com/1227864"
},
{
"category": "self",
"summary": "SUSE Bug 1227865",
"url": "https://bugzilla.suse.com/1227865"
},
{
"category": "self",
"summary": "SUSE Bug 1227867",
"url": "https://bugzilla.suse.com/1227867"
},
{
"category": "self",
"summary": "SUSE Bug 1227869",
"url": "https://bugzilla.suse.com/1227869"
},
{
"category": "self",
"summary": "SUSE Bug 1227870",
"url": "https://bugzilla.suse.com/1227870"
},
{
"category": "self",
"summary": "SUSE Bug 1227883",
"url": "https://bugzilla.suse.com/1227883"
},
{
"category": "self",
"summary": "SUSE Bug 1227884",
"url": "https://bugzilla.suse.com/1227884"
},
{
"category": "self",
"summary": "SUSE Bug 1227891",
"url": "https://bugzilla.suse.com/1227891"
},
{
"category": "self",
"summary": "SUSE Bug 1227893",
"url": "https://bugzilla.suse.com/1227893"
},
{
"category": "self",
"summary": "SUSE Bug 1227929",
"url": "https://bugzilla.suse.com/1227929"
},
{
"category": "self",
"summary": "SUSE Bug 1227950",
"url": "https://bugzilla.suse.com/1227950"
},
{
"category": "self",
"summary": "SUSE Bug 1227957",
"url": "https://bugzilla.suse.com/1227957"
},
{
"category": "self",
"summary": "SUSE Bug 1227981",
"url": "https://bugzilla.suse.com/1227981"
},
{
"category": "self",
"summary": "SUSE Bug 1228020",
"url": "https://bugzilla.suse.com/1228020"
},
{
"category": "self",
"summary": "SUSE Bug 1228021",
"url": "https://bugzilla.suse.com/1228021"
},
{
"category": "self",
"summary": "SUSE Bug 1228192",
"url": "https://bugzilla.suse.com/1228192"
},
{
"category": "self",
"summary": "SUSE Bug 1228235",
"url": "https://bugzilla.suse.com/1228235"
},
{
"category": "self",
"summary": "SUSE Bug 1228236",
"url": "https://bugzilla.suse.com/1228236"
},
{
"category": "self",
"summary": "SUSE Bug 1228247",
"url": "https://bugzilla.suse.com/1228247"
},
{
"category": "self",
"summary": "SUSE Bug 1228321",
"url": "https://bugzilla.suse.com/1228321"
},
{
"category": "self",
"summary": "SUSE Bug 1228409",
"url": "https://bugzilla.suse.com/1228409"
},
{
"category": "self",
"summary": "SUSE Bug 1228410",
"url": "https://bugzilla.suse.com/1228410"
},
{
"category": "self",
"summary": "SUSE Bug 1228426",
"url": "https://bugzilla.suse.com/1228426"
},
{
"category": "self",
"summary": "SUSE Bug 1228427",
"url": "https://bugzilla.suse.com/1228427"
},
{
"category": "self",
"summary": "SUSE Bug 1228429",
"url": "https://bugzilla.suse.com/1228429"
},
{
"category": "self",
"summary": "SUSE Bug 1228446",
"url": "https://bugzilla.suse.com/1228446"
},
{
"category": "self",
"summary": "SUSE Bug 1228447",
"url": "https://bugzilla.suse.com/1228447"
},
{
"category": "self",
"summary": "SUSE Bug 1228449",
"url": "https://bugzilla.suse.com/1228449"
},
{
"category": "self",
"summary": "SUSE Bug 1228450",
"url": "https://bugzilla.suse.com/1228450"
},
{
"category": "self",
"summary": "SUSE Bug 1228452",
"url": "https://bugzilla.suse.com/1228452"
},
{
"category": "self",
"summary": "SUSE Bug 1228456",
"url": "https://bugzilla.suse.com/1228456"
},
{
"category": "self",
"summary": "SUSE Bug 1228457",
"url": "https://bugzilla.suse.com/1228457"
},
{
"category": "self",
"summary": "SUSE Bug 1228458",
"url": "https://bugzilla.suse.com/1228458"
},
{
"category": "self",
"summary": "SUSE Bug 1228459",
"url": "https://bugzilla.suse.com/1228459"
},
{
"category": "self",
"summary": "SUSE Bug 1228460",
"url": "https://bugzilla.suse.com/1228460"
},
{
"category": "self",
"summary": "SUSE Bug 1228462",
"url": "https://bugzilla.suse.com/1228462"
},
{
"category": "self",
"summary": "SUSE Bug 1228463",
"url": "https://bugzilla.suse.com/1228463"
},
{
"category": "self",
"summary": "SUSE Bug 1228466",
"url": "https://bugzilla.suse.com/1228466"
},
{
"category": "self",
"summary": "SUSE Bug 1228468",
"url": "https://bugzilla.suse.com/1228468"
},
{
"category": "self",
"summary": "SUSE Bug 1228469",
"url": "https://bugzilla.suse.com/1228469"
},
{
"category": "self",
"summary": "SUSE Bug 1228470",
"url": "https://bugzilla.suse.com/1228470"
},
{
"category": "self",
"summary": "SUSE Bug 1228472",
"url": "https://bugzilla.suse.com/1228472"
},
{
"category": "self",
"summary": "SUSE Bug 1228479",
"url": "https://bugzilla.suse.com/1228479"
},
{
"category": "self",
"summary": "SUSE Bug 1228480",
"url": "https://bugzilla.suse.com/1228480"
},
{
"category": "self",
"summary": "SUSE Bug 1228481",
"url": "https://bugzilla.suse.com/1228481"
},
{
"category": "self",
"summary": "SUSE Bug 1228482",
"url": "https://bugzilla.suse.com/1228482"
},
{
"category": "self",
"summary": "SUSE Bug 1228483",
"url": "https://bugzilla.suse.com/1228483"
},
{
"category": "self",
"summary": "SUSE Bug 1228484",
"url": "https://bugzilla.suse.com/1228484"
},
{
"category": "self",
"summary": "SUSE Bug 1228485",
"url": "https://bugzilla.suse.com/1228485"
},
{
"category": "self",
"summary": "SUSE Bug 1228486",
"url": "https://bugzilla.suse.com/1228486"
},
{
"category": "self",
"summary": "SUSE Bug 1228487",
"url": "https://bugzilla.suse.com/1228487"
},
{
"category": "self",
"summary": "SUSE Bug 1228489",
"url": "https://bugzilla.suse.com/1228489"
},
{
"category": "self",
"summary": "SUSE Bug 1228491",
"url": "https://bugzilla.suse.com/1228491"
},
{
"category": "self",
"summary": "SUSE Bug 1228492",
"url": "https://bugzilla.suse.com/1228492"
},
{
"category": "self",
"summary": "SUSE Bug 1228493",
"url": "https://bugzilla.suse.com/1228493"
},
{
"category": "self",
"summary": "SUSE Bug 1228494",
"url": "https://bugzilla.suse.com/1228494"
},
{
"category": "self",
"summary": "SUSE Bug 1228495",
"url": "https://bugzilla.suse.com/1228495"
},
{
"category": "self",
"summary": "SUSE Bug 1228496",
"url": "https://bugzilla.suse.com/1228496"
},
{
"category": "self",
"summary": "SUSE Bug 1228499",
"url": "https://bugzilla.suse.com/1228499"
},
{
"category": "self",
"summary": "SUSE Bug 1228500",
"url": "https://bugzilla.suse.com/1228500"
},
{
"category": "self",
"summary": "SUSE Bug 1228501",
"url": "https://bugzilla.suse.com/1228501"
},
{
"category": "self",
"summary": "SUSE Bug 1228502",
"url": "https://bugzilla.suse.com/1228502"
},
{
"category": "self",
"summary": "SUSE Bug 1228503",
"url": "https://bugzilla.suse.com/1228503"
},
{
"category": "self",
"summary": "SUSE Bug 1228505",
"url": "https://bugzilla.suse.com/1228505"
},
{
"category": "self",
"summary": "SUSE Bug 1228508",
"url": "https://bugzilla.suse.com/1228508"
},
{
"category": "self",
"summary": "SUSE Bug 1228509",
"url": "https://bugzilla.suse.com/1228509"
},
{
"category": "self",
"summary": "SUSE Bug 1228510",
"url": "https://bugzilla.suse.com/1228510"
},
{
"category": "self",
"summary": "SUSE Bug 1228511",
"url": "https://bugzilla.suse.com/1228511"
},
{
"category": "self",
"summary": "SUSE Bug 1228513",
"url": "https://bugzilla.suse.com/1228513"
},
{
"category": "self",
"summary": "SUSE Bug 1228515",
"url": "https://bugzilla.suse.com/1228515"
},
{
"category": "self",
"summary": "SUSE Bug 1228516",
"url": "https://bugzilla.suse.com/1228516"
},
{
"category": "self",
"summary": "SUSE Bug 1228518",
"url": "https://bugzilla.suse.com/1228518"
},
{
"category": "self",
"summary": "SUSE Bug 1228520",
"url": "https://bugzilla.suse.com/1228520"
},
{
"category": "self",
"summary": "SUSE Bug 1228525",
"url": "https://bugzilla.suse.com/1228525"
},
{
"category": "self",
"summary": "SUSE Bug 1228527",
"url": "https://bugzilla.suse.com/1228527"
},
{
"category": "self",
"summary": "SUSE Bug 1228530",
"url": "https://bugzilla.suse.com/1228530"
},
{
"category": "self",
"summary": "SUSE Bug 1228531",
"url": "https://bugzilla.suse.com/1228531"
},
{
"category": "self",
"summary": "SUSE Bug 1228539",
"url": "https://bugzilla.suse.com/1228539"
},
{
"category": "self",
"summary": "SUSE Bug 1228561",
"url": "https://bugzilla.suse.com/1228561"
},
{
"category": "self",
"summary": "SUSE Bug 1228563",
"url": "https://bugzilla.suse.com/1228563"
},
{
"category": "self",
"summary": "SUSE Bug 1228564",
"url": "https://bugzilla.suse.com/1228564"
},
{
"category": "self",
"summary": "SUSE Bug 1228565",
"url": "https://bugzilla.suse.com/1228565"
},
{
"category": "self",
"summary": "SUSE Bug 1228567",
"url": "https://bugzilla.suse.com/1228567"
},
{
"category": "self",
"summary": "SUSE Bug 1228568",
"url": "https://bugzilla.suse.com/1228568"
},
{
"category": "self",
"summary": "SUSE Bug 1228572",
"url": "https://bugzilla.suse.com/1228572"
},
{
"category": "self",
"summary": "SUSE Bug 1228576",
"url": "https://bugzilla.suse.com/1228576"
},
{
"category": "self",
"summary": "SUSE Bug 1228579",
"url": "https://bugzilla.suse.com/1228579"
},
{
"category": "self",
"summary": "SUSE Bug 1228580",
"url": "https://bugzilla.suse.com/1228580"
},
{
"category": "self",
"summary": "SUSE Bug 1228581",
"url": "https://bugzilla.suse.com/1228581"
},
{
"category": "self",
"summary": "SUSE Bug 1228582",
"url": "https://bugzilla.suse.com/1228582"
},
{
"category": "self",
"summary": "SUSE Bug 1228584",
"url": "https://bugzilla.suse.com/1228584"
},
{
"category": "self",
"summary": "SUSE Bug 1228586",
"url": "https://bugzilla.suse.com/1228586"
},
{
"category": "self",
"summary": "SUSE Bug 1228588",
"url": "https://bugzilla.suse.com/1228588"
},
{
"category": "self",
"summary": "SUSE Bug 1228590",
"url": "https://bugzilla.suse.com/1228590"
},
{
"category": "self",
"summary": "SUSE Bug 1228591",
"url": "https://bugzilla.suse.com/1228591"
},
{
"category": "self",
"summary": "SUSE Bug 1228599",
"url": "https://bugzilla.suse.com/1228599"
},
{
"category": "self",
"summary": "SUSE Bug 1228615",
"url": "https://bugzilla.suse.com/1228615"
},
{
"category": "self",
"summary": "SUSE Bug 1228616",
"url": "https://bugzilla.suse.com/1228616"
},
{
"category": "self",
"summary": "SUSE Bug 1228617",
"url": "https://bugzilla.suse.com/1228617"
},
{
"category": "self",
"summary": "SUSE Bug 1228625",
"url": "https://bugzilla.suse.com/1228625"
},
{
"category": "self",
"summary": "SUSE Bug 1228626",
"url": "https://bugzilla.suse.com/1228626"
},
{
"category": "self",
"summary": "SUSE Bug 1228633",
"url": "https://bugzilla.suse.com/1228633"
},
{
"category": "self",
"summary": "SUSE Bug 1228635",
"url": "https://bugzilla.suse.com/1228635"
},
{
"category": "self",
"summary": "SUSE Bug 1228636",
"url": "https://bugzilla.suse.com/1228636"
},
{
"category": "self",
"summary": "SUSE Bug 1228640",
"url": "https://bugzilla.suse.com/1228640"
},
{
"category": "self",
"summary": "SUSE Bug 1228643",
"url": "https://bugzilla.suse.com/1228643"
},
{
"category": "self",
"summary": "SUSE Bug 1228644",
"url": "https://bugzilla.suse.com/1228644"
},
{
"category": "self",
"summary": "SUSE Bug 1228646",
"url": "https://bugzilla.suse.com/1228646"
},
{
"category": "self",
"summary": "SUSE Bug 1228649",
"url": "https://bugzilla.suse.com/1228649"
},
{
"category": "self",
"summary": "SUSE Bug 1228650",
"url": "https://bugzilla.suse.com/1228650"
},
{
"category": "self",
"summary": "SUSE Bug 1228654",
"url": "https://bugzilla.suse.com/1228654"
},
{
"category": "self",
"summary": "SUSE Bug 1228655",
"url": "https://bugzilla.suse.com/1228655"
},
{
"category": "self",
"summary": "SUSE Bug 1228656",
"url": "https://bugzilla.suse.com/1228656"
},
{
"category": "self",
"summary": "SUSE Bug 1228658",
"url": "https://bugzilla.suse.com/1228658"
},
{
"category": "self",
"summary": "SUSE Bug 1228660",
"url": "https://bugzilla.suse.com/1228660"
},
{
"category": "self",
"summary": "SUSE Bug 1228662",
"url": "https://bugzilla.suse.com/1228662"
},
{
"category": "self",
"summary": "SUSE Bug 1228665",
"url": "https://bugzilla.suse.com/1228665"
},
{
"category": "self",
"summary": "SUSE Bug 1228666",
"url": "https://bugzilla.suse.com/1228666"
},
{
"category": "self",
"summary": "SUSE Bug 1228667",
"url": "https://bugzilla.suse.com/1228667"
},
{
"category": "self",
"summary": "SUSE Bug 1228672",
"url": "https://bugzilla.suse.com/1228672"
},
{
"category": "self",
"summary": "SUSE Bug 1228673",
"url": "https://bugzilla.suse.com/1228673"
},
{
"category": "self",
"summary": "SUSE Bug 1228674",
"url": "https://bugzilla.suse.com/1228674"
},
{
"category": "self",
"summary": "SUSE Bug 1228677",
"url": "https://bugzilla.suse.com/1228677"
},
{
"category": "self",
"summary": "SUSE Bug 1228680",
"url": "https://bugzilla.suse.com/1228680"
},
{
"category": "self",
"summary": "SUSE Bug 1228687",
"url": "https://bugzilla.suse.com/1228687"
},
{
"category": "self",
"summary": "SUSE Bug 1228705",
"url": "https://bugzilla.suse.com/1228705"
},
{
"category": "self",
"summary": "SUSE Bug 1228706",
"url": "https://bugzilla.suse.com/1228706"
},
{
"category": "self",
"summary": "SUSE Bug 1228707",
"url": "https://bugzilla.suse.com/1228707"
},
{
"category": "self",
"summary": "SUSE Bug 1228708",
"url": "https://bugzilla.suse.com/1228708"
},
{
"category": "self",
"summary": "SUSE Bug 1228709",
"url": "https://bugzilla.suse.com/1228709"
},
{
"category": "self",
"summary": "SUSE Bug 1228710",
"url": "https://bugzilla.suse.com/1228710"
},
{
"category": "self",
"summary": "SUSE Bug 1228718",
"url": "https://bugzilla.suse.com/1228718"
},
{
"category": "self",
"summary": "SUSE Bug 1228720",
"url": "https://bugzilla.suse.com/1228720"
},
{
"category": "self",
"summary": "SUSE Bug 1228721",
"url": "https://bugzilla.suse.com/1228721"
},
{
"category": "self",
"summary": "SUSE Bug 1228722",
"url": "https://bugzilla.suse.com/1228722"
},
{
"category": "self",
"summary": "SUSE Bug 1228723",
"url": "https://bugzilla.suse.com/1228723"
},
{
"category": "self",
"summary": "SUSE Bug 1228724",
"url": "https://bugzilla.suse.com/1228724"
},
{
"category": "self",
"summary": "SUSE Bug 1228726",
"url": "https://bugzilla.suse.com/1228726"
},
{
"category": "self",
"summary": "SUSE Bug 1228727",
"url": "https://bugzilla.suse.com/1228727"
},
{
"category": "self",
"summary": "SUSE Bug 1228733",
"url": "https://bugzilla.suse.com/1228733"
},
{
"category": "self",
"summary": "SUSE Bug 1228737",
"url": "https://bugzilla.suse.com/1228737"
},
{
"category": "self",
"summary": "SUSE Bug 1228743",
"url": "https://bugzilla.suse.com/1228743"
},
{
"category": "self",
"summary": "SUSE Bug 1228748",
"url": "https://bugzilla.suse.com/1228748"
},
{
"category": "self",
"summary": "SUSE Bug 1228754",
"url": "https://bugzilla.suse.com/1228754"
},
{
"category": "self",
"summary": "SUSE Bug 1228756",
"url": "https://bugzilla.suse.com/1228756"
},
{
"category": "self",
"summary": "SUSE Bug 1228757",
"url": "https://bugzilla.suse.com/1228757"
},
{
"category": "self",
"summary": "SUSE Bug 1228758",
"url": "https://bugzilla.suse.com/1228758"
},
{
"category": "self",
"summary": "SUSE Bug 1228764",
"url": "https://bugzilla.suse.com/1228764"
},
{
"category": "self",
"summary": "SUSE Bug 1228766",
"url": "https://bugzilla.suse.com/1228766"
},
{
"category": "self",
"summary": "SUSE Bug 1228779",
"url": "https://bugzilla.suse.com/1228779"
},
{
"category": "self",
"summary": "SUSE Bug 1228801",
"url": "https://bugzilla.suse.com/1228801"
},
{
"category": "self",
"summary": "SUSE Bug 1228849",
"url": "https://bugzilla.suse.com/1228849"
},
{
"category": "self",
"summary": "SUSE Bug 1228850",
"url": "https://bugzilla.suse.com/1228850"
},
{
"category": "self",
"summary": "SUSE Bug 1228857",
"url": "https://bugzilla.suse.com/1228857"
},
{
"category": "self",
"summary": "SUSE Bug 1228959",
"url": "https://bugzilla.suse.com/1228959"
},
{
"category": "self",
"summary": "SUSE Bug 1228964",
"url": "https://bugzilla.suse.com/1228964"
},
{
"category": "self",
"summary": "SUSE Bug 1228966",
"url": "https://bugzilla.suse.com/1228966"
},
{
"category": "self",
"summary": "SUSE Bug 1228967",
"url": "https://bugzilla.suse.com/1228967"
},
{
"category": "self",
"summary": "SUSE Bug 1228971",
"url": "https://bugzilla.suse.com/1228971"
},
{
"category": "self",
"summary": "SUSE Bug 1228973",
"url": "https://bugzilla.suse.com/1228973"
},
{
"category": "self",
"summary": "SUSE Bug 1228977",
"url": "https://bugzilla.suse.com/1228977"
},
{
"category": "self",
"summary": "SUSE Bug 1228978",
"url": "https://bugzilla.suse.com/1228978"
},
{
"category": "self",
"summary": "SUSE Bug 1228979",
"url": "https://bugzilla.suse.com/1228979"
},
{
"category": "self",
"summary": "SUSE Bug 1228986",
"url": "https://bugzilla.suse.com/1228986"
},
{
"category": "self",
"summary": "SUSE Bug 1228988",
"url": "https://bugzilla.suse.com/1228988"
},
{
"category": "self",
"summary": "SUSE Bug 1228989",
"url": "https://bugzilla.suse.com/1228989"
},
{
"category": "self",
"summary": "SUSE Bug 1228991",
"url": "https://bugzilla.suse.com/1228991"
},
{
"category": "self",
"summary": "SUSE Bug 1228992",
"url": "https://bugzilla.suse.com/1228992"
},
{
"category": "self",
"summary": "SUSE Bug 1229005",
"url": "https://bugzilla.suse.com/1229005"
},
{
"category": "self",
"summary": "SUSE Bug 1229024",
"url": "https://bugzilla.suse.com/1229024"
},
{
"category": "self",
"summary": "SUSE Bug 1229025",
"url": "https://bugzilla.suse.com/1229025"
},
{
"category": "self",
"summary": "SUSE Bug 1229042",
"url": "https://bugzilla.suse.com/1229042"
},
{
"category": "self",
"summary": "SUSE Bug 1229045",
"url": "https://bugzilla.suse.com/1229045"
},
{
"category": "self",
"summary": "SUSE Bug 1229046",
"url": "https://bugzilla.suse.com/1229046"
},
{
"category": "self",
"summary": "SUSE Bug 1229054",
"url": "https://bugzilla.suse.com/1229054"
},
{
"category": "self",
"summary": "SUSE Bug 1229056",
"url": "https://bugzilla.suse.com/1229056"
},
{
"category": "self",
"summary": "SUSE Bug 1229086",
"url": "https://bugzilla.suse.com/1229086"
},
{
"category": "self",
"summary": "SUSE Bug 1229134",
"url": "https://bugzilla.suse.com/1229134"
},
{
"category": "self",
"summary": "SUSE Bug 1229136",
"url": "https://bugzilla.suse.com/1229136"
},
{
"category": "self",
"summary": "SUSE Bug 1229154",
"url": "https://bugzilla.suse.com/1229154"
},
{
"category": "self",
"summary": "SUSE Bug 1229156",
"url": "https://bugzilla.suse.com/1229156"
},
{
"category": "self",
"summary": "SUSE Bug 1229160",
"url": "https://bugzilla.suse.com/1229160"
},
{
"category": "self",
"summary": "SUSE Bug 1229167",
"url": "https://bugzilla.suse.com/1229167"
},
{
"category": "self",
"summary": "SUSE Bug 1229168",
"url": "https://bugzilla.suse.com/1229168"
},
{
"category": "self",
"summary": "SUSE Bug 1229169",
"url": "https://bugzilla.suse.com/1229169"
},
{
"category": "self",
"summary": "SUSE Bug 1229170",
"url": "https://bugzilla.suse.com/1229170"
},
{
"category": "self",
"summary": "SUSE Bug 1229171",
"url": "https://bugzilla.suse.com/1229171"
},
{
"category": "self",
"summary": "SUSE Bug 1229172",
"url": "https://bugzilla.suse.com/1229172"
},
{
"category": "self",
"summary": "SUSE Bug 1229173",
"url": "https://bugzilla.suse.com/1229173"
},
{
"category": "self",
"summary": "SUSE Bug 1229174",
"url": "https://bugzilla.suse.com/1229174"
},
{
"category": "self",
"summary": "SUSE Bug 1229239",
"url": "https://bugzilla.suse.com/1229239"
},
{
"category": "self",
"summary": "SUSE Bug 1229240",
"url": "https://bugzilla.suse.com/1229240"
},
{
"category": "self",
"summary": "SUSE Bug 1229241",
"url": "https://bugzilla.suse.com/1229241"
},
{
"category": "self",
"summary": "SUSE Bug 1229243",
"url": "https://bugzilla.suse.com/1229243"
},
{
"category": "self",
"summary": "SUSE Bug 1229244",
"url": "https://bugzilla.suse.com/1229244"
},
{
"category": "self",
"summary": "SUSE Bug 1229245",
"url": "https://bugzilla.suse.com/1229245"
},
{
"category": "self",
"summary": "SUSE Bug 1229246",
"url": "https://bugzilla.suse.com/1229246"
},
{
"category": "self",
"summary": "SUSE Bug 1229247",
"url": "https://bugzilla.suse.com/1229247"
},
{
"category": "self",
"summary": "SUSE Bug 1229248",
"url": "https://bugzilla.suse.com/1229248"
},
{
"category": "self",
"summary": "SUSE Bug 1229249",
"url": "https://bugzilla.suse.com/1229249"
},
{
"category": "self",
"summary": "SUSE Bug 1229250",
"url": "https://bugzilla.suse.com/1229250"
},
{
"category": "self",
"summary": "SUSE Bug 1229251",
"url": "https://bugzilla.suse.com/1229251"
},
{
"category": "self",
"summary": "SUSE Bug 1229252",
"url": "https://bugzilla.suse.com/1229252"
},
{
"category": "self",
"summary": "SUSE Bug 1229253",
"url": "https://bugzilla.suse.com/1229253"
},
{
"category": "self",
"summary": "SUSE Bug 1229254",
"url": "https://bugzilla.suse.com/1229254"
},
{
"category": "self",
"summary": "SUSE Bug 1229255",
"url": "https://bugzilla.suse.com/1229255"
},
{
"category": "self",
"summary": "SUSE Bug 1229256",
"url": "https://bugzilla.suse.com/1229256"
},
{
"category": "self",
"summary": "SUSE Bug 1229287",
"url": "https://bugzilla.suse.com/1229287"
},
{
"category": "self",
"summary": "SUSE Bug 1229290",
"url": "https://bugzilla.suse.com/1229290"
},
{
"category": "self",
"summary": "SUSE Bug 1229291",
"url": "https://bugzilla.suse.com/1229291"
},
{
"category": "self",
"summary": "SUSE Bug 1229292",
"url": "https://bugzilla.suse.com/1229292"
},
{
"category": "self",
"summary": "SUSE Bug 1229294",
"url": "https://bugzilla.suse.com/1229294"
},
{
"category": "self",
"summary": "SUSE Bug 1229296",
"url": "https://bugzilla.suse.com/1229296"
},
{
"category": "self",
"summary": "SUSE Bug 1229297",
"url": "https://bugzilla.suse.com/1229297"
},
{
"category": "self",
"summary": "SUSE Bug 1229298",
"url": "https://bugzilla.suse.com/1229298"
},
{
"category": "self",
"summary": "SUSE Bug 1229299",
"url": "https://bugzilla.suse.com/1229299"
},
{
"category": "self",
"summary": "SUSE Bug 1229301",
"url": "https://bugzilla.suse.com/1229301"
},
{
"category": "self",
"summary": "SUSE Bug 1229303",
"url": "https://bugzilla.suse.com/1229303"
},
{
"category": "self",
"summary": "SUSE Bug 1229304",
"url": "https://bugzilla.suse.com/1229304"
},
{
"category": "self",
"summary": "SUSE Bug 1229305",
"url": "https://bugzilla.suse.com/1229305"
},
{
"category": "self",
"summary": "SUSE Bug 1229307",
"url": "https://bugzilla.suse.com/1229307"
},
{
"category": "self",
"summary": "SUSE Bug 1229309",
"url": "https://bugzilla.suse.com/1229309"
},
{
"category": "self",
"summary": "SUSE Bug 1229312",
"url": "https://bugzilla.suse.com/1229312"
},
{
"category": "self",
"summary": "SUSE Bug 1229313",
"url": "https://bugzilla.suse.com/1229313"
},
{
"category": "self",
"summary": "SUSE Bug 1229314",
"url": "https://bugzilla.suse.com/1229314"
},
{
"category": "self",
"summary": "SUSE Bug 1229315",
"url": "https://bugzilla.suse.com/1229315"
},
{
"category": "self",
"summary": "SUSE Bug 1229316",
"url": "https://bugzilla.suse.com/1229316"
},
{
"category": "self",
"summary": "SUSE Bug 1229317",
"url": "https://bugzilla.suse.com/1229317"
},
{
"category": "self",
"summary": "SUSE Bug 1229318",
"url": "https://bugzilla.suse.com/1229318"
},
{
"category": "self",
"summary": "SUSE Bug 1229319",
"url": "https://bugzilla.suse.com/1229319"
},
{
"category": "self",
"summary": "SUSE Bug 1229320",
"url": "https://bugzilla.suse.com/1229320"
},
{
"category": "self",
"summary": "SUSE Bug 1229327",
"url": "https://bugzilla.suse.com/1229327"
},
{
"category": "self",
"summary": "SUSE Bug 1229341",
"url": "https://bugzilla.suse.com/1229341"
},
{
"category": "self",
"summary": "SUSE Bug 1229342",
"url": "https://bugzilla.suse.com/1229342"
},
{
"category": "self",
"summary": "SUSE Bug 1229344",
"url": "https://bugzilla.suse.com/1229344"
},
{
"category": "self",
"summary": "SUSE Bug 1229345",
"url": "https://bugzilla.suse.com/1229345"
},
{
"category": "self",
"summary": "SUSE Bug 1229346",
"url": "https://bugzilla.suse.com/1229346"
},
{
"category": "self",
"summary": "SUSE Bug 1229347",
"url": "https://bugzilla.suse.com/1229347"
},
{
"category": "self",
"summary": "SUSE Bug 1229349",
"url": "https://bugzilla.suse.com/1229349"
},
{
"category": "self",
"summary": "SUSE Bug 1229350",
"url": "https://bugzilla.suse.com/1229350"
},
{
"category": "self",
"summary": "SUSE Bug 1229351",
"url": "https://bugzilla.suse.com/1229351"
},
{
"category": "self",
"summary": "SUSE Bug 1229353",
"url": "https://bugzilla.suse.com/1229353"
},
{
"category": "self",
"summary": "SUSE Bug 1229354",
"url": "https://bugzilla.suse.com/1229354"
},
{
"category": "self",
"summary": "SUSE Bug 1229355",
"url": "https://bugzilla.suse.com/1229355"
},
{
"category": "self",
"summary": "SUSE Bug 1229356",
"url": "https://bugzilla.suse.com/1229356"
},
{
"category": "self",
"summary": "SUSE Bug 1229357",
"url": "https://bugzilla.suse.com/1229357"
},
{
"category": "self",
"summary": "SUSE Bug 1229358",
"url": "https://bugzilla.suse.com/1229358"
},
{
"category": "self",
"summary": "SUSE Bug 1229359",
"url": "https://bugzilla.suse.com/1229359"
},
{
"category": "self",
"summary": "SUSE Bug 1229360",
"url": "https://bugzilla.suse.com/1229360"
},
{
"category": "self",
"summary": "SUSE Bug 1229365",
"url": "https://bugzilla.suse.com/1229365"
},
{
"category": "self",
"summary": "SUSE Bug 1229366",
"url": "https://bugzilla.suse.com/1229366"
},
{
"category": "self",
"summary": "SUSE Bug 1229369",
"url": "https://bugzilla.suse.com/1229369"
},
{
"category": "self",
"summary": "SUSE Bug 1229370",
"url": "https://bugzilla.suse.com/1229370"
},
{
"category": "self",
"summary": "SUSE Bug 1229373",
"url": "https://bugzilla.suse.com/1229373"
},
{
"category": "self",
"summary": "SUSE Bug 1229374",
"url": "https://bugzilla.suse.com/1229374"
},
{
"category": "self",
"summary": "SUSE Bug 1229379",
"url": "https://bugzilla.suse.com/1229379"
},
{
"category": "self",
"summary": "SUSE Bug 1229381",
"url": "https://bugzilla.suse.com/1229381"
},
{
"category": "self",
"summary": "SUSE Bug 1229382",
"url": "https://bugzilla.suse.com/1229382"
},
{
"category": "self",
"summary": "SUSE Bug 1229383",
"url": "https://bugzilla.suse.com/1229383"
},
{
"category": "self",
"summary": "SUSE Bug 1229386",
"url": "https://bugzilla.suse.com/1229386"
},
{
"category": "self",
"summary": "SUSE Bug 1229388",
"url": "https://bugzilla.suse.com/1229388"
},
{
"category": "self",
"summary": "SUSE Bug 1229390",
"url": "https://bugzilla.suse.com/1229390"
},
{
"category": "self",
"summary": "SUSE Bug 1229391",
"url": "https://bugzilla.suse.com/1229391"
},
{
"category": "self",
"summary": "SUSE Bug 1229392",
"url": "https://bugzilla.suse.com/1229392"
},
{
"category": "self",
"summary": "SUSE Bug 1229395",
"url": "https://bugzilla.suse.com/1229395"
},
{
"category": "self",
"summary": "SUSE Bug 1229398",
"url": "https://bugzilla.suse.com/1229398"
},
{
"category": "self",
"summary": "SUSE Bug 1229399",
"url": "https://bugzilla.suse.com/1229399"
},
{
"category": "self",
"summary": "SUSE Bug 1229400",
"url": "https://bugzilla.suse.com/1229400"
},
{
"category": "self",
"summary": "SUSE Bug 1229402",
"url": "https://bugzilla.suse.com/1229402"
},
{
"category": "self",
"summary": "SUSE Bug 1229403",
"url": "https://bugzilla.suse.com/1229403"
},
{
"category": "self",
"summary": "SUSE Bug 1229404",
"url": "https://bugzilla.suse.com/1229404"
},
{
"category": "self",
"summary": "SUSE Bug 1229407",
"url": "https://bugzilla.suse.com/1229407"
},
{
"category": "self",
"summary": "SUSE Bug 1229409",
"url": "https://bugzilla.suse.com/1229409"
},
{
"category": "self",
"summary": "SUSE Bug 1229410",
"url": "https://bugzilla.suse.com/1229410"
},
{
"category": "self",
"summary": "SUSE Bug 1229411",
"url": "https://bugzilla.suse.com/1229411"
},
{
"category": "self",
"summary": "SUSE Bug 1229413",
"url": "https://bugzilla.suse.com/1229413"
},
{
"category": "self",
"summary": "SUSE Bug 1229414",
"url": "https://bugzilla.suse.com/1229414"
},
{
"category": "self",
"summary": "SUSE Bug 1229417",
"url": "https://bugzilla.suse.com/1229417"
},
{
"category": "self",
"summary": "SUSE Bug 1229444",
"url": "https://bugzilla.suse.com/1229444"
},
{
"category": "self",
"summary": "SUSE Bug 1229451",
"url": "https://bugzilla.suse.com/1229451"
},
{
"category": "self",
"summary": "SUSE Bug 1229452",
"url": "https://bugzilla.suse.com/1229452"
},
{
"category": "self",
"summary": "SUSE Bug 1229455",
"url": "https://bugzilla.suse.com/1229455"
},
{
"category": "self",
"summary": "SUSE Bug 1229456",
"url": "https://bugzilla.suse.com/1229456"
},
{
"category": "self",
"summary": "SUSE Bug 1229480",
"url": "https://bugzilla.suse.com/1229480"
},
{
"category": "self",
"summary": "SUSE Bug 1229481",
"url": "https://bugzilla.suse.com/1229481"
},
{
"category": "self",
"summary": "SUSE Bug 1229482",
"url": "https://bugzilla.suse.com/1229482"
},
{
"category": "self",
"summary": "SUSE Bug 1229484",
"url": "https://bugzilla.suse.com/1229484"
},
{
"category": "self",
"summary": "SUSE Bug 1229485",
"url": "https://bugzilla.suse.com/1229485"
},
{
"category": "self",
"summary": "SUSE Bug 1229486",
"url": "https://bugzilla.suse.com/1229486"
},
{
"category": "self",
"summary": "SUSE Bug 1229487",
"url": "https://bugzilla.suse.com/1229487"
},
{
"category": "self",
"summary": "SUSE Bug 1229488",
"url": "https://bugzilla.suse.com/1229488"
},
{
"category": "self",
"summary": "SUSE Bug 1229489",
"url": "https://bugzilla.suse.com/1229489"
},
{
"category": "self",
"summary": "SUSE Bug 1229490",
"url": "https://bugzilla.suse.com/1229490"
},
{
"category": "self",
"summary": "SUSE Bug 1229493",
"url": "https://bugzilla.suse.com/1229493"
},
{
"category": "self",
"summary": "SUSE Bug 1229495",
"url": "https://bugzilla.suse.com/1229495"
},
{
"category": "self",
"summary": "SUSE Bug 1229496",
"url": "https://bugzilla.suse.com/1229496"
},
{
"category": "self",
"summary": "SUSE Bug 1229497",
"url": "https://bugzilla.suse.com/1229497"
},
{
"category": "self",
"summary": "SUSE Bug 1229500",
"url": "https://bugzilla.suse.com/1229500"
},
{
"category": "self",
"summary": "SUSE Bug 1229503",
"url": "https://bugzilla.suse.com/1229503"
},
{
"category": "self",
"summary": "SUSE Bug 1229707",
"url": "https://bugzilla.suse.com/1229707"
},
{
"category": "self",
"summary": "SUSE Bug 1229739",
"url": "https://bugzilla.suse.com/1229739"
},
{
"category": "self",
"summary": "SUSE Bug 1229743",
"url": "https://bugzilla.suse.com/1229743"
},
{
"category": "self",
"summary": "SUSE Bug 1229746",
"url": "https://bugzilla.suse.com/1229746"
},
{
"category": "self",
"summary": "SUSE Bug 1229747",
"url": "https://bugzilla.suse.com/1229747"
},
{
"category": "self",
"summary": "SUSE Bug 1229752",
"url": "https://bugzilla.suse.com/1229752"
},
{
"category": "self",
"summary": "SUSE Bug 1229754",
"url": "https://bugzilla.suse.com/1229754"
},
{
"category": "self",
"summary": "SUSE Bug 1229755",
"url": "https://bugzilla.suse.com/1229755"
},
{
"category": "self",
"summary": "SUSE Bug 1229756",
"url": "https://bugzilla.suse.com/1229756"
},
{
"category": "self",
"summary": "SUSE Bug 1229759",
"url": "https://bugzilla.suse.com/1229759"
},
{
"category": "self",
"summary": "SUSE Bug 1229761",
"url": "https://bugzilla.suse.com/1229761"
},
{
"category": "self",
"summary": "SUSE Bug 1229767",
"url": "https://bugzilla.suse.com/1229767"
},
{
"category": "self",
"summary": "SUSE Bug 1229781",
"url": "https://bugzilla.suse.com/1229781"
},
{
"category": "self",
"summary": "SUSE Bug 1229784",
"url": "https://bugzilla.suse.com/1229784"
},
{
"category": "self",
"summary": "SUSE Bug 1229785",
"url": "https://bugzilla.suse.com/1229785"
},
{
"category": "self",
"summary": "SUSE Bug 1229787",
"url": "https://bugzilla.suse.com/1229787"
},
{
"category": "self",
"summary": "SUSE Bug 1229788",
"url": "https://bugzilla.suse.com/1229788"
},
{
"category": "self",
"summary": "SUSE Bug 1229789",
"url": "https://bugzilla.suse.com/1229789"
},
{
"category": "self",
"summary": "SUSE Bug 1229792",
"url": "https://bugzilla.suse.com/1229792"
},
{
"category": "self",
"summary": "SUSE Bug 1229820",
"url": "https://bugzilla.suse.com/1229820"
},
{
"category": "self",
"summary": "SUSE Bug 1229827",
"url": "https://bugzilla.suse.com/1229827"
},
{
"category": "self",
"summary": "SUSE Bug 1229830",
"url": "https://bugzilla.suse.com/1229830"
},
{
"category": "self",
"summary": "SUSE Bug 1229837",
"url": "https://bugzilla.suse.com/1229837"
},
{
"category": "self",
"summary": "SUSE Bug 1229940",
"url": "https://bugzilla.suse.com/1229940"
},
{
"category": "self",
"summary": "SUSE Bug 1230056",
"url": "https://bugzilla.suse.com/1230056"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52489 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52581 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52668 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52688 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52859 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52885 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52886 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52887 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52889 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26590 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26590/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26631 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26637 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26668 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26669 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26677 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26682 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26682/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26683 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26735 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26808 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26808/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26809 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26812 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26835 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26837 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26849 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26851 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26976 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26976/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27010 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27011 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27024 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27024/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27049 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27050 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27050/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27403 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27403/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27433 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27433/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27437 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-31076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-31076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35855 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35897 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35897/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35902 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35913 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35939 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35939/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35949 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36270 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36270/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36286 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36288 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36489 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36881 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36907 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36929 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36933 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36939 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36939/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36970 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36979 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38563 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38609 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38609/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38662 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39476 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39476/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39483 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39483/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39484 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39484/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39486 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39486/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39488 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39489 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39491 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39491/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39493 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39493/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39497 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39497/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39499 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39500 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39501 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39501/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39505 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39506 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39508 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39509 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39509/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39510 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39510/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40899 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40899/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40900 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40902 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40903 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40904 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40905 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40909 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40910 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40911 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40912 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40913 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40916 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40916/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40920 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40921 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40921/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40922 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40924 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40926 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40927 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40929 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40930 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40932 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40934 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40936 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40936/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40938 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40939 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40939/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40941 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40941/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40942 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40942/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40943 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40944 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40944/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40945 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40954 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40956 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40957 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40958 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40959 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40962 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40964 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40967 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40976 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40976/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40977 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40977/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40978 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40981 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40982 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40984 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40987 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40988 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40989 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40989/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40990 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40990/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40992 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40992/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40995 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40997 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41000 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41001 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41002 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41004 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41004/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41007 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41010 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41012 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41015 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41015/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41016 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41020 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41022 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41024 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41024/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41025 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41025/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41028 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41028/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41032 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41035 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41036 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41037 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41037/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41038 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41038/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41039 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41040 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41040/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41041 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41041/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41044 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41045 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41045/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41048 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41048/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41049 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41050 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41050/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41051 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41058 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41059 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41060 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41061 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41062 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41064 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41065 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41065/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41066 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41066/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41068 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41069 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41070 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41070/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41071 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41072 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41074 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41075 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41075/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41078 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41080 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41081 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41081/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41084 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41087 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41088 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41089 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41092 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41092/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41093 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41094 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41094/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41095 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41096 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41097 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41098 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42064 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42069 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42070 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42070/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42074 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42077 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42080 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42082 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42087 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42089 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42090 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42092 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42092/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42093 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42095 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42096 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42097 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42098 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42101 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42104 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42105 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42106 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42107 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42109 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42110 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42113 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42114 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42117 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42119 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42120 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42121 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42122 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42124 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42125 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42126 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42127 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42130 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42131 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42132 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42132/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42133 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42136 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42137 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42137/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42138 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42139 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42141 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42142 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42143 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42144 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42144/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42145 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42148 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42152 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42153 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42155 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42156 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42157 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42158 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42159 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42161 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42161/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42162 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42162/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42223 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42223/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42225 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42226 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42227 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42227/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42228 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42228/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42229 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42230 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42232 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42236 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42237 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42237/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42238 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42238/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42240 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42240/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42241 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42241/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42244 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42245 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42245/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42246 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42246/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42247 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42247/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42250 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42250/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42253 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42253/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42259 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42259/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42268 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42268/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42269 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42269/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42270 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42270/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42271 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42271/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42274 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42276 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42276/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42277 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42277/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42278 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42278/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42279 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42279/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42280 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42280/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42281 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42281/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42283 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42284 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42285 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42286 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42287 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42288 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42289 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42290 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42291 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42292 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42295 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42295/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42298 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42298/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42301 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42302 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42303 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42303/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42308 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42308/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42309 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42309/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42310 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42310/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42311 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42311/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42312 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42312/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42313 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42313/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42314 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42314/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42315 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42315/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42316 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42316/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42318 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42318/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42319 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42320 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42320/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42322 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42322/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43816 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43817 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43818 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43819 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43821 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43823 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43824 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43825 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43826 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43829 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43830 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43831 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43833 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43834 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43837 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43839 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43840 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43841 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43842 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43846 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43847 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43849 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43850 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43851 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43853 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43854 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43855 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43856 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43858 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43860 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43861 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43863 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43864 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43866 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43867 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43867/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43871 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43872 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43873 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43874 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43875 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43876 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43877 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43879 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43879/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43880 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43880/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43881 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43882 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43883 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43885 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43889 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43892 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43893 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43894 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43894/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43895 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43897 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43897/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43899 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43899/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43900 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43902 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43903 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43905 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43906 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43907 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43908 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43908/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43909 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43911 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43912 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44931 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44938 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44939 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44939/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-02-03T08:55:15Z",
"generator": {
"date": "2025-02-03T08:55:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20047-1",
"initial_release_date": "2025-02-03T08:55:15Z",
"revision_history": [
{
"date": "2025-02-03T08:55:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-6.4.0-10.1.noarch",
"product": {
"name": "kernel-devel-rt-6.4.0-10.1.noarch",
"product_id": "kernel-devel-rt-6.4.0-10.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-6.4.0-10.1.noarch",
"product": {
"name": "kernel-source-rt-6.4.0-10.1.noarch",
"product_id": "kernel-source-rt-6.4.0-10.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.4.0-10.1.x86_64",
"product": {
"name": "kernel-rt-6.4.0-10.1.x86_64",
"product_id": "kernel-rt-6.4.0-10.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-10.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-10.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-10.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-10.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-10.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52489"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/sparsemem: fix race in accessing memory_section-\u003eusage\n\nThe below race is observed on a PFN which falls into the device memory\nregion with the system memory configuration where PFN\u0027s are such that\n[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL]. Since normal zone start and end\npfn contains the device memory PFN\u0027s as well, the compaction triggered\nwill try on the device memory PFN\u0027s too though they end up in NOP(because\npfn_to_online_page() returns NULL for ZONE_DEVICE memory sections). When\nfrom other core, the section mappings are being removed for the\nZONE_DEVICE region, that the PFN in question belongs to, on which\ncompaction is currently being operated is resulting into the kernel crash\nwith CONFIG_SPASEMEM_VMEMAP enabled. The crash logs can be seen at [1].\n\ncompact_zone()\t\t\tmemunmap_pages\n-------------\t\t\t---------------\n__pageblock_pfn_to_page\n ......\n (a)pfn_valid():\n valid_section()//return true\n\t\t\t (b)__remove_pages()-\u003e\n\t\t\t\t sparse_remove_section()-\u003e\n\t\t\t\t section_deactivate():\n\t\t\t\t [Free the array ms-\u003eusage and set\n\t\t\t\t ms-\u003eusage = NULL]\n pfn_section_valid()\n [Access ms-\u003eusage which\n is NULL]\n\nNOTE: From the above it can be said that the race is reduced to between\nthe pfn_valid()/pfn_section_valid() and the section deactivate with\nSPASEMEM_VMEMAP enabled.\n\nThe commit b943f045a9af(\"mm/sparse: fix kernel crash with\npfn_section_valid check\") tried to address the same problem by clearing\nthe SECTION_HAS_MEM_MAP with the expectation of valid_section() returns\nfalse thus ms-\u003eusage is not accessed.\n\nFix this issue by the below steps:\n\na) Clear SECTION_HAS_MEM_MAP before freeing the -\u003eusage.\n\nb) RCU protected read side critical section will either return NULL\n when SECTION_HAS_MEM_MAP is cleared or can successfully access -\u003eusage.\n\nc) Free the -\u003eusage with kfree_rcu() and set ms-\u003eusage = NULL. No\n attempt will be made to access -\u003eusage after this as the\n SECTION_HAS_MEM_MAP is cleared thus valid_section() return false.\n\nThanks to David/Pavan for their inputs on this patch.\n\n[1] https://lore.kernel.org/linux-mm/994410bb-89aa-d987-1f50-f514903c55aa@quicinc.com/\n\nOn Snapdragon SoC, with the mentioned memory configuration of PFN\u0027s as\n[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL], we are able to see bunch of\nissues daily while testing on a device farm.\n\nFor this particular issue below is the log. Though the below log is\nnot directly pointing to the pfn_section_valid(){ ms-\u003eusage;}, when we\nloaded this dump on T32 lauterbach tool, it is pointing.\n\n[ 540.578056] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000000\n[ 540.578068] Mem abort info:\n[ 540.578070] ESR = 0x0000000096000005\n[ 540.578073] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 540.578077] SET = 0, FnV = 0\n[ 540.578080] EA = 0, S1PTW = 0\n[ 540.578082] FSC = 0x05: level 1 translation fault\n[ 540.578085] Data abort info:\n[ 540.578086] ISV = 0, ISS = 0x00000005\n[ 540.578088] CM = 0, WnR = 0\n[ 540.579431] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBSBTYPE=--)\n[ 540.579436] pc : __pageblock_pfn_to_page+0x6c/0x14c\n[ 540.579454] lr : compact_zone+0x994/0x1058\n[ 540.579460] sp : ffffffc03579b510\n[ 540.579463] x29: ffffffc03579b510 x28: 0000000000235800 x27:000000000000000c\n[ 540.579470] x26: 0000000000235c00 x25: 0000000000000068 x24:ffffffc03579b640\n[ 540.579477] x23: 0000000000000001 x22: ffffffc03579b660 x21:0000000000000000\n[ 540.579483] x20: 0000000000235bff x19: ffffffdebf7e3940 x18:ffffffdebf66d140\n[ 540.579489] x17: 00000000739ba063 x16: 00000000739ba063 x15:00000000009f4bff\n[ 540.579495] x14: 0000008000000000 x13: 0000000000000000 x12:0000000000000001\n[ 540.579501] x11: 0000000000000000 x10: 0000000000000000 x9 :ffffff897d2cd440\n[ 540.579507] x8 : 0000000000000000 x7 : 0000000000000000 x6 :ffffffc03579b5b4\n[ 540.579512] x5 : 0000000000027f25 x4 : ffffffc03579b5b8 x3 :0000000000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52489",
"url": "https://www.suse.com/security/cve/CVE-2023-52489"
},
{
"category": "external",
"summary": "SUSE Bug 1221326 for CVE-2023-52489",
"url": "https://bugzilla.suse.com/1221326"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2023-52489"
},
{
"cve": "CVE-2023-52581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52581"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix memleak when more than 255 elements expired\n\nWhen more than 255 elements expired we\u0027re supposed to switch to a new gc\ncontainer structure.\n\nThis never happens: u8 type will wrap before reaching the boundary\nand nft_trans_gc_space() always returns true.\n\nThis means we recycle the initial gc container structure and\nlose track of the elements that came before.\n\nWhile at it, don\u0027t deref \u0027gc\u0027 after we\u0027ve passed it to call_rcu.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52581",
"url": "https://www.suse.com/security/cve/CVE-2023-52581"
},
{
"category": "external",
"summary": "SUSE Bug 1220877 for CVE-2023-52581",
"url": "https://bugzilla.suse.com/1220877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2023-52581"
},
{
"cve": "CVE-2023-52668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: fix lock ordering in btrfs_zone_activate()\n\nThe btrfs CI reported a lockdep warning as follows by running generic\ngeneric/129.\n\n WARNING: possible circular locking dependency detected\n 6.7.0-rc5+ #1 Not tainted\n ------------------------------------------------------\n kworker/u5:5/793427 is trying to acquire lock:\n ffff88813256d028 (\u0026cache-\u003elock){+.+.}-{2:2}, at: btrfs_zone_finish_one_bg+0x5e/0x130\n but task is already holding lock:\n ffff88810a23a318 (\u0026fs_info-\u003ezone_active_bgs_lock){+.+.}-{2:2}, at: btrfs_zone_finish_one_bg+0x34/0x130\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n -\u003e #1 (\u0026fs_info-\u003ezone_active_bgs_lock){+.+.}-{2:2}:\n ...\n -\u003e #0 (\u0026cache-\u003elock){+.+.}-{2:2}:\n ...\n\nThis is because we take fs_info-\u003ezone_active_bgs_lock after a block_group\u0027s\nlock in btrfs_zone_activate() while doing the opposite in other places.\n\nFix the issue by expanding the fs_info-\u003ezone_active_bgs_lock\u0027s critical\nsection and taking it before a block_group\u0027s lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52668",
"url": "https://www.suse.com/security/cve/CVE-2023-52668"
},
{
"category": "external",
"summary": "SUSE Bug 1224690 for CVE-2023-52668",
"url": "https://bugzilla.suse.com/1224690"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2023-52668"
},
{
"cve": "CVE-2023-52688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix the error handler of rfkill config\n\nWhen the core rfkill config throws error, it should free the\nallocated resources. Currently it is not freeing the core pdev\ncreate resources. Avoid this issue by calling the core pdev\ndestroy in the error handler of core rfkill config.\n\nFound this issue in the code review and it is compile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52688",
"url": "https://www.suse.com/security/cve/CVE-2023-52688"
},
{
"category": "external",
"summary": "SUSE Bug 1224631 for CVE-2023-52688",
"url": "https://bugzilla.suse.com/1224631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2023-52688"
},
{
"cve": "CVE-2023-52859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52859"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: hisi: Fix use-after-free when register pmu fails\n\nWhen we fail to register the uncore pmu, the pmu context may not been\nallocated. The error handing will call cpuhp_state_remove_instance()\nto call uncore pmu offline callback, which migrate the pmu context.\nSince that\u0027s liable to lead to some kind of use-after-free.\n\nUse cpuhp_state_remove_instance_nocalls() instead of\ncpuhp_state_remove_instance() so that the notifiers don\u0027t execute after\nthe PMU device has been failed to register.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52859",
"url": "https://www.suse.com/security/cve/CVE-2023-52859"
},
{
"category": "external",
"summary": "SUSE Bug 1225582 for CVE-2023-52859",
"url": "https://bugzilla.suse.com/1225582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2023-52859"
},
{
"cve": "CVE-2023-52885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix UAF in svc_tcp_listen_data_ready()\n\nAfter the listener svc_sock is freed, and before invoking svc_tcp_accept()\nfor the established child sock, there is a window that the newsock\nretaining a freed listener svc_sock in sk_user_data which cloning from\nparent. In the race window, if data is received on the newsock, we will\nobserve use-after-free report in svc_tcp_listen_data_ready().\n\nReproduce by two tasks:\n\n1. while :; do rpc.nfsd 0 ; rpc.nfsd; done\n2. while :; do echo \"\" | ncat -4 127.0.0.1 2049 ; done\n\nKASAN report:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc]\n Read of size 8 at addr ffff888139d96228 by task nc/102553\n CPU: 7 PID: 102553 Comm: nc Not tainted 6.3.0+ #18\n Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\n Call Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x33/0x50\n print_address_description.constprop.0+0x27/0x310\n print_report+0x3e/0x70\n kasan_report+0xae/0xe0\n svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc]\n tcp_data_queue+0x9f4/0x20e0\n tcp_rcv_established+0x666/0x1f60\n tcp_v4_do_rcv+0x51c/0x850\n tcp_v4_rcv+0x23fc/0x2e80\n ip_protocol_deliver_rcu+0x62/0x300\n ip_local_deliver_finish+0x267/0x350\n ip_local_deliver+0x18b/0x2d0\n ip_rcv+0x2fb/0x370\n __netif_receive_skb_one_core+0x166/0x1b0\n process_backlog+0x24c/0x5e0\n __napi_poll+0xa2/0x500\n net_rx_action+0x854/0xc90\n __do_softirq+0x1bb/0x5de\n do_softirq+0xcb/0x100\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n ...\n \u003c/TASK\u003e\n\n Allocated by task 102371:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n __kasan_kmalloc+0x7b/0x90\n svc_setup_socket+0x52/0x4f0 [sunrpc]\n svc_addsock+0x20d/0x400 [sunrpc]\n __write_ports_addfd+0x209/0x390 [nfsd]\n write_ports+0x239/0x2c0 [nfsd]\n nfsctl_transaction_write+0xac/0x110 [nfsd]\n vfs_write+0x1c3/0xae0\n ksys_write+0xed/0x1c0\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\n Freed by task 102551:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x2a/0x50\n __kasan_slab_free+0x106/0x190\n __kmem_cache_free+0x133/0x270\n svc_xprt_free+0x1e2/0x350 [sunrpc]\n svc_xprt_destroy_all+0x25a/0x440 [sunrpc]\n nfsd_put+0x125/0x240 [nfsd]\n nfsd_svc+0x2cb/0x3c0 [nfsd]\n write_threads+0x1ac/0x2a0 [nfsd]\n nfsctl_transaction_write+0xac/0x110 [nfsd]\n vfs_write+0x1c3/0xae0\n ksys_write+0xed/0x1c0\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nFix the UAF by simply doing nothing in svc_tcp_listen_data_ready()\nif state != TCP_LISTEN, that will avoid dereferencing svsk for all\nchild socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52885",
"url": "https://www.suse.com/security/cve/CVE-2023-52885"
},
{
"category": "external",
"summary": "SUSE Bug 1227750 for CVE-2023-52885",
"url": "https://bugzilla.suse.com/1227750"
},
{
"category": "external",
"summary": "SUSE Bug 1227753 for CVE-2023-52885",
"url": "https://bugzilla.suse.com/1227753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2023-52885"
},
{
"cve": "CVE-2023-52886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Fix race by not overwriting udev-\u003edescriptor in hub_port_init()\n\nSyzbot reported an out-of-bounds read in sysfs.c:read_descriptors():\n\nBUG: KASAN: slab-out-of-bounds in read_descriptors+0x263/0x280 drivers/usb/core/sysfs.c:883\nRead of size 8 at addr ffff88801e78b8c8 by task udevd/5011\n\nCPU: 0 PID: 5011 Comm: udevd Not tainted 6.4.0-rc6-syzkaller-00195-g40f71e7cd3c6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106\n print_address_description.constprop.0+0x2c/0x3c0 mm/kasan/report.c:351\n print_report mm/kasan/report.c:462 [inline]\n kasan_report+0x11c/0x130 mm/kasan/report.c:572\n read_descriptors+0x263/0x280 drivers/usb/core/sysfs.c:883\n...\nAllocated by task 758:\n...\n __do_kmalloc_node mm/slab_common.c:966 [inline]\n __kmalloc+0x5e/0x190 mm/slab_common.c:979\n kmalloc include/linux/slab.h:563 [inline]\n kzalloc include/linux/slab.h:680 [inline]\n usb_get_configuration+0x1f7/0x5170 drivers/usb/core/config.c:887\n usb_enumerate_device drivers/usb/core/hub.c:2407 [inline]\n usb_new_device+0x12b0/0x19d0 drivers/usb/core/hub.c:2545\n\nAs analyzed by Khazhy Kumykov, the cause of this bug is a race between\nread_descriptors() and hub_port_init(): The first routine uses a field\nin udev-\u003edescriptor, not expecting it to change, while the second\noverwrites it.\n\nPrior to commit 45bf39f8df7f (\"USB: core: Don\u0027t hold device lock while\nreading the \"descriptors\" sysfs file\") this race couldn\u0027t occur,\nbecause the routines were mutually exclusive thanks to the device\nlocking. Removing that locking from read_descriptors() exposed it to\nthe race.\n\nThe best way to fix the bug is to keep hub_port_init() from changing\nudev-\u003edescriptor once udev has been initialized and registered.\nDrivers expect the descriptors stored in the kernel to be immutable;\nwe should not undermine this expectation. In fact, this change should\nhave been made long ago.\n\nSo now hub_port_init() will take an additional argument, specifying a\nbuffer in which to store the device descriptor it reads. (If udev has\nnot yet been initialized, the buffer pointer will be NULL and then\nhub_port_init() will store the device descriptor in udev as before.)\nThis eliminates the data race responsible for the out-of-bounds read.\n\nThe changes to hub_port_init() appear more extensive than they really\nare, because of indentation changes resulting from an attempt to avoid\nwriting to other parts of the usb_device structure after it has been\ninitialized. Similar changes should be made to the code that reads\nthe BOS descriptor, but that can be handled in a separate patch later\non. This patch is sufficient to fix the bug found by syzbot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52886",
"url": "https://www.suse.com/security/cve/CVE-2023-52886"
},
{
"category": "external",
"summary": "SUSE Bug 1227981 for CVE-2023-52886",
"url": "https://bugzilla.suse.com/1227981"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2023-52886"
},
{
"cve": "CVE-2023-52887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52887"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new\n\nThis patch enhances error handling in scenarios with RTS (Request to\nSend) messages arriving closely. It replaces the less informative WARN_ON_ONCE\nbacktraces with a new error handling method. This provides clearer error\nmessages and allows for the early termination of problematic sessions.\nPreviously, sessions were only released at the end of j1939_xtp_rx_rts().\n\nPotentially this could be reproduced with something like:\ntestj1939 -r vcan0:0x80 \u0026\nwhile true; do\n\t# send first RTS\n\tcansend vcan0 18EC8090#1014000303002301;\n\t# send second RTS\n\tcansend vcan0 18EC8090#1014000303002301;\n\t# send abort\n\tcansend vcan0 18EC8090#ff00000000002301;\ndone",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52887",
"url": "https://www.suse.com/security/cve/CVE-2023-52887"
},
{
"category": "external",
"summary": "SUSE Bug 1228426 for CVE-2023-52887",
"url": "https://bugzilla.suse.com/1228426"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2023-52887"
},
{
"cve": "CVE-2023-52889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix null pointer deref when receiving skb during sock creation\n\nThe panic below is observed when receiving ICMP packets with secmark set\nwhile an ICMP raw socket is being created. SK_CTX(sk)-\u003elabel is updated\nin apparmor_socket_post_create(), but the packet is delivered to the\nsocket before that, causing the null pointer dereference.\nDrop the packet if label context is not set.\n\n BUG: kernel NULL pointer dereference, address: 000000000000004c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df\n Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020\n RIP: 0010:aa_label_next_confined+0xb/0x40\n Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 \u003c8b\u003e 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2\n RSP: 0018:ffffa92940003b08 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e\n RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002\n R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400\n R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000\n FS: 00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? exc_page_fault+0x7f/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? aa_label_next_confined+0xb/0x40\n apparmor_secmark_check+0xec/0x330\n security_sock_rcv_skb+0x35/0x50\n sk_filter_trim_cap+0x47/0x250\n sock_queue_rcv_skb_reason+0x20/0x60\n raw_rcv+0x13c/0x210\n raw_local_deliver+0x1f3/0x250\n ip_protocol_deliver_rcu+0x4f/0x2f0\n ip_local_deliver_finish+0x76/0xa0\n __netif_receive_skb_one_core+0x89/0xa0\n netif_receive_skb+0x119/0x170\n ? __netdev_alloc_skb+0x3d/0x140\n vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n __napi_poll+0x28/0x1b0\n net_rx_action+0x2a4/0x380\n __do_softirq+0xd1/0x2c8\n __irq_exit_rcu+0xbb/0xf0\n common_interrupt+0x86/0xa0\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_common_interrupt+0x26/0x40\n RIP: 0010:apparmor_socket_post_create+0xb/0x200\n Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 \u003c55\u003e 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48\n RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286\n RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001\n RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740\n RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\n R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003\n R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748\n ? __pfx_apparmor_socket_post_create+0x10/0x10\n security_socket_post_create+0x4b/0x80\n __sock_create+0x176/0x1f0\n __sys_socket+0x89/0x100\n __x64_sys_socket+0x17/0x20\n do_syscall_64+0x5d/0x90\n ? do_syscall_64+0x6c/0x90\n ? do_syscall_64+0x6c/0x90\n ? do_syscall_64+0x6c/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52889",
"url": "https://www.suse.com/security/cve/CVE-2023-52889"
},
{
"category": "external",
"summary": "SUSE Bug 1229287 for CVE-2023-52889",
"url": "https://bugzilla.suse.com/1229287"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2023-52889"
},
{
"cve": "CVE-2024-26590",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26590"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix inconsistent per-file compression format\n\nEROFS can select compression algorithms on a per-file basis, and each\nper-file compression algorithm needs to be marked in the on-disk\nsuperblock for initialization.\n\nHowever, syzkaller can generate inconsistent crafted images that use\nan unsupported algorithmtype for specific inodes, e.g. use MicroLZMA\nalgorithmtype even it\u0027s not set in `sbi-\u003eavailable_compr_algs`. This\ncan lead to an unexpected \"BUG: kernel NULL pointer dereference\" if\nthe corresponding decompressor isn\u0027t built-in.\n\nFix this by checking against `sbi-\u003eavailable_compr_algs` for each\nm_algorithmformat request. Incorrect !erofs_sb_has_compr_cfgs preset\nbitmap is now fixed together since it was harmless previously.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26590",
"url": "https://www.suse.com/security/cve/CVE-2024-26590"
},
{
"category": "external",
"summary": "SUSE Bug 1220252 for CVE-2024-26590",
"url": "https://bugzilla.suse.com/1220252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-26590"
},
{
"cve": "CVE-2024-26631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work\n\nidev-\u003emc_ifc_count can be written over without proper locking.\n\nOriginally found by syzbot [1], fix this issue by encapsulating calls\nto mld_ifc_stop_work() (and mld_gq_stop_work() for good measure) with\nmutex_lock() and mutex_unlock() accordingly as these functions\nshould only be called with mc_lock per their declarations.\n\n[1]\nBUG: KCSAN: data-race in ipv6_mc_down / mld_ifc_work\n\nwrite to 0xffff88813a80c832 of 1 bytes by task 3771 on cpu 0:\n mld_ifc_stop_work net/ipv6/mcast.c:1080 [inline]\n ipv6_mc_down+0x10a/0x280 net/ipv6/mcast.c:2725\n addrconf_ifdown+0xe32/0xf10 net/ipv6/addrconf.c:3949\n addrconf_notify+0x310/0x980\n notifier_call_chain kernel/notifier.c:93 [inline]\n raw_notifier_call_chain+0x6b/0x1c0 kernel/notifier.c:461\n __dev_notify_flags+0x205/0x3d0\n dev_change_flags+0xab/0xd0 net/core/dev.c:8685\n do_setlink+0x9f6/0x2430 net/core/rtnetlink.c:2916\n rtnl_group_changelink net/core/rtnetlink.c:3458 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3717 [inline]\n rtnl_newlink+0xbb3/0x1670 net/core/rtnetlink.c:3754\n rtnetlink_rcv_msg+0x807/0x8c0 net/core/rtnetlink.c:6558\n netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2545\n rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6576\n netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]\n netlink_unicast+0x589/0x650 net/netlink/af_netlink.c:1368\n netlink_sendmsg+0x66e/0x770 net/netlink/af_netlink.c:1910\n ...\n\nwrite to 0xffff88813a80c832 of 1 bytes by task 22 on cpu 1:\n mld_ifc_work+0x54c/0x7b0 net/ipv6/mcast.c:2653\n process_one_work kernel/workqueue.c:2627 [inline]\n process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2700\n worker_thread+0x525/0x730 kernel/workqueue.c:2781\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26631",
"url": "https://www.suse.com/security/cve/CVE-2024-26631"
},
{
"category": "external",
"summary": "SUSE Bug 1221630 for CVE-2024-26631",
"url": "https://bugzilla.suse.com/1221630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-26631"
},
{
"cve": "CVE-2024-26637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26637"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: rely on mac80211 debugfs handling for vif\n\nmac80211 started to delete debugfs entries in certain cases, causing a\nath11k to crash when it tried to delete the entries later. Fix this by\nrelying on mac80211 to delete the entries when appropriate and adding\nthem from the vif_add_debugfs handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26637",
"url": "https://www.suse.com/security/cve/CVE-2024-26637"
},
{
"category": "external",
"summary": "SUSE Bug 1221652 for CVE-2024-26637",
"url": "https://bugzilla.suse.com/1221652"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-26637"
},
{
"cve": "CVE-2024-26668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_limit: reject configurations that cause integer overflow\n\nReject bogus configs where internal token counter wraps around.\nThis only occurs with very very large requests, such as 17gbyte/s.\n\nIts better to reject this rather than having incorrect ratelimit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26668",
"url": "https://www.suse.com/security/cve/CVE-2024-26668"
},
{
"category": "external",
"summary": "SUSE Bug 1222335 for CVE-2024-26668",
"url": "https://bugzilla.suse.com/1222335"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-26668"
},
{
"cve": "CVE-2024-26669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26669"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: flower: Fix chain template offload\n\nWhen a qdisc is deleted from a net device the stack instructs the\nunderlying driver to remove its flow offload callback from the\nassociated filter block using the \u0027FLOW_BLOCK_UNBIND\u0027 command. The stack\nthen continues to replay the removal of the filters in the block for\nthis driver by iterating over the chains in the block and invoking the\n\u0027reoffload\u0027 operation of the classifier being used. In turn, the\nclassifier in its \u0027reoffload\u0027 operation prepares and emits a\n\u0027FLOW_CLS_DESTROY\u0027 command for each filter.\n\nHowever, the stack does not do the same for chain templates and the\nunderlying driver never receives a \u0027FLOW_CLS_TMPLT_DESTROY\u0027 command when\na qdisc is deleted. This results in a memory leak [1] which can be\nreproduced using [2].\n\nFix by introducing a \u0027tmplt_reoffload\u0027 operation and have the stack\ninvoke it with the appropriate arguments as part of the replay.\nImplement the operation in the sole classifier that supports chain\ntemplates (flower) by emitting the \u0027FLOW_CLS_TMPLT_{CREATE,DESTROY}\u0027\ncommand based on whether a flow offload callback is being bound to a\nfilter block or being unbound from one.\n\nAs far as I can tell, the issue happens since cited commit which\nreordered tcf_block_offload_unbind() before tcf_block_flush_all_chains()\nin __tcf_block_put(). The order cannot be reversed as the filter block\nis expected to be freed after flushing all the chains.\n\n[1]\nunreferenced object 0xffff888107e28800 (size 2048):\n comm \"tc\", pid 1079, jiffies 4294958525 (age 3074.287s)\n hex dump (first 32 bytes):\n b1 a6 7c 11 81 88 ff ff e0 5b b3 10 81 88 ff ff ..|......[......\n 01 00 00 00 00 00 00 00 e0 aa b0 84 ff ff ff ff ................\n backtrace:\n [\u003cffffffff81c06a68\u003e] __kmem_cache_alloc_node+0x1e8/0x320\n [\u003cffffffff81ab374e\u003e] __kmalloc+0x4e/0x90\n [\u003cffffffff832aec6d\u003e] mlxsw_sp_acl_ruleset_get+0x34d/0x7a0\n [\u003cffffffff832bc195\u003e] mlxsw_sp_flower_tmplt_create+0x145/0x180\n [\u003cffffffff832b2e1a\u003e] mlxsw_sp_flow_block_cb+0x1ea/0x280\n [\u003cffffffff83a10613\u003e] tc_setup_cb_call+0x183/0x340\n [\u003cffffffff83a9f85a\u003e] fl_tmplt_create+0x3da/0x4c0\n [\u003cffffffff83a22435\u003e] tc_ctl_chain+0xa15/0x1170\n [\u003cffffffff838a863c\u003e] rtnetlink_rcv_msg+0x3cc/0xed0\n [\u003cffffffff83ac87f0\u003e] netlink_rcv_skb+0x170/0x440\n [\u003cffffffff83ac6270\u003e] netlink_unicast+0x540/0x820\n [\u003cffffffff83ac6e28\u003e] netlink_sendmsg+0x8d8/0xda0\n [\u003cffffffff83793def\u003e] ____sys_sendmsg+0x30f/0xa80\n [\u003cffffffff8379d29a\u003e] ___sys_sendmsg+0x13a/0x1e0\n [\u003cffffffff8379d50c\u003e] __sys_sendmsg+0x11c/0x1f0\n [\u003cffffffff843b9ce0\u003e] do_syscall_64+0x40/0xe0\nunreferenced object 0xffff88816d2c0400 (size 1024):\n comm \"tc\", pid 1079, jiffies 4294958525 (age 3074.287s)\n hex dump (first 32 bytes):\n 40 00 00 00 00 00 00 00 57 f6 38 be 00 00 00 00 @.......W.8.....\n 10 04 2c 6d 81 88 ff ff 10 04 2c 6d 81 88 ff ff ..,m......,m....\n backtrace:\n [\u003cffffffff81c06a68\u003e] __kmem_cache_alloc_node+0x1e8/0x320\n [\u003cffffffff81ab36c1\u003e] __kmalloc_node+0x51/0x90\n [\u003cffffffff81a8ed96\u003e] kvmalloc_node+0xa6/0x1f0\n [\u003cffffffff82827d03\u003e] bucket_table_alloc.isra.0+0x83/0x460\n [\u003cffffffff82828d2b\u003e] rhashtable_init+0x43b/0x7c0\n [\u003cffffffff832aed48\u003e] mlxsw_sp_acl_ruleset_get+0x428/0x7a0\n [\u003cffffffff832bc195\u003e] mlxsw_sp_flower_tmplt_create+0x145/0x180\n [\u003cffffffff832b2e1a\u003e] mlxsw_sp_flow_block_cb+0x1ea/0x280\n [\u003cffffffff83a10613\u003e] tc_setup_cb_call+0x183/0x340\n [\u003cffffffff83a9f85a\u003e] fl_tmplt_create+0x3da/0x4c0\n [\u003cffffffff83a22435\u003e] tc_ctl_chain+0xa15/0x1170\n [\u003cffffffff838a863c\u003e] rtnetlink_rcv_msg+0x3cc/0xed0\n [\u003cffffffff83ac87f0\u003e] netlink_rcv_skb+0x170/0x440\n [\u003cffffffff83ac6270\u003e] netlink_unicast+0x540/0x820\n [\u003cffffffff83ac6e28\u003e] netlink_sendmsg+0x8d8/0xda0\n [\u003cffffffff83793def\u003e] ____sys_sendmsg+0x30f/0xa80\n\n[2]\n # tc qdisc add dev swp1 clsact\n # tc chain add dev swp1 ingress proto ip chain 1 flower dst_ip 0.0.0.0/32\n # tc qdisc del dev\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26669",
"url": "https://www.suse.com/security/cve/CVE-2024-26669"
},
{
"category": "external",
"summary": "SUSE Bug 1222350 for CVE-2024-26669",
"url": "https://bugzilla.suse.com/1222350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-26669"
},
{
"cve": "CVE-2024-26677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26677"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix delayed ACKs to not set the reference serial number\n\nFix the construction of delayed ACKs to not set the reference serial number\nas they can\u0027t be used as an RTT reference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26677",
"url": "https://www.suse.com/security/cve/CVE-2024-26677"
},
{
"category": "external",
"summary": "SUSE Bug 1222387 for CVE-2024-26677",
"url": "https://bugzilla.suse.com/1222387"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-26677"
},
{
"cve": "CVE-2024-26682",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26682"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: improve CSA/ECSA connection refusal\n\nAs mentioned in the previous commit, we pretty quickly found\nthat some APs have ECSA elements stuck in their probe response,\nso using that to not attempt to connect while CSA is happening\nwe never connect to such an AP.\n\nImprove this situation by checking more carefully and ignoring\nthe ECSA if cfg80211 has previously detected the ECSA element\nbeing stuck in the probe response.\n\nAdditionally, allow connecting to an AP that\u0027s switching to a\nchannel it\u0027s already using, unless it\u0027s using quiet mode. In\nthis case, we may just have to adjust bandwidth later. If it\u0027s\nactually switching channels, it\u0027s better not to try to connect\nin the middle of that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26682",
"url": "https://www.suse.com/security/cve/CVE-2024-26682"
},
{
"category": "external",
"summary": "SUSE Bug 1222433 for CVE-2024-26682",
"url": "https://bugzilla.suse.com/1222433"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-26682"
},
{
"cve": "CVE-2024-26683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: detect stuck ECSA element in probe resp\n\nWe recently added some validation that we don\u0027t try to\nconnect to an AP that is currently in a channel switch\nprocess, since that might want the channel to be quiet\nor we might not be able to connect in time to hear the\nswitching in a beacon. This was in commit c09c4f31998b\n(\"wifi: mac80211: don\u0027t connect to an AP while it\u0027s in\na CSA process\").\n\nHowever, we promptly got a report that this caused new\nconnection failures, and it turns out that the AP that\nwe now cannot connect to is permanently advertising an\nextended channel switch announcement, even with quiet.\nThe AP in question was an Asus RT-AC53, with firmware\n3.0.0.4.380_10760-g21a5898.\n\nAs a first step, attempt to detect that we\u0027re dealing\nwith such a situation, so mac80211 can use this later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26683",
"url": "https://www.suse.com/security/cve/CVE-2024-26683"
},
{
"category": "external",
"summary": "SUSE Bug 1222434 for CVE-2024-26683",
"url": "https://bugzilla.suse.com/1222434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-26683"
},
{
"cve": "CVE-2024-26735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix possible use-after-free and null-ptr-deref\n\nThe pernet operations structure for the subsystem must be registered\nbefore registering the generic netlink family.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26735",
"url": "https://www.suse.com/security/cve/CVE-2024-26735"
},
{
"category": "external",
"summary": "SUSE Bug 1222372 for CVE-2024-26735",
"url": "https://bugzilla.suse.com/1222372"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-26735"
},
{
"cve": "CVE-2024-26808",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26808"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain\n\nRemove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER\nevent is reported, otherwise a stale reference to netdevice remains in\nthe hook list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26808",
"url": "https://www.suse.com/security/cve/CVE-2024-26808"
},
{
"category": "external",
"summary": "SUSE Bug 1222634 for CVE-2024-26808",
"url": "https://bugzilla.suse.com/1222634"
},
{
"category": "external",
"summary": "SUSE Bug 1245772 for CVE-2024-26808",
"url": "https://bugzilla.suse.com/1245772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-26808"
},
{
"cve": "CVE-2024-26809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26809"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: release elements in clone only from destroy path\n\nClone already always provides a current view of the lookup table, use it\nto destroy the set, otherwise it is possible to destroy elements twice.\n\nThis fix requires:\n\n 212ed75dc5fb (\"netfilter: nf_tables: integrate pipapo into commit protocol\")\n\nwhich came after:\n\n 9827a0e6e23b (\"netfilter: nft_set_pipapo: release elements in clone from abort path\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26809",
"url": "https://www.suse.com/security/cve/CVE-2024-26809"
},
{
"category": "external",
"summary": "SUSE Bug 1222633 for CVE-2024-26809",
"url": "https://bugzilla.suse.com/1222633"
},
{
"category": "external",
"summary": "SUSE Bug 1245771 for CVE-2024-26809",
"url": "https://bugzilla.suse.com/1245771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-26809"
},
{
"cve": "CVE-2024-26812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26812"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Create persistent INTx handler\n\nA vulnerability exists where the eventfd for INTx signaling can be\ndeconfigured, which unregisters the IRQ handler but still allows\neventfds to be signaled with a NULL context through the SET_IRQS ioctl\nor through unmask irqfd if the device interrupt is pending.\n\nIdeally this could be solved with some additional locking; the igate\nmutex serializes the ioctl and config space accesses, and the interrupt\nhandler is unregistered relative to the trigger, but the irqfd path\nruns asynchronous to those. The igate mutex cannot be acquired from the\natomic context of the eventfd wake function. Disabling the irqfd\nrelative to the eventfd registration is potentially incompatible with\nexisting userspace.\n\nAs a result, the solution implemented here moves configuration of the\nINTx interrupt handler to track the lifetime of the INTx context object\nand irq_type configuration, rather than registration of a particular\ntrigger eventfd. Synchronization is added between the ioctl path and\neventfd_signal() wrapper such that the eventfd trigger can be\ndynamically updated relative to in-flight interrupts or irqfd callbacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26812",
"url": "https://www.suse.com/security/cve/CVE-2024-26812"
},
{
"category": "external",
"summary": "SUSE Bug 1222808 for CVE-2024-26812",
"url": "https://bugzilla.suse.com/1222808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-26812"
},
{
"cve": "CVE-2024-26835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: set dormant flag on hook register failure\n\nWe need to set the dormant flag again if we fail to register\nthe hooks.\n\nDuring memory pressure hook registration can fail and we end up\nwith a table marked as active but no registered hooks.\n\nOn table/base chain deletion, nf_tables will attempt to unregister\nthe hook again which yields a warn splat from the nftables core.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26835",
"url": "https://www.suse.com/security/cve/CVE-2024-26835"
},
{
"category": "external",
"summary": "SUSE Bug 1222967 for CVE-2024-26835",
"url": "https://bugzilla.suse.com/1222967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "low"
}
],
"title": "CVE-2024-26835"
},
{
"cve": "CVE-2024-26837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26837"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: switchdev: Skip MDB replays of deferred events on offload\n\nBefore this change, generation of the list of MDB events to replay\nwould race against the creation of new group memberships, either from\nthe IGMP/MLD snooping logic or from user configuration.\n\nWhile new memberships are immediately visible to walkers of\nbr-\u003emdb_list, the notification of their existence to switchdev event\nsubscribers is deferred until a later point in time. So if a replay\nlist was generated during a time that overlapped with such a window,\nit would also contain a replay of the not-yet-delivered event.\n\nThe driver would thus receive two copies of what the bridge internally\nconsidered to be one single event. On destruction of the bridge, only\na single membership deletion event was therefore sent. As a\nconsequence of this, drivers which reference count memberships (at\nleast DSA), would be left with orphan groups in their hardware\ndatabase when the bridge was destroyed.\n\nThis is only an issue when replaying additions. While deletion events\nmay still be pending on the deferred queue, they will already have\nbeen removed from br-\u003emdb_list, so no duplicates can be generated in\nthat scenario.\n\nTo a user this meant that old group memberships, from a bridge in\nwhich a port was previously attached, could be reanimated (in\nhardware) when the port joined a new bridge, without the new bridge\u0027s\nknowledge.\n\nFor example, on an mv88e6xxx system, create a snooping bridge and\nimmediately add a port to it:\n\n root@infix-06-0b-00:~$ ip link add dev br0 up type bridge mcast_snooping 1 \u0026\u0026 \\\n \u003e ip link set dev x3 up master br0\n\nAnd then destroy the bridge:\n\n root@infix-06-0b-00:~$ ip link del dev br0\n root@infix-06-0b-00:~$ mvls atu\n ADDRESS FID STATE Q F 0 1 2 3 4 5 6 7 8 9 a\n DEV:0 Marvell 88E6393X\n 33:33:00:00:00:6a 1 static - - 0 . . . . . . . . . .\n 33:33:ff:87:e4:3f 1 static - - 0 . . . . . . . . . .\n ff:ff:ff:ff:ff:ff 1 static - - 0 1 2 3 4 5 6 7 8 9 a\n root@infix-06-0b-00:~$\n\nThe two IPv6 groups remain in the hardware database because the\nport (x3) is notified of the host\u0027s membership twice: once via the\noriginal event and once via a replay. Since only a single delete\nnotification is sent, the count remains at 1 when the bridge is\ndestroyed.\n\nThen add the same port (or another port belonging to the same hardware\ndomain) to a new bridge, this time with snooping disabled:\n\n root@infix-06-0b-00:~$ ip link add dev br1 up type bridge mcast_snooping 0 \u0026\u0026 \\\n \u003e ip link set dev x3 up master br1\n\nAll multicast, including the two IPv6 groups from br0, should now be\nflooded, according to the policy of br1. But instead the old\nmemberships are still active in the hardware database, causing the\nswitch to only forward traffic to those groups towards the CPU (port\n0).\n\nEliminate the race in two steps:\n\n1. Grab the write-side lock of the MDB while generating the replay\n list.\n\nThis prevents new memberships from showing up while we are generating\nthe replay list. But it leaves the scenario in which a deferred event\nwas already generated, but not delivered, before we grabbed the\nlock. Therefore:\n\n2. Make sure that no deferred version of a replay event is already\n enqueued to the switchdev deferred queue, before adding it to the\n replay list, when replaying additions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26837",
"url": "https://www.suse.com/security/cve/CVE-2024-26837"
},
{
"category": "external",
"summary": "SUSE Bug 1222973 for CVE-2024-26837",
"url": "https://bugzilla.suse.com/1222973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "low"
}
],
"title": "CVE-2024-26837"
},
{
"cve": "CVE-2024-26849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26849"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: add nla be16/32 types to minlen array\n\nBUG: KMSAN: uninit-value in nla_validate_range_unsigned lib/nlattr.c:222 [inline]\nBUG: KMSAN: uninit-value in nla_validate_int_range lib/nlattr.c:336 [inline]\nBUG: KMSAN: uninit-value in validate_nla lib/nlattr.c:575 [inline]\nBUG: KMSAN: uninit-value in __nla_validate_parse+0x2e20/0x45c0 lib/nlattr.c:631\n nla_validate_range_unsigned lib/nlattr.c:222 [inline]\n nla_validate_int_range lib/nlattr.c:336 [inline]\n validate_nla lib/nlattr.c:575 [inline]\n...\n\nThe message in question matches this policy:\n\n [NFTA_TARGET_REV] = NLA_POLICY_MAX(NLA_BE32, 255),\n\nbut because NLA_BE32 size in minlen array is 0, the validation\ncode will read past the malformed (too small) attribute.\n\nNote: Other attributes, e.g. BITFIELD32, SINT, UINT.. are also missing:\nthose likely should be added too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26849",
"url": "https://www.suse.com/security/cve/CVE-2024-26849"
},
{
"category": "external",
"summary": "SUSE Bug 1223053 for CVE-2024-26849",
"url": "https://bugzilla.suse.com/1223053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-26849"
},
{
"cve": "CVE-2024-26851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack_h323: Add protection for bmp length out of range\n\nUBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts\nthat are out of bounds for their data type.\n\nvmlinux get_bitmap(b=75) + 712\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:0\u003e\nvmlinux decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD008037018, level=134443100) + 1956\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:592\u003e\nvmlinux decode_choice(base=0xFFFFFFD0080370F0, level=23843636) + 1216\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:814\u003e\nvmlinux decode_seq(f=0xFFFFFFD0080371A8, level=134443500) + 812\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:576\u003e\nvmlinux decode_choice(base=0xFFFFFFD008037280, level=0) + 1216\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:814\u003e\nvmlinux DecodeRasMessage() + 304\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:833\u003e\nvmlinux ras_help() + 684\n\u003cnet/netfilter/nf_conntrack_h323_main.c:1728\u003e\nvmlinux nf_confirm() + 188\n\u003cnet/netfilter/nf_conntrack_proto.c:137\u003e\n\nDue to abnormal data in skb-\u003edata, the extension bitmap length\nexceeds 32 when decoding ras message then uses the length to make\na shift operation. It will change into negative after several loop.\nUBSAN load could detect a negative shift as an undefined behaviour\nand reports exception.\nSo we add the protection to avoid the length exceeding 32. Or else\nit will return out of range error and stop decoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26851",
"url": "https://www.suse.com/security/cve/CVE-2024-26851"
},
{
"category": "external",
"summary": "SUSE Bug 1223074 for CVE-2024-26851",
"url": "https://bugzilla.suse.com/1223074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-26851"
},
{
"cve": "CVE-2024-26976",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26976"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Always flush async #PF workqueue when vCPU is being destroyed\n\nAlways flush the per-vCPU async #PF workqueue when a vCPU is clearing its\ncompletion queue, e.g. when a VM and all its vCPUs is being destroyed.\nKVM must ensure that none of its workqueue callbacks is running when the\nlast reference to the KVM _module_ is put. Gifting a reference to the\nassociated VM prevents the workqueue callback from dereferencing freed\nvCPU/VM memory, but does not prevent the KVM module from being unloaded\nbefore the callback completes.\n\nDrop the misguided VM refcount gifting, as calling kvm_put_kvm() from\nasync_pf_execute() if kvm_put_kvm() flushes the async #PF workqueue will\nresult in deadlock. async_pf_execute() can\u0027t return until kvm_put_kvm()\nfinishes, and kvm_put_kvm() can\u0027t return until async_pf_execute() finishes:\n\n WARNING: CPU: 8 PID: 251 at virt/kvm/kvm_main.c:1435 kvm_put_kvm+0x2d/0x320 [kvm]\n Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel kvm irqbypass\n CPU: 8 PID: 251 Comm: kworker/8:1 Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Workqueue: events async_pf_execute [kvm]\n RIP: 0010:kvm_put_kvm+0x2d/0x320 [kvm]\n Call Trace:\n \u003cTASK\u003e\n async_pf_execute+0x198/0x260 [kvm]\n process_one_work+0x145/0x2d0\n worker_thread+0x27e/0x3a0\n kthread+0xba/0xe0\n ret_from_fork+0x2d/0x50\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n INFO: task kworker/8:1:251 blocked for more than 120 seconds.\n Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119\n \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:kworker/8:1 state:D stack:0 pid:251 ppid:2 flags:0x00004000\n Workqueue: events async_pf_execute [kvm]\n Call Trace:\n \u003cTASK\u003e\n __schedule+0x33f/0xa40\n schedule+0x53/0xc0\n schedule_timeout+0x12a/0x140\n __wait_for_common+0x8d/0x1d0\n __flush_work.isra.0+0x19f/0x2c0\n kvm_clear_async_pf_completion_queue+0x129/0x190 [kvm]\n kvm_arch_destroy_vm+0x78/0x1b0 [kvm]\n kvm_put_kvm+0x1c1/0x320 [kvm]\n async_pf_execute+0x198/0x260 [kvm]\n process_one_work+0x145/0x2d0\n worker_thread+0x27e/0x3a0\n kthread+0xba/0xe0\n ret_from_fork+0x2d/0x50\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nIf kvm_clear_async_pf_completion_queue() actually flushes the workqueue,\nthen there\u0027s no need to gift async_pf_execute() a reference because all\ninvocations of async_pf_execute() will be forced to complete before the\nvCPU and its VM are destroyed/freed. And that in turn fixes the module\nunloading bug as __fput() won\u0027t do module_put() on the last vCPU reference\nuntil the vCPU has been freed, e.g. if closing the vCPU file also puts the\nlast reference to the KVM module.\n\nNote that kvm_check_async_pf_completion() may also take the work item off\nthe completion queue and so also needs to flush the work queue, as the\nwork will not be seen by kvm_clear_async_pf_completion_queue(). Waiting\non the workqueue could theoretically delay a vCPU due to waiting for the\nwork to complete, but that\u0027s a very, very small chance, and likely a very\nsmall delay. kvm_arch_async_page_present_queued() unconditionally makes a\nnew request, i.e. will effectively delay entering the guest, so the\nremaining work is really just:\n\n trace_kvm_async_pf_completed(addr, cr2_or_gpa);\n\n __kvm_vcpu_wake_up(vcpu);\n\n mmput(mm);\n\nand mmput() can\u0027t drop the last reference to the page tables if the vCPU is\nstill alive, i.e. the vCPU won\u0027t get stuck tearing down page tables.\n\nAdd a helper to do the flushing, specifically to deal with \"wakeup all\"\nwork items, as they aren\u0027t actually work items, i.e. are never placed in a\nworkqueue. Trying to flush a bogus workqueue entry rightly makes\n__flush_work() complain (kudos to whoever added that sanity check).\n\nNote, commit 5f6de5cbebee (\"KVM: Prevent module exit until al\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26976",
"url": "https://www.suse.com/security/cve/CVE-2024-26976"
},
{
"category": "external",
"summary": "SUSE Bug 1223635 for CVE-2024-26976",
"url": "https://bugzilla.suse.com/1223635"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-26976"
},
{
"cve": "CVE-2024-27010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Fix mirred deadlock on device recursion\n\nWhen the mirred action is used on a classful egress qdisc and a packet is\nmirrored or redirected to self we hit a qdisc lock deadlock.\nSee trace below.\n\n[..... other info removed for brevity....]\n[ 82.890906]\n[ 82.890906] ============================================\n[ 82.890906] WARNING: possible recursive locking detected\n[ 82.890906] 6.8.0-05205-g77fadd89fe2d-dirty #213 Tainted: G W\n[ 82.890906] --------------------------------------------\n[ 82.890906] ping/418 is trying to acquire lock:\n[ 82.890906] ffff888006994110 (\u0026sch-\u003eq.lock){+.-.}-{3:3}, at:\n__dev_queue_xmit+0x1778/0x3550\n[ 82.890906]\n[ 82.890906] but task is already holding lock:\n[ 82.890906] ffff888006994110 (\u0026sch-\u003eq.lock){+.-.}-{3:3}, at:\n__dev_queue_xmit+0x1778/0x3550\n[ 82.890906]\n[ 82.890906] other info that might help us debug this:\n[ 82.890906] Possible unsafe locking scenario:\n[ 82.890906]\n[ 82.890906] CPU0\n[ 82.890906] ----\n[ 82.890906] lock(\u0026sch-\u003eq.lock);\n[ 82.890906] lock(\u0026sch-\u003eq.lock);\n[ 82.890906]\n[ 82.890906] *** DEADLOCK ***\n[ 82.890906]\n[..... other info removed for brevity....]\n\nExample setup (eth0-\u003eeth0) to recreate\ntc qdisc add dev eth0 root handle 1: htb default 30\ntc filter add dev eth0 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth0\n\nAnother example(eth0-\u003eeth1-\u003eeth0) to recreate\ntc qdisc add dev eth0 root handle 1: htb default 30\ntc filter add dev eth0 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth1\n\ntc qdisc add dev eth1 root handle 1: htb default 30\ntc filter add dev eth1 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth0\n\nWe fix this by adding an owner field (CPU id) to struct Qdisc set after\nroot qdisc is entered. When the softirq enters it a second time, if the\nqdisc owner is the same CPU, the packet is dropped to break the loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27010",
"url": "https://www.suse.com/security/cve/CVE-2024-27010"
},
{
"category": "external",
"summary": "SUSE Bug 1223720 for CVE-2024-27010",
"url": "https://bugzilla.suse.com/1223720"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-27010"
},
{
"cve": "CVE-2024-27011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix memleak in map from abort path\n\nThe delete set command does not rely on the transaction object for\nelement removal, therefore, a combination of delete element + delete set\nfrom the abort path could result in restoring twice the refcount of the\nmapping.\n\nCheck for inactive element in the next generation for the delete element\ncommand in the abort path, skip restoring state if next generation bit\nhas been already cleared. This is similar to the activate logic using\nthe set walk iterator.\n\n[ 6170.286929] ------------[ cut here ]------------\n[ 6170.286939] WARNING: CPU: 6 PID: 790302 at net/netfilter/nf_tables_api.c:2086 nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.287071] Modules linked in: [...]\n[ 6170.287633] CPU: 6 PID: 790302 Comm: kworker/6:2 Not tainted 6.9.0-rc3+ #365\n[ 6170.287768] RIP: 0010:nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.287886] Code: df 48 8d 7d 58 e8 69 2e 3b df 48 8b 7d 58 e8 80 1b 37 df 48 8d 7d 68 e8 57 2e 3b df 48 8b 7d 68 e8 6e 1b 37 df 48 89 ef eb c4 \u003c0f\u003e 0b 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 0f\n[ 6170.287895] RSP: 0018:ffff888134b8fd08 EFLAGS: 00010202\n[ 6170.287904] RAX: 0000000000000001 RBX: ffff888125bffb28 RCX: dffffc0000000000\n[ 6170.287912] RDX: 0000000000000003 RSI: ffffffffa20298ab RDI: ffff88811ebe4750\n[ 6170.287919] RBP: ffff88811ebe4700 R08: ffff88838e812650 R09: fffffbfff0623a55\n[ 6170.287926] R10: ffffffff8311d2af R11: 0000000000000001 R12: ffff888125bffb10\n[ 6170.287933] R13: ffff888125bffb10 R14: dead000000000122 R15: dead000000000100\n[ 6170.287940] FS: 0000000000000000(0000) GS:ffff888390b00000(0000) knlGS:0000000000000000\n[ 6170.287948] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 6170.287955] CR2: 00007fd31fc00710 CR3: 0000000133f60004 CR4: 00000000001706f0\n[ 6170.287962] Call Trace:\n[ 6170.287967] \u003cTASK\u003e\n[ 6170.287973] ? __warn+0x9f/0x1a0\n[ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288092] ? report_bug+0x1b1/0x1e0\n[ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288092] ? report_bug+0x1b1/0x1e0\n[ 6170.288104] ? handle_bug+0x3c/0x70\n[ 6170.288112] ? exc_invalid_op+0x17/0x40\n[ 6170.288120] ? asm_exc_invalid_op+0x1a/0x20\n[ 6170.288132] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables]\n[ 6170.288243] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288366] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables]\n[ 6170.288483] nf_tables_trans_destroy_work+0x588/0x590 [nf_tables]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27011",
"url": "https://www.suse.com/security/cve/CVE-2024-27011"
},
{
"category": "external",
"summary": "SUSE Bug 1223803 for CVE-2024-27011",
"url": "https://bugzilla.suse.com/1223803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-27011"
},
{
"cve": "CVE-2024-27024",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27024"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: fix WARNING in rds_conn_connect_if_down\n\nIf connection isn\u0027t established yet, get_mr() will fail, trigger connection after\nget_mr().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27024",
"url": "https://www.suse.com/security/cve/CVE-2024-27024"
},
{
"category": "external",
"summary": "SUSE Bug 1223777 for CVE-2024-27024",
"url": "https://bugzilla.suse.com/1223777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-27024"
},
{
"cve": "CVE-2024-27049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925e: fix use-after-free in free_irq()\n\nFrom commit a304e1b82808 (\"[PATCH] Debug shared irqs\"), there is a test\nto make sure the shared irq handler should be able to handle the unexpected\nevent after deregistration. For this case, let\u0027s apply MT76_REMOVED flag to\nindicate the device was removed and do not run into the resource access\nanymore.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27049",
"url": "https://www.suse.com/security/cve/CVE-2024-27049"
},
{
"category": "external",
"summary": "SUSE Bug 1223763 for CVE-2024-27049",
"url": "https://bugzilla.suse.com/1223763"
},
{
"category": "external",
"summary": "SUSE Bug 1231063 for CVE-2024-27049",
"url": "https://bugzilla.suse.com/1231063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-27049"
},
{
"cve": "CVE-2024-27050",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27050"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibbpf: Use OPTS_SET() macro in bpf_xdp_query()\n\nWhen the feature_flags and xdp_zc_max_segs fields were added to the libbpf\nbpf_xdp_query_opts, the code writing them did not use the OPTS_SET() macro.\nThis causes libbpf to write to those fields unconditionally, which means\nthat programs compiled against an older version of libbpf (with a smaller\nsize of the bpf_xdp_query_opts struct) will have its stack corrupted by\nlibbpf writing out of bounds.\n\nThe patch adding the feature_flags field has an early bail out if the\nfeature_flags field is not part of the opts struct (via the OPTS_HAS)\nmacro, but the patch adding xdp_zc_max_segs does not. For consistency, this\nfix just changes the assignments to both fields to use the OPTS_SET()\nmacro.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27050",
"url": "https://www.suse.com/security/cve/CVE-2024-27050"
},
{
"category": "external",
"summary": "SUSE Bug 1223767 for CVE-2024-27050",
"url": "https://bugzilla.suse.com/1223767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-27050"
},
{
"cve": "CVE-2024-27079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix NULL domain on device release\n\nIn the kdump kernel, the IOMMU operates in deferred_attach mode. In this\nmode, info-\u003edomain may not yet be assigned by the time the release_device\nfunction is called. It leads to the following crash in the crash kernel:\n\n BUG: kernel NULL pointer dereference, address: 000000000000003c\n ...\n RIP: 0010:do_raw_spin_lock+0xa/0xa0\n ...\n _raw_spin_lock_irqsave+0x1b/0x30\n intel_iommu_release_device+0x96/0x170\n iommu_deinit_device+0x39/0xf0\n __iommu_group_remove_device+0xa0/0xd0\n iommu_bus_notifier+0x55/0xb0\n notifier_call_chain+0x5a/0xd0\n blocking_notifier_call_chain+0x41/0x60\n bus_notify+0x34/0x50\n device_del+0x269/0x3d0\n pci_remove_bus_device+0x77/0x100\n p2sb_bar+0xae/0x1d0\n ...\n i801_probe+0x423/0x740\n\nUse the release_domain mechanism to fix it. The scalable mode context\nentry which is not part of release domain should be cleared in\nrelease_device().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27079",
"url": "https://www.suse.com/security/cve/CVE-2024-27079"
},
{
"category": "external",
"summary": "SUSE Bug 1223742 for CVE-2024-27079",
"url": "https://bugzilla.suse.com/1223742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-27079"
},
{
"cve": "CVE-2024-27403",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27403"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_flow_offload: reset dst in route object after setting up flow\n\ndst is transferred to the flow object, route object does not own it\nanymore. Reset dst in route object, otherwise if flow_offload_add()\nfails, error path releases dst twice, leading to a refcount underflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27403",
"url": "https://www.suse.com/security/cve/CVE-2024-27403"
},
{
"category": "external",
"summary": "SUSE Bug 1224415 for CVE-2024-27403",
"url": "https://bugzilla.suse.com/1224415"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-27403"
},
{
"cve": "CVE-2024-27433",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27433"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe()\n\n\u0027clk_data\u0027 is allocated with mtk_devm_alloc_clk_data(). So calling\nmtk_free_clk_data() explicitly in the remove function would lead to a\ndouble-free.\n\nRemove the redundant call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27433",
"url": "https://www.suse.com/security/cve/CVE-2024-27433"
},
{
"category": "external",
"summary": "SUSE Bug 1224711 for CVE-2024-27433",
"url": "https://bugzilla.suse.com/1224711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-27433"
},
{
"cve": "CVE-2024-27437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27437"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Disable auto-enable of exclusive INTx IRQ\n\nCurrently for devices requiring masking at the irqchip for INTx, ie.\ndevices without DisINTx support, the IRQ is enabled in request_irq()\nand subsequently disabled as necessary to align with the masked status\nflag. This presents a window where the interrupt could fire between\nthese events, resulting in the IRQ incrementing the disable depth twice.\nThis would be unrecoverable for a user since the masked flag prevents\nnested enables through vfio.\n\nInstead, invert the logic using IRQF_NO_AUTOEN such that exclusive INTx\nis never auto-enabled, then unmask as required.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27437",
"url": "https://www.suse.com/security/cve/CVE-2024-27437"
},
{
"category": "external",
"summary": "SUSE Bug 1222625 for CVE-2024-27437",
"url": "https://bugzilla.suse.com/1222625"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-27437"
},
{
"cve": "CVE-2024-31076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-31076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline\n\nThe absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of\ninterrupt affinity reconfiguration via procfs. Instead, the change is\ndeferred until the next instance of the interrupt being triggered on the\noriginal CPU.\n\nWhen the interrupt next triggers on the original CPU, the new affinity is\nenforced within __irq_move_irq(). A vector is allocated from the new CPU,\nbut the old vector on the original CPU remains and is not immediately\nreclaimed. Instead, apicd-\u003emove_in_progress is flagged, and the reclaiming\nprocess is delayed until the next trigger of the interrupt on the new CPU.\n\nUpon the subsequent triggering of the interrupt on the new CPU,\nirq_complete_move() adds a task to the old CPU\u0027s vector_cleanup list if it\nremains online. Subsequently, the timer on the old CPU iterates over its\nvector_cleanup list, reclaiming old vectors.\n\nHowever, a rare scenario arises if the old CPU is outgoing before the\ninterrupt triggers again on the new CPU.\n\nIn that case irq_force_complete_move() is not invoked on the outgoing CPU\nto reclaim the old apicd-\u003eprev_vector because the interrupt isn\u0027t currently\naffine to the outgoing CPU, and irq_needs_fixup() returns false. Even\nthough __vector_schedule_cleanup() is later called on the new CPU, it\ndoesn\u0027t reclaim apicd-\u003eprev_vector; instead, it simply resets both\napicd-\u003emove_in_progress and apicd-\u003eprev_vector to 0.\n\nAs a result, the vector remains unreclaimed in vector_matrix, leading to a\nCPU vector leak.\n\nTo address this issue, move the invocation of irq_force_complete_move()\nbefore the irq_needs_fixup() call to reclaim apicd-\u003eprev_vector, if the\ninterrupt is currently or used to be affine to the outgoing CPU.\n\nAdditionally, reclaim the vector in __vector_schedule_cleanup() as well,\nfollowing a warning message, although theoretically it should never see\napicd-\u003emove_in_progress with apicd-\u003eprev_cpu pointing to an offline CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-31076",
"url": "https://www.suse.com/security/cve/CVE-2024-31076"
},
{
"category": "external",
"summary": "SUSE Bug 1226765 for CVE-2024-31076",
"url": "https://bugzilla.suse.com/1226765"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-31076"
},
{
"cve": "CVE-2024-35855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update\n\nThe rule activity update delayed work periodically traverses the list of\nconfigured rules and queries their activity from the device.\n\nAs part of this task it accesses the entry pointed by \u0027ventry-\u003eentry\u0027,\nbut this entry can be changed concurrently by the rehash delayed work,\nleading to a use-after-free [1].\n\nFix by closing the race and perform the activity query under the\n\u0027vregion-\u003elock\u0027 mutex.\n\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_acl_tcam_flower_rule_activity_get+0x121/0x140\nRead of size 8 at addr ffff8881054ed808 by task kworker/0:18/181\n\nCPU: 0 PID: 181 Comm: kworker/0:18 Not tainted 6.9.0-rc2-custom-00781-gd5ab772d32f7 #2\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_rule_activity_update_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xc6/0x120\n print_report+0xce/0x670\n kasan_report+0xd7/0x110\n mlxsw_sp_acl_tcam_flower_rule_activity_get+0x121/0x140\n mlxsw_sp_acl_rule_activity_update_work+0x219/0x400\n process_one_work+0x8eb/0x19b0\n worker_thread+0x6c9/0xf70\n kthread+0x2c9/0x3b0\n ret_from_fork+0x4d/0x80\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 1039:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __kmalloc+0x19c/0x360\n mlxsw_sp_acl_tcam_entry_create+0x7b/0x1f0\n mlxsw_sp_acl_tcam_vchunk_migrate_all+0x30d/0xb50\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300\n process_one_work+0x8eb/0x19b0\n worker_thread+0x6c9/0xf70\n kthread+0x2c9/0x3b0\n ret_from_fork+0x4d/0x80\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 1039:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n poison_slab_object+0x102/0x170\n __kasan_slab_free+0x14/0x30\n kfree+0xc1/0x290\n mlxsw_sp_acl_tcam_vchunk_migrate_all+0x3d7/0xb50\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300\n process_one_work+0x8eb/0x19b0\n worker_thread+0x6c9/0xf70\n kthread+0x2c9/0x3b0\n ret_from_fork+0x4d/0x80\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35855",
"url": "https://www.suse.com/security/cve/CVE-2024-35855"
},
{
"category": "external",
"summary": "SUSE Bug 1224694 for CVE-2024-35855",
"url": "https://bugzilla.suse.com/1224694"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-35855"
},
{
"cve": "CVE-2024-35897",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35897"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: discard table flag update with pending basechain deletion\n\nHook unregistration is deferred to the commit phase, same occurs with\nhook updates triggered by the table dormant flag. When both commands are\ncombined, this results in deleting a basechain while leaving its hook\nstill registered in the core.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35897",
"url": "https://www.suse.com/security/cve/CVE-2024-35897"
},
{
"category": "external",
"summary": "SUSE Bug 1224510 for CVE-2024-35897",
"url": "https://bugzilla.suse.com/1224510"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-35897"
},
{
"cve": "CVE-2024-35902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: fix possible cp null dereference\n\ncp might be null, calling cp-\u003ecp_conn would produce null dereference\n\n[Simon Horman adds:]\n\nAnalysis:\n\n* cp is a parameter of __rds_rdma_map and is not reassigned.\n\n* The following call-sites pass a NULL cp argument to __rds_rdma_map()\n\n - rds_get_mr()\n - rds_get_mr_for_dest\n\n* Prior to the code above, the following assumes that cp may be NULL\n (which is indicative, but could itself be unnecessary)\n\n\ttrans_private = rs-\u003ers_transport-\u003eget_mr(\n\t\tsg, nents, rs, \u0026mr-\u003er_key, cp ? cp-\u003ecp_conn : NULL,\n\t\targs-\u003evec.addr, args-\u003evec.bytes,\n\t\tneed_odp ? ODP_ZEROBASED : ODP_NOT_NEEDED);\n\n* The code modified by this patch is guarded by IS_ERR(trans_private),\n where trans_private is assigned as per the previous point in this analysis.\n\n The only implementation of get_mr that I could locate is rds_ib_get_mr()\n which can return an ERR_PTR if the conn (4th) argument is NULL.\n\n* ret is set to PTR_ERR(trans_private).\n rds_ib_get_mr can return ERR_PTR(-ENODEV) if the conn (4th) argument is NULL.\n Thus ret may be -ENODEV in which case the code in question will execute.\n\nConclusion:\n* cp may be NULL at the point where this patch adds a check;\n this patch does seem to address a possible bug",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35902",
"url": "https://www.suse.com/security/cve/CVE-2024-35902"
},
{
"category": "external",
"summary": "SUSE Bug 1224496 for CVE-2024-35902",
"url": "https://bugzilla.suse.com/1224496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-35902"
},
{
"cve": "CVE-2024-35913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35913"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF\n\nWhen we want to know whether we should look for the mac_id or the\nlink_id in struct iwl_mvm_session_prot_notif, we should look at the\nversion of SESSION_PROTECTION_NOTIF.\n\nThis causes WARNINGs:\n\nWARNING: CPU: 0 PID: 11403 at drivers/net/wireless/intel/iwlwifi/mvm/time-event.c:959 iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm]\nRIP: 0010:iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm]\nCode: 00 49 c7 84 24 48 07 00 00 00 00 00 00 41 c6 84 24 78 07 00 00 ff 4c 89 f7 e8 e9 71 54 d9 e9 7d fd ff ff 0f 0b e9 23 fe ff ff \u003c0f\u003e 0b e9 1c fe ff ff 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90\nRSP: 0018:ffffb4bb00003d40 EFLAGS: 00010202\nRAX: 0000000000000000 RBX: ffff9ae63a361000 RCX: ffff9ae4a98b60d4\nRDX: ffff9ae4588499c0 RSI: 0000000000000305 RDI: ffff9ae4a98b6358\nRBP: ffffb4bb00003d68 R08: 0000000000000003 R09: 0000000000000010\nR10: ffffb4bb00003d00 R11: 000000000000000f R12: ffff9ae441399050\nR13: ffff9ae4761329e8 R14: 0000000000000001 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff9ae7af400000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055fb75680018 CR3: 00000003dae32006 CR4: 0000000000f70ef0\nPKRU: 55555554\nCall Trace:\n \u003cIRQ\u003e\n ? show_regs+0x69/0x80\n ? __warn+0x8d/0x150\n ? iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm]\n ? report_bug+0x196/0x1c0\n ? handle_bug+0x45/0x80\n ? exc_invalid_op+0x1c/0xb0\n ? asm_exc_invalid_op+0x1f/0x30\n ? iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm]\n iwl_mvm_rx_common+0x115/0x340 [iwlmvm]\n iwl_mvm_rx_mq+0xa6/0x100 [iwlmvm]\n iwl_pcie_rx_handle+0x263/0xa10 [iwlwifi]\n iwl_pcie_napi_poll_msix+0x32/0xd0 [iwlwifi]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35913",
"url": "https://www.suse.com/security/cve/CVE-2024-35913"
},
{
"category": "external",
"summary": "SUSE Bug 1224485 for CVE-2024-35913",
"url": "https://bugzilla.suse.com/1224485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-35913"
},
{
"cve": "CVE-2024-35939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35939"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-direct: Leak pages on dma_set_decrypted() failure\n\nOn TDX it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nDMA could free decrypted/shared pages if dma_set_decrypted() fails. This\nshould be a rare case. Just leak the pages in this case instead of\nfreeing them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35939",
"url": "https://www.suse.com/security/cve/CVE-2024-35939"
},
{
"category": "external",
"summary": "SUSE Bug 1224535 for CVE-2024-35939",
"url": "https://bugzilla.suse.com/1224535"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-35939"
},
{
"cve": "CVE-2024-35949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35949"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: make sure that WRITTEN is set on all metadata blocks\n\nWe previously would call btrfs_check_leaf() if we had the check\nintegrity code enabled, which meant that we could only run the extended\nleaf checks if we had WRITTEN set on the header flags.\n\nThis leaves a gap in our checking, because we could end up with\ncorruption on disk where WRITTEN isn\u0027t set on the leaf, and then the\nextended leaf checks don\u0027t get run which we rely on to validate all of\nthe item pointers to make sure we don\u0027t access memory outside of the\nextent buffer.\n\nHowever, since 732fab95abe2 (\"btrfs: check-integrity: remove\nCONFIG_BTRFS_FS_CHECK_INTEGRITY option\") we no longer call\nbtrfs_check_leaf() from btrfs_mark_buffer_dirty(), which means we only\never call it on blocks that are being written out, and thus have WRITTEN\nset, or that are being read in, which should have WRITTEN set.\n\nAdd checks to make sure we have WRITTEN set appropriately, and then make\nsure __btrfs_check_leaf() always does the item checking. This will\nprotect us from file systems that have been corrupted and no longer have\nWRITTEN set on some of the blocks.\n\nThis was hit on a crafted image tweaking the WRITTEN bit and reported by\nKASAN as out-of-bound access in the eb accessors. The example is a dir\nitem at the end of an eb.\n\n [2.042] BTRFS warning (device loop1): bad eb member start: ptr 0x3fff start 30572544 member offset 16410 size 2\n [2.040] general protection fault, probably for non-canonical address 0xe0009d1000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI\n [2.537] KASAN: maybe wild-memory-access in range [0x0005088000000018-0x000508800000001f]\n [2.729] CPU: 0 PID: 2587 Comm: mount Not tainted 6.8.2 #1\n [2.729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [2.621] RIP: 0010:btrfs_get_16+0x34b/0x6d0\n [2.621] RSP: 0018:ffff88810871fab8 EFLAGS: 00000206\n [2.621] RAX: 0000a11000000003 RBX: ffff888104ff8720 RCX: ffff88811b2288c0\n [2.621] RDX: dffffc0000000000 RSI: ffffffff81dd8aca RDI: ffff88810871f748\n [2.621] RBP: 000000000000401a R08: 0000000000000001 R09: ffffed10210e3ee9\n [2.621] R10: ffff88810871f74f R11: 205d323430333737 R12: 000000000000001a\n [2.621] R13: 000508800000001a R14: 1ffff110210e3f5d R15: ffffffff850011e8\n [2.621] FS: 00007f56ea275840(0000) GS:ffff88811b200000(0000) knlGS:0000000000000000\n [2.621] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [2.621] CR2: 00007febd13b75c0 CR3: 000000010bb50000 CR4: 00000000000006f0\n [2.621] Call Trace:\n [2.621] \u003cTASK\u003e\n [2.621] ? show_regs+0x74/0x80\n [2.621] ? die_addr+0x46/0xc0\n [2.621] ? exc_general_protection+0x161/0x2a0\n [2.621] ? asm_exc_general_protection+0x26/0x30\n [2.621] ? btrfs_get_16+0x33a/0x6d0\n [2.621] ? btrfs_get_16+0x34b/0x6d0\n [2.621] ? btrfs_get_16+0x33a/0x6d0\n [2.621] ? __pfx_btrfs_get_16+0x10/0x10\n [2.621] ? __pfx_mutex_unlock+0x10/0x10\n [2.621] btrfs_match_dir_item_name+0x101/0x1a0\n [2.621] btrfs_lookup_dir_item+0x1f3/0x280\n [2.621] ? __pfx_btrfs_lookup_dir_item+0x10/0x10\n [2.621] btrfs_get_tree+0xd25/0x1910\n\n[ copy more details from report ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35949",
"url": "https://www.suse.com/security/cve/CVE-2024-35949"
},
{
"category": "external",
"summary": "SUSE Bug 1224700 for CVE-2024-35949",
"url": "https://bugzilla.suse.com/1224700"
},
{
"category": "external",
"summary": "SUSE Bug 1229273 for CVE-2024-35949",
"url": "https://bugzilla.suse.com/1229273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-35949"
},
{
"cve": "CVE-2024-36270",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36270"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: tproxy: bail out if IP has been disabled on the device\n\nsyzbot reports:\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\n[..]\nRIP: 0010:nf_tproxy_laddr4+0xb7/0x340 net/ipv4/netfilter/nf_tproxy_ipv4.c:62\nCall Trace:\n nft_tproxy_eval_v4 net/netfilter/nft_tproxy.c:56 [inline]\n nft_tproxy_eval+0xa9a/0x1a00 net/netfilter/nft_tproxy.c:168\n\n__in_dev_get_rcu() can return NULL, so check for this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36270",
"url": "https://www.suse.com/security/cve/CVE-2024-36270"
},
{
"category": "external",
"summary": "SUSE Bug 1226798 for CVE-2024-36270",
"url": "https://bugzilla.suse.com/1226798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-36270"
},
{
"cve": "CVE-2024-36286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36286"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()\n\nsyzbot reported that nf_reinject() could be called without rcu_read_lock() :\n\nWARNING: suspicious RCU usage\n6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Not tainted\n\nnet/netfilter/nfnetlink_queue.c:263 suspicious rcu_dereference_check() usage!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n2 locks held by syz-executor.4/13427:\n #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]\n #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2190 [inline]\n #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_core+0xa86/0x1830 kernel/rcu/tree.c:2471\n #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: nfqnl_flush net/netfilter/nfnetlink_queue.c:405 [inline]\n #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: instance_destroy_rcu+0x30/0x220 net/netfilter/nfnetlink_queue.c:172\n\nstack backtrace:\nCPU: 0 PID: 13427 Comm: syz-executor.4 Not tainted 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712\n nf_reinject net/netfilter/nfnetlink_queue.c:323 [inline]\n nfqnl_reinject+0x6ec/0x1120 net/netfilter/nfnetlink_queue.c:397\n nfqnl_flush net/netfilter/nfnetlink_queue.c:410 [inline]\n instance_destroy_rcu+0x1ae/0x220 net/netfilter/nfnetlink_queue.c:172\n rcu_do_batch kernel/rcu/tree.c:2196 [inline]\n rcu_core+0xafd/0x1830 kernel/rcu/tree.c:2471\n handle_softirqs+0x2d6/0x990 kernel/softirq.c:554\n __do_softirq kernel/softirq.c:588 [inline]\n invoke_softirq kernel/softirq.c:428 [inline]\n __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:649\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043\n \u003c/IRQ\u003e\n \u003cTASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36286",
"url": "https://www.suse.com/security/cve/CVE-2024-36286"
},
{
"category": "external",
"summary": "SUSE Bug 1226801 for CVE-2024-36286",
"url": "https://bugzilla.suse.com/1226801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-36286"
},
{
"cve": "CVE-2024-36288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36288"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix loop termination condition in gss_free_in_token_pages()\n\nThe in_token-\u003epages[] array is not NULL terminated. This results in\nthe following KASAN splat:\n\n KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36288",
"url": "https://www.suse.com/security/cve/CVE-2024-36288"
},
{
"category": "external",
"summary": "SUSE Bug 1226834 for CVE-2024-36288",
"url": "https://bugzilla.suse.com/1226834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-36288"
},
{
"cve": "CVE-2024-36489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36489"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix missing memory barrier in tls_init\n\nIn tls_init(), a write memory barrier is missing, and store-store\nreordering may cause NULL dereference in tls_{setsockopt,getsockopt}.\n\nCPU0 CPU1\n----- -----\n// In tls_init()\n// In tls_ctx_create()\nctx = kzalloc()\nctx-\u003esk_proto = READ_ONCE(sk-\u003esk_prot) -(1)\n\n// In update_sk_prot()\nWRITE_ONCE(sk-\u003esk_prot, tls_prots) -(2)\n\n // In sock_common_setsockopt()\n READ_ONCE(sk-\u003esk_prot)-\u003esetsockopt()\n\n // In tls_{setsockopt,getsockopt}()\n ctx-\u003esk_proto-\u003esetsockopt() -(3)\n\nIn the above scenario, when (1) and (2) are reordered, (3) can observe\nthe NULL value of ctx-\u003esk_proto, causing NULL dereference.\n\nTo fix it, we rely on rcu_assign_pointer() which implies the release\nbarrier semantic. By moving rcu_assign_pointer() after ctx-\u003esk_proto is\ninitialized, we can ensure that ctx-\u003esk_proto are visible when\nchanging sk-\u003esk_prot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36489",
"url": "https://www.suse.com/security/cve/CVE-2024-36489"
},
{
"category": "external",
"summary": "SUSE Bug 1226874 for CVE-2024-36489",
"url": "https://bugzilla.suse.com/1226874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-36489"
},
{
"cve": "CVE-2024-36881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/userfaultfd: reset ptes when close() for wr-protected ones\n\nUserfaultfd unregister includes a step to remove wr-protect bits from all\nthe relevant pgtable entries, but that only covered an explicit\nUFFDIO_UNREGISTER ioctl, not a close() on the userfaultfd itself. Cover\nthat too. This fixes a WARN trace.\n\nThe only user visible side effect is the user can observe leftover\nwr-protect bits even if the user close()ed on an userfaultfd when\nreleasing the last reference of it. However hopefully that should be\nharmless, and nothing bad should happen even if so.\n\nThis change is now more important after the recent page-table-check\npatch we merged in mm-unstable (446dd9ad37d0 (\"mm/page_table_check:\nsupport userfault wr-protect entries\")), as we\u0027ll do sanity check on\nuffd-wp bits without vma context. So it\u0027s better if we can 100%\nguarantee no uffd-wp bit leftovers, to make sure each report will be\nvalid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36881",
"url": "https://www.suse.com/security/cve/CVE-2024-36881"
},
{
"category": "external",
"summary": "SUSE Bug 1225718 for CVE-2024-36881",
"url": "https://bugzilla.suse.com/1225718"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-36881"
},
{
"cve": "CVE-2024-36907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36907"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36907",
"url": "https://www.suse.com/security/cve/CVE-2024-36907"
},
{
"category": "external",
"summary": "SUSE Bug 1225751 for CVE-2024-36907",
"url": "https://bugzilla.suse.com/1225751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-36907"
},
{
"cve": "CVE-2024-36929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36929"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: core: reject skb_copy(_expand) for fraglist GSO skbs\n\nSKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become\ninvalid. Return NULL if such an skb is passed to skb_copy or\nskb_copy_expand, in order to prevent a crash on a potential later\ncall to skb_gso_segment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36929",
"url": "https://www.suse.com/security/cve/CVE-2024-36929"
},
{
"category": "external",
"summary": "SUSE Bug 1225814 for CVE-2024-36929",
"url": "https://bugzilla.suse.com/1225814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-36929"
},
{
"cve": "CVE-2024-36933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36933"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnsh: Restore skb-\u003e{protocol,data,mac_header} for outer header in nsh_gso_segment().\n\nsyzbot triggered various splats (see [0] and links) by a crafted GSO\npacket of VIRTIO_NET_HDR_GSO_UDP layering the following protocols:\n\n ETH_P_8021AD + ETH_P_NSH + ETH_P_IPV6 + IPPROTO_UDP\n\nNSH can encapsulate IPv4, IPv6, Ethernet, NSH, and MPLS. As the inner\nprotocol can be Ethernet, NSH GSO handler, nsh_gso_segment(), calls\nskb_mac_gso_segment() to invoke inner protocol GSO handlers.\n\nnsh_gso_segment() does the following for the original skb before\ncalling skb_mac_gso_segment()\n\n 1. reset skb-\u003enetwork_header\n 2. save the original skb-\u003e{mac_heaeder,mac_len} in a local variable\n 3. pull the NSH header\n 4. resets skb-\u003emac_header\n 5. set up skb-\u003emac_len and skb-\u003eprotocol for the inner protocol.\n\nand does the following for the segmented skb\n\n 6. set ntohs(ETH_P_NSH) to skb-\u003eprotocol\n 7. push the NSH header\n 8. restore skb-\u003emac_header\n 9. set skb-\u003emac_header + mac_len to skb-\u003enetwork_header\n 10. restore skb-\u003emac_len\n\nThere are two problems in 6-7 and 8-9.\n\n (a)\n After 6 \u0026 7, skb-\u003edata points to the NSH header, so the outer header\n (ETH_P_8021AD in this case) is stripped when skb is sent out of netdev.\n\n Also, if NSH is encapsulated by NSH + Ethernet (so NSH-Ethernet-NSH),\n skb_pull() in the first nsh_gso_segment() will make skb-\u003edata point\n to the middle of the outer NSH or Ethernet header because the Ethernet\n header is not pulled by the second nsh_gso_segment().\n\n (b)\n While restoring skb-\u003e{mac_header,network_header} in 8 \u0026 9,\n nsh_gso_segment() does not assume that the data in the linear\n buffer is shifted.\n\n However, udp6_ufo_fragment() could shift the data and change\n skb-\u003emac_header accordingly as demonstrated by syzbot.\n\n If this happens, even the restored skb-\u003emac_header points to\n the middle of the outer header.\n\nIt seems nsh_gso_segment() has never worked with outer headers so far.\n\nAt the end of nsh_gso_segment(), the outer header must be restored for\nthe segmented skb, instead of the NSH header.\n\nTo do that, let\u0027s calculate the outer header position relatively from\nthe inner header and set skb-\u003e{data,mac_header,protocol} properly.\n\n[0]:\nBUG: KMSAN: uninit-value in ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]\nBUG: KMSAN: uninit-value in ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]\nBUG: KMSAN: uninit-value in ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]\n ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668\n ipvlan_start_xmit+0x5c/0x1a0 drivers/net/ipvlan/ipvlan_main.c:222\n __netdev_start_xmit include/linux/netdevice.h:4989 [inline]\n netdev_start_xmit include/linux/netdevice.h:5003 [inline]\n xmit_one net/core/dev.c:3547 [inline]\n dev_hard_start_xmit+0x244/0xa10 net/core/dev.c:3563\n __dev_queue_xmit+0x33ed/0x51c0 net/core/dev.c:4351\n dev_queue_xmit include/linux/netdevice.h:3171 [inline]\n packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3081 [inline]\n packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3819 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n __do_kmalloc_node mm/slub.c:3980 [inline]\n __kmalloc_node_track_caller+0x705/0x1000 mm/slub.c:4001\n kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582\n __\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36933",
"url": "https://www.suse.com/security/cve/CVE-2024-36933"
},
{
"category": "external",
"summary": "SUSE Bug 1225832 for CVE-2024-36933",
"url": "https://bugzilla.suse.com/1225832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-36933"
},
{
"cve": "CVE-2024-36939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36939"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Handle error of rpc_proc_register() in nfs_net_init().\n\nsyzkaller reported a warning [0] triggered while destroying immature\nnetns.\n\nrpc_proc_register() was called in init_nfs_fs(), but its error\nhas been ignored since at least the initial commit 1da177e4c3f4\n(\"Linux-2.6.12-rc2\").\n\nRecently, commit d47151b79e32 (\"nfs: expose /proc/net/sunrpc/nfs\nin net namespaces\") converted the procfs to per-netns and made\nthe problem more visible.\n\nEven when rpc_proc_register() fails, nfs_net_init() could succeed,\nand thus nfs_net_exit() will be called while destroying the netns.\n\nThen, remove_proc_entry() will be called for non-existing proc\ndirectory and trigger the warning below.\n\nLet\u0027s handle the error of rpc_proc_register() properly in nfs_net_init().\n\n[0]:\nname \u0027nfs\u0027\nWARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nModules linked in:\nCPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nCode: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff \u003c0f\u003e 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb\nRSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c\nRDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc\nR13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8\nFS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310\n nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438\n ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170\n setup_net+0x46c/0x660 net/core/net_namespace.c:372\n copy_net_ns+0x244/0x590 net/core/net_namespace.c:505\n create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228\n ksys_unshare+0x342/0x760 kernel/fork.c:3322\n __do_sys_unshare kernel/fork.c:3393 [inline]\n __se_sys_unshare kernel/fork.c:3391 [inline]\n __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0x7f30d0febe5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600\nRBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002\nR13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36939",
"url": "https://www.suse.com/security/cve/CVE-2024-36939"
},
{
"category": "external",
"summary": "SUSE Bug 1225838 for CVE-2024-36939",
"url": "https://bugzilla.suse.com/1225838"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-36939"
},
{
"cve": "CVE-2024-36970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36970"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Use request_module_nowait\n\nThis appears to work around a deadlock regression that came in\nwith the LED merge in 6.9.\n\nThe deadlock happens on my system with 24 iwlwifi radios, so maybe\nit something like all worker threads are busy and some work that needs\nto complete cannot complete.\n\n[also remove unnecessary \"load_module\" var and now-wrong comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36970",
"url": "https://www.suse.com/security/cve/CVE-2024-36970"
},
{
"category": "external",
"summary": "SUSE Bug 1226127 for CVE-2024-36970",
"url": "https://bugzilla.suse.com/1226127"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-36970"
},
{
"cve": "CVE-2024-36979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mst: fix vlan use-after-free\n\nsyzbot reported a suspicious rcu usage[1] in bridge\u0027s mst code. While\nfixing it I noticed that nothing prevents a vlan to be freed while\nwalking the list from the same path (br forward delay timer). Fix the rcu\nusage and also make sure we are not accessing freed memory by making\nbr_mst_vlan_set_state use rcu read lock.\n\n[1]\n WARNING: suspicious RCU usage\n 6.9.0-rc6-syzkaller #0 Not tainted\n -----------------------------\n net/bridge/br_private.h:1599 suspicious rcu_dereference_protected() usage!\n ...\n stack backtrace:\n CPU: 1 PID: 8017 Comm: syz-executor.1 Not tainted 6.9.0-rc6-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\n Call Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712\n nbp_vlan_group net/bridge/br_private.h:1599 [inline]\n br_mst_set_state+0x1ea/0x650 net/bridge/br_mst.c:105\n br_set_state+0x28a/0x7b0 net/bridge/br_stp.c:47\n br_forward_delay_timer_expired+0x176/0x440 net/bridge/br_stp_timer.c:88\n call_timer_fn+0x18e/0x650 kernel/time/timer.c:1793\n expire_timers kernel/time/timer.c:1844 [inline]\n __run_timers kernel/time/timer.c:2418 [inline]\n __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2429\n run_timer_base kernel/time/timer.c:2438 [inline]\n run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2448\n __do_softirq+0x2c6/0x980 kernel/softirq.c:554\n invoke_softirq kernel/softirq.c:428 [inline]\n __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:645\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\n RIP: 0010:lock_acquire+0x264/0x550 kernel/locking/lockdep.c:5758\n Code: 2b 00 74 08 4c 89 f7 e8 ba d1 84 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 \u003c4b\u003e c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25\n RSP: 0018:ffffc90013657100 EFLAGS: 00000206\n RAX: 0000000000000001 RBX: 1ffff920026cae2c RCX: 0000000000000001\n RDX: dffffc0000000000 RSI: ffffffff8bcaca00 RDI: ffffffff8c1eaa60\n RBP: ffffc90013657260 R08: ffffffff92efe507 R09: 1ffffffff25dfca0\n R10: dffffc0000000000 R11: fffffbfff25dfca1 R12: 1ffff920026cae28\n R13: dffffc0000000000 R14: ffffc90013657160 R15: 0000000000000246",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36979",
"url": "https://www.suse.com/security/cve/CVE-2024-36979"
},
{
"category": "external",
"summary": "SUSE Bug 1226604 for CVE-2024-36979",
"url": "https://bugzilla.suse.com/1226604"
},
{
"category": "external",
"summary": "SUSE Bug 1227369 for CVE-2024-36979",
"url": "https://bugzilla.suse.com/1227369"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-36979"
},
{
"cve": "CVE-2024-38563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38563"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: fix potential memory leakage when reading chip temperature\n\nWithout this commit, reading chip temperature will cause memory leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38563",
"url": "https://www.suse.com/security/cve/CVE-2024-38563"
},
{
"category": "external",
"summary": "SUSE Bug 1226743 for CVE-2024-38563",
"url": "https://bugzilla.suse.com/1226743"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-38563"
},
{
"cve": "CVE-2024-38609",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38609"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: connac: check for null before dereferencing\n\nThe wcid can be NULL. It should be checked for validity before\ndereferencing it to avoid crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38609",
"url": "https://www.suse.com/security/cve/CVE-2024-38609"
},
{
"category": "external",
"summary": "SUSE Bug 1226751 for CVE-2024-38609",
"url": "https://bugzilla.suse.com/1226751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-38609"
},
{
"cve": "CVE-2024-38662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38662"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Allow delete from sockmap/sockhash only if update is allowed\n\nWe have seen an influx of syzkaller reports where a BPF program attached to\na tracepoint triggers a locking rule violation by performing a map_delete\non a sockmap/sockhash.\n\nWe don\u0027t intend to support this artificial use scenario. Extend the\nexisting verifier allowed-program-type check for updating sockmap/sockhash\nto also cover deleting from a map.\n\nFrom now on only BPF programs which were previously allowed to update\nsockmap/sockhash can delete from these map types.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38662",
"url": "https://www.suse.com/security/cve/CVE-2024-38662"
},
{
"category": "external",
"summary": "SUSE Bug 1226885 for CVE-2024-38662",
"url": "https://bugzilla.suse.com/1226885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-38662"
},
{
"cve": "CVE-2024-39476",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39476"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING\n\nXiao reported that lvm2 test lvconvert-raid-takeover.sh can hang with\nsmall possibility, the root cause is exactly the same as commit\nbed9e27baf52 (\"Revert \"md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d\"\")\n\nHowever, Dan reported another hang after that, and junxiao investigated\nthe problem and found out that this is caused by plugged bio can\u0027t issue\nfrom raid5d().\n\nCurrent implementation in raid5d() has a weird dependence:\n\n1) md_check_recovery() from raid5d() must hold \u0027reconfig_mutex\u0027 to clear\n MD_SB_CHANGE_PENDING;\n2) raid5d() handles IO in a deadloop, until all IO are issued;\n3) IO from raid5d() must wait for MD_SB_CHANGE_PENDING to be cleared;\n\nThis behaviour is introduce before v2.6, and for consequence, if other\ncontext hold \u0027reconfig_mutex\u0027, and md_check_recovery() can\u0027t update\nsuper_block, then raid5d() will waste one cpu 100% by the deadloop, until\n\u0027reconfig_mutex\u0027 is released.\n\nRefer to the implementation from raid1 and raid10, fix this problem by\nskipping issue IO if MD_SB_CHANGE_PENDING is still set after\nmd_check_recovery(), daemon thread will be woken up when \u0027reconfig_mutex\u0027\nis released. Meanwhile, the hang problem will be fixed as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39476",
"url": "https://www.suse.com/security/cve/CVE-2024-39476"
},
{
"category": "external",
"summary": "SUSE Bug 1227437 for CVE-2024-39476",
"url": "https://bugzilla.suse.com/1227437"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-39476"
},
{
"cve": "CVE-2024-39483",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39483"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked\n\nWhen requesting an NMI window, WARN on vNMI support being enabled if and\nonly if NMIs are actually masked, i.e. if the vCPU is already handling an\nNMI. KVM\u0027s ABI for NMIs that arrive simultanesouly (from KVM\u0027s point of\nview) is to inject one NMI and pend the other. When using vNMI, KVM pends\nthe second NMI simply by setting V_NMI_PENDING, and lets the CPU do the\nrest (hardware automatically sets V_NMI_BLOCKING when an NMI is injected).\n\nHowever, if KVM can\u0027t immediately inject an NMI, e.g. because the vCPU is\nin an STI shadow or is running with GIF=0, then KVM will request an NMI\nwindow and trigger the WARN (but still function correctly).\n\nWhether or not the GIF=0 case makes sense is debatable, as the intent of\nKVM\u0027s behavior is to provide functionality that is as close to real\nhardware as possible. E.g. if two NMIs are sent in quick succession, the\nprobability of both NMIs arriving in an STI shadow is infinitesimally low\non real hardware, but significantly larger in a virtual environment, e.g.\nif the vCPU is preempted in the STI shadow. For GIF=0, the argument isn\u0027t\nas clear cut, because the window where two NMIs can collide is much larger\nin bare metal (though still small).\n\nThat said, KVM should not have divergent behavior for the GIF=0 case based\non whether or not vNMI support is enabled. And KVM has allowed\nsimultaneous NMIs with GIF=0 for over a decade, since commit 7460fb4a3400\n(\"KVM: Fix simultaneous NMIs\"). I.e. KVM\u0027s GIF=0 handling shouldn\u0027t be\nmodified without a *really* good reason to do so, and if KVM\u0027s behavior\nwere to be modified, it should be done irrespective of vNMI support.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39483",
"url": "https://www.suse.com/security/cve/CVE-2024-39483"
},
{
"category": "external",
"summary": "SUSE Bug 1227494 for CVE-2024-39483",
"url": "https://bugzilla.suse.com/1227494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-39483"
},
{
"cve": "CVE-2024-39484",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39484"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: davinci: Don\u0027t strip remove function when driver is builtin\n\nUsing __exit for the remove function results in the remove callback being\ndiscarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g.\nusing sysfs or hotplug), the driver is just removed without the cleanup\nbeing performed. This results in resource leaks. Fix it by compiling in the\nremove callback unconditionally.\n\nThis also fixes a W=1 modpost warning:\n\nWARNING: modpost: drivers/mmc/host/davinci_mmc: section mismatch in\nreference: davinci_mmcsd_driver+0x10 (section: .data) -\u003e\ndavinci_mmcsd_remove (section: .exit.text)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39484",
"url": "https://www.suse.com/security/cve/CVE-2024-39484"
},
{
"category": "external",
"summary": "SUSE Bug 1227493 for CVE-2024-39484",
"url": "https://bugzilla.suse.com/1227493"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-39484"
},
{
"cve": "CVE-2024-39486",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39486"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/drm_file: Fix pid refcounting race\n\n\u003cmaarten.lankhorst@linux.intel.com\u003e, Maxime Ripard\n\u003cmripard@kernel.org\u003e, Thomas Zimmermann \u003ctzimmermann@suse.de\u003e\n\nfilp-\u003epid is supposed to be a refcounted pointer; however, before this\npatch, drm_file_update_pid() only increments the refcount of a struct\npid after storing a pointer to it in filp-\u003epid and dropping the\ndev-\u003efilelist_mutex, making the following race possible:\n\nprocess A process B\n========= =========\n begin drm_file_update_pid\n mutex_lock(\u0026dev-\u003efilelist_mutex)\n rcu_replace_pointer(filp-\u003epid, \u003cpid B\u003e, 1)\n mutex_unlock(\u0026dev-\u003efilelist_mutex)\nbegin drm_file_update_pid\nmutex_lock(\u0026dev-\u003efilelist_mutex)\nrcu_replace_pointer(filp-\u003epid, \u003cpid A\u003e, 1)\nmutex_unlock(\u0026dev-\u003efilelist_mutex)\nget_pid(\u003cpid A\u003e)\nsynchronize_rcu()\nput_pid(\u003cpid B\u003e) *** pid B reaches refcount 0 and is freed here ***\n get_pid(\u003cpid B\u003e) *** UAF ***\n synchronize_rcu()\n put_pid(\u003cpid A\u003e)\n\nAs far as I know, this race can only occur with CONFIG_PREEMPT_RCU=y\nbecause it requires RCU to detect a quiescent state in code that is not\nexplicitly calling into the scheduler.\n\nThis race leads to use-after-free of a \"struct pid\".\nIt is probably somewhat hard to hit because process A has to pass\nthrough a synchronize_rcu() operation while process B is between\nmutex_unlock() and get_pid().\n\nFix it by ensuring that by the time a pointer to the current task\u0027s pid\nis stored in the file, an extra reference to the pid has been taken.\n\nThis fix also removes the condition for synchronize_rcu(); I think\nthat optimization is unnecessary complexity, since in that case we\nwould usually have bailed out on the lockless check above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39486",
"url": "https://www.suse.com/security/cve/CVE-2024-39486"
},
{
"category": "external",
"summary": "SUSE Bug 1227492 for CVE-2024-39486",
"url": "https://bugzilla.suse.com/1227492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-39486"
},
{
"cve": "CVE-2024-39488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39488"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY\n\nWhen CONFIG_DEBUG_BUGVERBOSE=n, we fail to add necessary padding bytes\nto bug_table entries, and as a result the last entry in a bug table will\nbe ignored, potentially leading to an unexpected panic(). All prior\nentries in the table will be handled correctly.\n\nThe arm64 ABI requires that struct fields of up to 8 bytes are\nnaturally-aligned, with padding added within a struct such that struct\nare suitably aligned within arrays.\n\nWhen CONFIG_DEBUG_BUGVERPOSE=y, the layout of a bug_entry is:\n\n\tstruct bug_entry {\n\t\tsigned int bug_addr_disp;\t// 4 bytes\n\t\tsigned int file_disp;\t// 4 bytes\n\t\tunsigned short line;\t\t// 2 bytes\n\t\tunsigned short flags;\t\t// 2 bytes\n\t}\n\n... with 12 bytes total, requiring 4-byte alignment.\n\nWhen CONFIG_DEBUG_BUGVERBOSE=n, the layout of a bug_entry is:\n\n\tstruct bug_entry {\n\t\tsigned int bug_addr_disp;\t// 4 bytes\n\t\tunsigned short flags;\t\t// 2 bytes\n\t\t\u003c implicit padding \u003e\t\t// 2 bytes\n\t}\n\n... with 8 bytes total, with 6 bytes of data and 2 bytes of trailing\npadding, requiring 4-byte alginment.\n\nWhen we create a bug_entry in assembly, we align the start of the entry\nto 4 bytes, which implicitly handles padding for any prior entries.\nHowever, we do not align the end of the entry, and so when\nCONFIG_DEBUG_BUGVERBOSE=n, the final entry lacks the trailing padding\nbytes.\n\nFor the main kernel image this is not a problem as find_bug() doesn\u0027t\ndepend on the trailing padding bytes when searching for entries:\n\n\tfor (bug = __start___bug_table; bug \u003c __stop___bug_table; ++bug)\n\t\tif (bugaddr == bug_addr(bug))\n\t\t\treturn bug;\n\nHowever for modules, module_bug_finalize() depends on the trailing\nbytes when calculating the number of entries:\n\n\tmod-\u003enum_bugs = sechdrs[i].sh_size / sizeof(struct bug_entry);\n\n... and as the last bug_entry lacks the necessary padding bytes, this entry\nwill not be counted, e.g. in the case of a single entry:\n\n\tsechdrs[i].sh_size == 6\n\tsizeof(struct bug_entry) == 8;\n\n\tsechdrs[i].sh_size / sizeof(struct bug_entry) == 0;\n\nConsequently module_find_bug() will miss the last bug_entry when it does:\n\n\tfor (i = 0; i \u003c mod-\u003enum_bugs; ++i, ++bug)\n\t\tif (bugaddr == bug_addr(bug))\n\t\t\tgoto out;\n\n... which can lead to a kenrel panic due to an unhandled bug.\n\nThis can be demonstrated with the following module:\n\n\tstatic int __init buginit(void)\n\t{\n\t\tWARN(1, \"hello\\n\");\n\t\treturn 0;\n\t}\n\n\tstatic void __exit bugexit(void)\n\t{\n\t}\n\n\tmodule_init(buginit);\n\tmodule_exit(bugexit);\n\tMODULE_LICENSE(\"GPL\");\n\n... which will trigger a kernel panic when loaded:\n\n\t------------[ cut here ]------------\n\thello\n\tUnexpected kernel BRK exception at EL1\n\tInternal error: BRK handler: 00000000f2000800 [#1] PREEMPT SMP\n\tModules linked in: hello(O+)\n\tCPU: 0 PID: 50 Comm: insmod Tainted: G O 6.9.1 #8\n\tHardware name: linux,dummy-virt (DT)\n\tpstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n\tpc : buginit+0x18/0x1000 [hello]\n\tlr : buginit+0x18/0x1000 [hello]\n\tsp : ffff800080533ae0\n\tx29: ffff800080533ae0 x28: 0000000000000000 x27: 0000000000000000\n\tx26: ffffaba8c4e70510 x25: ffff800080533c30 x24: ffffaba8c4a28a58\n\tx23: 0000000000000000 x22: 0000000000000000 x21: ffff3947c0eab3c0\n\tx20: ffffaba8c4e3f000 x19: ffffaba846464000 x18: 0000000000000006\n\tx17: 0000000000000000 x16: ffffaba8c2492834 x15: 0720072007200720\n\tx14: 0720072007200720 x13: ffffaba8c49b27c8 x12: 0000000000000312\n\tx11: 0000000000000106 x10: ffffaba8c4a0a7c8 x9 : ffffaba8c49b27c8\n\tx8 : 00000000ffffefff x7 : ffffaba8c4a0a7c8 x6 : 80000000fffff000\n\tx5 : 0000000000000107 x4 : 0000000000000000 x3 : 0000000000000000\n\tx2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff3947c0eab3c0\n\tCall trace:\n\t buginit+0x18/0x1000 [hello]\n\t do_one_initcall+0x80/0x1c8\n\t do_init_module+0x60/0x218\n\t load_module+0x1ba4/0x1d70\n\t __do_sys_init_module+0x198/0x1d0\n\t __arm64_sys_init_module+0x1c/0x28\n\t invoke_syscall+0x48/0x114\n\t el0_svc\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39488",
"url": "https://www.suse.com/security/cve/CVE-2024-39488"
},
{
"category": "external",
"summary": "SUSE Bug 1227618 for CVE-2024-39488",
"url": "https://bugzilla.suse.com/1227618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-39488"
},
{
"cve": "CVE-2024-39489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39489"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix memleak in seg6_hmac_init_algo\n\nseg6_hmac_init_algo returns without cleaning up the previous allocations\nif one fails, so it\u0027s going to leak all that memory and the crypto tfms.\n\nUpdate seg6_hmac_exit to only free the memory when allocated, so we can\nreuse the code directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39489",
"url": "https://www.suse.com/security/cve/CVE-2024-39489"
},
{
"category": "external",
"summary": "SUSE Bug 1227623 for CVE-2024-39489",
"url": "https://bugzilla.suse.com/1227623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-39489"
},
{
"cve": "CVE-2024-39491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39491"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: cs35l56: Fix lifetime of cs_dsp instance\n\nThe cs_dsp instance is initialized in the driver probe() so it\nshould be freed in the driver remove(). Also fix a missing call\nto cs_dsp_remove() in the error path of cs35l56_hda_common_probe().\n\nThe call to cs_dsp_remove() was being done in the component unbind\ncallback cs35l56_hda_unbind(). This meant that if the driver was\nunbound and then re-bound it would be using an uninitialized cs_dsp\ninstance.\n\nIt is best to initialize the cs_dsp instance in probe() so that it\ncan return an error if it fails. The component binding API doesn\u0027t\nhave any error handling so there\u0027s no way to handle a failure if\ncs_dsp was initialized in the bind.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39491",
"url": "https://www.suse.com/security/cve/CVE-2024-39491"
},
{
"category": "external",
"summary": "SUSE Bug 1227627 for CVE-2024-39491",
"url": "https://bugzilla.suse.com/1227627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-39491"
},
{
"cve": "CVE-2024-39493",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39493"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - Fix ADF_DEV_RESET_SYNC memory leak\n\nUsing completion_done to determine whether the caller has gone\naway only works after a complete call. Furthermore it\u0027s still\npossible that the caller has not yet called wait_for_completion,\nresulting in another potential UAF.\n\nFix this by making the caller use cancel_work_sync and then freeing\nthe memory safely.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39493",
"url": "https://www.suse.com/security/cve/CVE-2024-39493"
},
{
"category": "external",
"summary": "SUSE Bug 1227620 for CVE-2024-39493",
"url": "https://bugzilla.suse.com/1227620"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-39493"
},
{
"cve": "CVE-2024-39497",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39497"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)\n\nLack of check for copy-on-write (COW) mapping in drm_gem_shmem_mmap\nallows users to call mmap with PROT_WRITE and MAP_PRIVATE flag\ncausing a kernel panic due to BUG_ON in vmf_insert_pfn_prot:\nBUG_ON((vma-\u003evm_flags \u0026 VM_PFNMAP) \u0026\u0026 is_cow_mapping(vma-\u003evm_flags));\n\nReturn -EINVAL early if COW mapping is detected.\n\nThis bug affects all drm drivers using default shmem helpers.\nIt can be reproduced by this simple example:\nvoid *ptr = mmap(0, size, PROT_WRITE, MAP_PRIVATE, fd, mmap_offset);\nptr[0] = 0;",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39497",
"url": "https://www.suse.com/security/cve/CVE-2024-39497"
},
{
"category": "external",
"summary": "SUSE Bug 1227722 for CVE-2024-39497",
"url": "https://bugzilla.suse.com/1227722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-39497"
},
{
"cve": "CVE-2024-39499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39499"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmci: prevent speculation leaks by sanitizing event in event_deliver()\n\nCoverity spotted that event_msg is controlled by user-space,\nevent_msg-\u003eevent_data.event is passed to event_deliver() and used\nas an index without sanitization.\n\nThis change ensures that the event index is sanitized to mitigate any\npossibility of speculative information leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.\n\nOnly compile tested, no access to HW.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39499",
"url": "https://www.suse.com/security/cve/CVE-2024-39499"
},
{
"category": "external",
"summary": "SUSE Bug 1227725 for CVE-2024-39499",
"url": "https://bugzilla.suse.com/1227725"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-39499"
},
{
"cve": "CVE-2024-39500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39500"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsock_map: avoid race between sock_map_close and sk_psock_put\n\nsk_psock_get will return NULL if the refcount of psock has gone to 0, which\nwill happen when the last call of sk_psock_put is done. However,\nsk_psock_drop may not have finished yet, so the close callback will still\npoint to sock_map_close despite psock being NULL.\n\nThis can be reproduced with a thread deleting an element from the sock map,\nwhile the second one creates a socket, adds it to the map and closes it.\n\nThat will trigger the WARN_ON_ONCE:\n\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 7220 at net/core/sock_map.c:1701 sock_map_close+0x2a2/0x2d0 net/core/sock_map.c:1701\nModules linked in:\nCPU: 1 PID: 7220 Comm: syz-executor380 Not tainted 6.9.0-syzkaller-07726-g3c999d1ae3c7 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nRIP: 0010:sock_map_close+0x2a2/0x2d0 net/core/sock_map.c:1701\nCode: df e8 92 29 88 f8 48 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 79 29 88 f8 4c 8b 23 eb 89 e8 4f 15 23 f8 90 \u003c0f\u003e 0b 90 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 13 26 3d 02\nRSP: 0018:ffffc9000441fda8 EFLAGS: 00010293\nRAX: ffffffff89731ae1 RBX: ffffffff94b87540 RCX: ffff888029470000\nRDX: 0000000000000000 RSI: ffffffff8bcab5c0 RDI: ffffffff8c1faba0\nRBP: 0000000000000000 R08: ffffffff92f9b61f R09: 1ffffffff25f36c3\nR10: dffffc0000000000 R11: fffffbfff25f36c4 R12: ffffffff89731840\nR13: ffff88804b587000 R14: ffff88804b587000 R15: ffffffff89731870\nFS: 000055555e080380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 00000000207d4000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n unix_release+0x87/0xc0 net/unix/af_unix.c:1048\n __sock_release net/socket.c:659 [inline]\n sock_close+0xbe/0x240 net/socket.c:1421\n __fput+0x42b/0x8a0 fs/file_table.c:422\n __do_sys_close fs/open.c:1556 [inline]\n __se_sys_close fs/open.c:1541 [inline]\n __x64_sys_close+0x7f/0x110 fs/open.c:1541\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fb37d618070\nCode: 00 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d4 e8 10 2c 00 00 80 3d 31 f0 07 00 00 74 17 b8 03 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c\nRSP: 002b:00007ffcd4a525d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000003\nRAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fb37d618070\nRDX: 0000000000000010 RSI: 00000000200001c0 RDI: 0000000000000004\nRBP: 0000000000000000 R08: 0000000100000000 R09: 0000000100000000\nR10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nUse sk_psock, which will only check that the pointer is not been set to\nNULL yet, which should only happen after the callbacks are restored. If,\nthen, a reference can still be gotten, we may call sk_psock_stop and cancel\npsock-\u003ework.\n\nAs suggested by Paolo Abeni, reorder the condition so the control flow is\nless convoluted.\n\nAfter that change, the reproducer does not trigger the WARN_ON_ONCE\nanymore.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39500",
"url": "https://www.suse.com/security/cve/CVE-2024-39500"
},
{
"category": "external",
"summary": "SUSE Bug 1227724 for CVE-2024-39500",
"url": "https://bugzilla.suse.com/1227724"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-39500"
},
{
"cve": "CVE-2024-39501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39501"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39501",
"url": "https://www.suse.com/security/cve/CVE-2024-39501"
},
{
"category": "external",
"summary": "SUSE Bug 1227754 for CVE-2024-39501",
"url": "https://bugzilla.suse.com/1227754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-39501"
},
{
"cve": "CVE-2024-39505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39505"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/komeda: check for error-valued pointer\n\nkomeda_pipeline_get_state() may return an error-valued pointer, thus\ncheck the pointer for negative or null value before dereferencing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39505",
"url": "https://www.suse.com/security/cve/CVE-2024-39505"
},
{
"category": "external",
"summary": "SUSE Bug 1227728 for CVE-2024-39505",
"url": "https://bugzilla.suse.com/1227728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-39505"
},
{
"cve": "CVE-2024-39506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39506"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nliquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet\n\nIn lio_vf_rep_copy_packet() pg_info-\u003epage is compared to a NULL value,\nbut then it is unconditionally passed to skb_add_rx_frag() which looks\nstrange and could lead to null pointer dereference.\n\nlio_vf_rep_copy_packet() call trace looks like:\n\tocteon_droq_process_packets\n\t octeon_droq_fast_process_packets\n\t octeon_droq_dispatch_pkt\n\t octeon_create_recv_info\n\t ...search in the dispatch_list...\n\t -\u003edisp_fn(rdisp-\u003erinfo, ...)\n\t lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...)\nIn this path there is no code which sets pg_info-\u003epage to NULL.\nSo this check looks unneeded and doesn\u0027t solve potential problem.\nBut I guess the author had reason to add a check and I have no such card\nand can\u0027t do real test.\nIn addition, the code in the function liquidio_push_packet() in\nliquidio/lio_core.c does exactly the same.\n\nBased on this, I consider the most acceptable compromise solution to\nadjust this issue by moving skb_add_rx_frag() into conditional scope.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39506",
"url": "https://www.suse.com/security/cve/CVE-2024-39506"
},
{
"category": "external",
"summary": "SUSE Bug 1227729 for CVE-2024-39506",
"url": "https://bugzilla.suse.com/1227729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-39506"
},
{
"cve": "CVE-2024-39508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39508"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/io-wq: Use set_bit() and test_bit() at worker-\u003eflags\n\nUtilize set_bit() and test_bit() on worker-\u003eflags within io_uring/io-wq\nto address potential data races.\n\nThe structure io_worker-\u003eflags may be accessed through various data\npaths, leading to concurrency issues. When KCSAN is enabled, it reveals\ndata races occurring in io_worker_handle_work and\nio_wq_activate_free_worker functions.\n\n\t BUG: KCSAN: data-race in io_worker_handle_work / io_wq_activate_free_worker\n\t write to 0xffff8885c4246404 of 4 bytes by task 49071 on cpu 28:\n\t io_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569)\n\t io_wq_worker (io_uring/io-wq.c:?)\n\u003csnip\u003e\n\n\t read to 0xffff8885c4246404 of 4 bytes by task 49024 on cpu 5:\n\t io_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285)\n\t io_wq_enqueue (io_uring/io-wq.c:947)\n\t io_queue_iowq (io_uring/io_uring.c:524)\n\t io_req_task_submit (io_uring/io_uring.c:1511)\n\t io_handle_tw_list (io_uring/io_uring.c:1198)\n\u003csnip\u003e\n\nLine numbers against commit 18daea77cca6 (\"Merge tag \u0027for-linus\u0027 of\ngit://git.kernel.org/pub/scm/virt/kvm/kvm\").\n\nThese races involve writes and reads to the same memory location by\ndifferent tasks running on different CPUs. To mitigate this, refactor\nthe code to use atomic operations such as set_bit(), test_bit(), and\nclear_bit() instead of basic \"and\" and \"or\" operations. This ensures\nthread-safe manipulation of worker flags.\n\nAlso, move `create_index` to avoid holes in the structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39508",
"url": "https://www.suse.com/security/cve/CVE-2024-39508"
},
{
"category": "external",
"summary": "SUSE Bug 1227732 for CVE-2024-39508",
"url": "https://bugzilla.suse.com/1227732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-39508"
},
{
"cve": "CVE-2024-39509",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39509"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: remove unnecessary WARN_ON() in implement()\n\nSyzkaller hit a warning [1] in a call to implement() when trying\nto write a value into a field of smaller size in an output report.\n\nSince implement() already has a warn message printed out with the\nhelp of hid_warn() and value in question gets trimmed with:\n\t...\n\tvalue \u0026= m;\n\t...\nWARN_ON may be considered superfluous. Remove it to suppress future\nsyzkaller triggers.\n\n[1]\nWARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 implement drivers/hid/hid-core.c:1451 [inline]\nWARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863\nModules linked in:\nCPU: 0 PID: 5084 Comm: syz-executor424 Not tainted 6.9.0-rc7-syzkaller-00183-gcf87f46fd34d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nRIP: 0010:implement drivers/hid/hid-core.c:1451 [inline]\nRIP: 0010:hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863\n...\nCall Trace:\n \u003cTASK\u003e\n __usbhid_submit_report drivers/hid/usbhid/hid-core.c:591 [inline]\n usbhid_submit_report+0x43d/0x9e0 drivers/hid/usbhid/hid-core.c:636\n hiddev_ioctl+0x138b/0x1f00 drivers/hid/usbhid/hiddev.c:726\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39509",
"url": "https://www.suse.com/security/cve/CVE-2024-39509"
},
{
"category": "external",
"summary": "SUSE Bug 1227733 for CVE-2024-39509",
"url": "https://bugzilla.suse.com/1227733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-39509"
},
{
"cve": "CVE-2024-39510",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39510"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read()\n\nWe got the following issue in a fuzz test of randomly issuing the restore\ncommand:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in cachefiles_ondemand_daemon_read+0xb41/0xb60\nRead of size 8 at addr ffff888122e84088 by task ondemand-04-dae/963\n\nCPU: 13 PID: 963 Comm: ondemand-04-dae Not tainted 6.8.0-dirty #564\nCall Trace:\n kasan_report+0x93/0xc0\n cachefiles_ondemand_daemon_read+0xb41/0xb60\n vfs_read+0x169/0xb50\n ksys_read+0xf5/0x1e0\n\nAllocated by task 116:\n kmem_cache_alloc+0x140/0x3a0\n cachefiles_lookup_cookie+0x140/0xcd0\n fscache_cookie_state_machine+0x43c/0x1230\n [...]\n\nFreed by task 792:\n kmem_cache_free+0xfe/0x390\n cachefiles_put_object+0x241/0x480\n fscache_cookie_state_machine+0x5c8/0x1230\n [...]\n==================================================================\n\nFollowing is the process that triggers the issue:\n\n mount | daemon_thread1 | daemon_thread2\n------------------------------------------------------------\ncachefiles_withdraw_cookie\n cachefiles_ondemand_clean_object(object)\n cachefiles_ondemand_send_req\n REQ_A = kzalloc(sizeof(*req) + data_len)\n wait_for_completion(\u0026REQ_A-\u003edone)\n\n cachefiles_daemon_read\n cachefiles_ondemand_daemon_read\n REQ_A = cachefiles_ondemand_select_req\n msg-\u003eobject_id = req-\u003eobject-\u003eondemand-\u003eondemand_id\n ------ restore ------\n cachefiles_ondemand_restore\n xas_for_each(\u0026xas, req, ULONG_MAX)\n xas_set_mark(\u0026xas, CACHEFILES_REQ_NEW)\n\n cachefiles_daemon_read\n cachefiles_ondemand_daemon_read\n REQ_A = cachefiles_ondemand_select_req\n copy_to_user(_buffer, msg, n)\n xa_erase(\u0026cache-\u003ereqs, id)\n complete(\u0026REQ_A-\u003edone)\n ------ close(fd) ------\n cachefiles_ondemand_fd_release\n cachefiles_put_object\n cachefiles_put_object\n kmem_cache_free(cachefiles_object_jar, object)\n REQ_A-\u003eobject-\u003eondemand-\u003eondemand_id\n // object UAF !!!\n\nWhen we see the request within xa_lock, req-\u003eobject must not have been\nfreed yet, so grab the reference count of object before xa_unlock to\navoid the above issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39510",
"url": "https://www.suse.com/security/cve/CVE-2024-39510"
},
{
"category": "external",
"summary": "SUSE Bug 1227734 for CVE-2024-39510",
"url": "https://bugzilla.suse.com/1227734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-39510"
},
{
"cve": "CVE-2024-40899",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40899"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd()\n\nWe got the following issue in a fuzz test of randomly issuing the restore\ncommand:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in cachefiles_ondemand_daemon_read+0x609/0xab0\nWrite of size 4 at addr ffff888109164a80 by task ondemand-04-dae/4962\n\nCPU: 11 PID: 4962 Comm: ondemand-04-dae Not tainted 6.8.0-rc7-dirty #542\nCall Trace:\n kasan_report+0x94/0xc0\n cachefiles_ondemand_daemon_read+0x609/0xab0\n vfs_read+0x169/0xb50\n ksys_read+0xf5/0x1e0\n\nAllocated by task 626:\n __kmalloc+0x1df/0x4b0\n cachefiles_ondemand_send_req+0x24d/0x690\n cachefiles_create_tmpfile+0x249/0xb30\n cachefiles_create_file+0x6f/0x140\n cachefiles_look_up_object+0x29c/0xa60\n cachefiles_lookup_cookie+0x37d/0xca0\n fscache_cookie_state_machine+0x43c/0x1230\n [...]\n\nFreed by task 626:\n kfree+0xf1/0x2c0\n cachefiles_ondemand_send_req+0x568/0x690\n cachefiles_create_tmpfile+0x249/0xb30\n cachefiles_create_file+0x6f/0x140\n cachefiles_look_up_object+0x29c/0xa60\n cachefiles_lookup_cookie+0x37d/0xca0\n fscache_cookie_state_machine+0x43c/0x1230\n [...]\n==================================================================\n\nFollowing is the process that triggers the issue:\n\n mount | daemon_thread1 | daemon_thread2\n------------------------------------------------------------\n cachefiles_ondemand_init_object\n cachefiles_ondemand_send_req\n REQ_A = kzalloc(sizeof(*req) + data_len)\n wait_for_completion(\u0026REQ_A-\u003edone)\n\n cachefiles_daemon_read\n cachefiles_ondemand_daemon_read\n REQ_A = cachefiles_ondemand_select_req\n cachefiles_ondemand_get_fd\n copy_to_user(_buffer, msg, n)\n process_open_req(REQ_A)\n ------ restore ------\n cachefiles_ondemand_restore\n xas_for_each(\u0026xas, req, ULONG_MAX)\n xas_set_mark(\u0026xas, CACHEFILES_REQ_NEW);\n\n cachefiles_daemon_read\n cachefiles_ondemand_daemon_read\n REQ_A = cachefiles_ondemand_select_req\n\n write(devfd, (\"copen %u,%llu\", msg-\u003emsg_id, size));\n cachefiles_ondemand_copen\n xa_erase(\u0026cache-\u003ereqs, id)\n complete(\u0026REQ_A-\u003edone)\n kfree(REQ_A)\n cachefiles_ondemand_get_fd(REQ_A)\n fd = get_unused_fd_flags\n file = anon_inode_getfile\n fd_install(fd, file)\n load = (void *)REQ_A-\u003emsg.data;\n load-\u003efd = fd;\n // load UAF !!!\n\nThis issue is caused by issuing a restore command when the daemon is still\nalive, which results in a request being processed multiple times thus\ntriggering a UAF. So to avoid this problem, add an additional reference\ncount to cachefiles_req, which is held while waiting and reading, and then\nreleased when the waiting and reading is over.\n\nNote that since there is only one reference count for waiting, we need to\navoid the same request being completed multiple times, so we can only\ncomplete the request if it is successfully removed from the xarray.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40899",
"url": "https://www.suse.com/security/cve/CVE-2024-40899"
},
{
"category": "external",
"summary": "SUSE Bug 1227758 for CVE-2024-40899",
"url": "https://bugzilla.suse.com/1227758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40899"
},
{
"cve": "CVE-2024-40900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: remove requests from xarray during flushing requests\n\nEven with CACHEFILES_DEAD set, we can still read the requests, so in the\nfollowing concurrency the request may be used after it has been freed:\n\n mount | daemon_thread1 | daemon_thread2\n------------------------------------------------------------\n cachefiles_ondemand_init_object\n cachefiles_ondemand_send_req\n REQ_A = kzalloc(sizeof(*req) + data_len)\n wait_for_completion(\u0026REQ_A-\u003edone)\n cachefiles_daemon_read\n cachefiles_ondemand_daemon_read\n // close dev fd\n cachefiles_flush_reqs\n complete(\u0026REQ_A-\u003edone)\n kfree(REQ_A)\n xa_lock(\u0026cache-\u003ereqs);\n cachefiles_ondemand_select_req\n req-\u003emsg.opcode != CACHEFILES_OP_READ\n // req use-after-free !!!\n xa_unlock(\u0026cache-\u003ereqs);\n xa_destroy(\u0026cache-\u003ereqs)\n\nHence remove requests from cache-\u003ereqs when flushing them to avoid\naccessing freed requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40900",
"url": "https://www.suse.com/security/cve/CVE-2024-40900"
},
{
"category": "external",
"summary": "SUSE Bug 1227760 for CVE-2024-40900",
"url": "https://bugzilla.suse.com/1227760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40900"
},
{
"cve": "CVE-2024-40902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: xattr: fix buffer overflow for invalid xattr\n\nWhen an xattr size is not what is expected, it is printed out to the\nkernel log in hex format as a form of debugging. But when that xattr\nsize is bigger than the expected size, printing it out can cause an\naccess off the end of the buffer.\n\nFix this all up by properly restricting the size of the debug hex dump\nin the kernel log.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40902",
"url": "https://www.suse.com/security/cve/CVE-2024-40902"
},
{
"category": "external",
"summary": "SUSE Bug 1227764 for CVE-2024-40902",
"url": "https://bugzilla.suse.com/1227764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40902"
},
{
"cve": "CVE-2024-40903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40903"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps\n\nThere could be a potential use-after-free case in\ntcpm_register_source_caps(). This could happen when:\n * new (say invalid) source caps are advertised\n * the existing source caps are unregistered\n * tcpm_register_source_caps() returns with an error as\n usb_power_delivery_register_capabilities() fails\n\nThis causes port-\u003epartner_source_caps to hold on to the now freed source\ncaps.\n\nReset port-\u003epartner_source_caps value to NULL after unregistering\nexisting source caps.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40903",
"url": "https://www.suse.com/security/cve/CVE-2024-40903"
},
{
"category": "external",
"summary": "SUSE Bug 1227766 for CVE-2024-40903",
"url": "https://bugzilla.suse.com/1227766"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40903"
},
{
"cve": "CVE-2024-40904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40904"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages\n\nThe syzbot fuzzer found that the interrupt-URB completion callback in\nthe cdc-wdm driver was taking too long, and the driver\u0027s immediate\nresubmission of interrupt URBs with -EPROTO status combined with the\ndummy-hcd emulation to cause a CPU lockup:\n\ncdc_wdm 1-1:1.0: nonzero urb status received: -71\ncdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes\nwatchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]\nCPU#0 Utilization every 4s during lockup:\n\t#1: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#2: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#3: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#4: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#5: 98% system,\t 1% softirq,\t 3% hardirq,\t 0% idle\nModules linked in:\nirq event stamp: 73096\nhardirqs last enabled at (73095): [\u003cffff80008037bc00\u003e] console_emit_next_record kernel/printk/printk.c:2935 [inline]\nhardirqs last enabled at (73095): [\u003cffff80008037bc00\u003e] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994\nhardirqs last disabled at (73096): [\u003cffff80008af10b00\u003e] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\nhardirqs last disabled at (73096): [\u003cffff80008af10b00\u003e] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\nsoftirqs last enabled at (73048): [\u003cffff8000801ea530\u003e] softirq_handle_end kernel/softirq.c:400 [inline]\nsoftirqs last enabled at (73048): [\u003cffff8000801ea530\u003e] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582\nsoftirqs last disabled at (73043): [\u003cffff800080020de8\u003e] __do_softirq+0x14/0x20 kernel/softirq.c:588\nCPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n\nTesting showed that the problem did not occur if the two error\nmessages -- the first two lines above -- were removed; apparently adding\nmaterial to the kernel log takes a surprisingly large amount of time.\n\nIn any case, the best approach for preventing these lockups and to\navoid spamming the log with thousands of error messages per second is\nto ratelimit the two dev_err() calls. Therefore we replace them with\ndev_err_ratelimited().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40904",
"url": "https://www.suse.com/security/cve/CVE-2024-40904"
},
{
"category": "external",
"summary": "SUSE Bug 1227772 for CVE-2024-40904",
"url": "https://bugzilla.suse.com/1227772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40904"
},
{
"cve": "CVE-2024-40905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible race in __fib6_drop_pcpu_from()\n\nsyzbot found a race in __fib6_drop_pcpu_from() [1]\n\nIf compiler reads more than once (*ppcpu_rt),\nsecond read could read NULL, if another cpu clears\nthe value in rt6_get_pcpu_route().\n\nAdd a READ_ONCE() to prevent this race.\n\nAlso add rcu_read_lock()/rcu_read_unlock() because\nwe rely on RCU protection while dereferencing pcpu_rt.\n\n[1]\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]\nCPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nWorkqueue: netns cleanup_net\n RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984\nCode: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 \u003c80\u003e 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48\nRSP: 0018:ffffc900040df070 EFLAGS: 00010206\nRAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16\nRDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091\nRBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007\nR10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8\nR13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001\nFS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline]\n fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline]\n fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038\n fib6_del_route net/ipv6/ip6_fib.c:1998 [inline]\n fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043\n fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205\n fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127\n fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175\n fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255\n __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271\n rt6_sync_down_dev net/ipv6/route.c:4906 [inline]\n rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911\n addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855\n addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778\n notifier_call_chain+0xb9/0x410 kernel/notifier.c:93\n call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992\n call_netdevice_notifiers_extack net/core/dev.c:2030 [inline]\n call_netdevice_notifiers net/core/dev.c:2044 [inline]\n dev_close_many+0x333/0x6a0 net/core/dev.c:1585\n unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193\n unregister_netdevice_many net/core/dev.c:11276 [inline]\n default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40905",
"url": "https://www.suse.com/security/cve/CVE-2024-40905"
},
{
"category": "external",
"summary": "SUSE Bug 1227761 for CVE-2024-40905",
"url": "https://bugzilla.suse.com/1227761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40905"
},
{
"cve": "CVE-2024-40909",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40909"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a potential use-after-free in bpf_link_free()\n\nAfter commit 1a80dbcb2dba, bpf_link can be freed by\nlink-\u003eops-\u003edealloc_deferred, but the code still tests and uses\nlink-\u003eops-\u003edealloc afterward, which leads to a use-after-free as\nreported by syzbot. Actually, one of them should be sufficient, so\njust call one of them instead of both. Also add a WARN_ON() in case\nof any problematic implementation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40909",
"url": "https://www.suse.com/security/cve/CVE-2024-40909"
},
{
"category": "external",
"summary": "SUSE Bug 1227798 for CVE-2024-40909",
"url": "https://bugzilla.suse.com/1227798"
},
{
"category": "external",
"summary": "SUSE Bug 1228349 for CVE-2024-40909",
"url": "https://bugzilla.suse.com/1228349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-40909"
},
{
"cve": "CVE-2024-40910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix refcount imbalance on inbound connections\n\nWhen releasing a socket in ax25_release(), we call netdev_put() to\ndecrease the refcount on the associated ax.25 device. However, the\nexecution path for accepting an incoming connection never calls\nnetdev_hold(). This imbalance leads to refcount errors, and ultimately\nto kernel crashes.\n\nA typical call trace for the above situation will start with one of the\nfollowing errors:\n\n refcount_t: decrement hit 0; leaking memory.\n refcount_t: underflow; use-after-free.\n\nAnd will then have a trace like:\n\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x64/0x70\n ? __warn+0x83/0x120\n ? refcount_warn_saturate+0xb2/0x100\n ? report_bug+0x158/0x190\n ? prb_read_valid+0x20/0x30\n ? handle_bug+0x3e/0x70\n ? exc_invalid_op+0x1c/0x70\n ? asm_exc_invalid_op+0x1f/0x30\n ? refcount_warn_saturate+0xb2/0x100\n ? refcount_warn_saturate+0xb2/0x100\n ax25_release+0x2ad/0x360\n __sock_release+0x35/0xa0\n sock_close+0x19/0x20\n [...]\n\nOn reboot (or any attempt to remove the interface), the kernel gets\nstuck in an infinite loop:\n\n unregister_netdevice: waiting for ax0 to become free. Usage count = 0\n\nThis patch corrects these issues by ensuring that we call netdev_hold()\nand ax25_dev_hold() for new connections in ax25_accept(). This makes the\nlogic leading to ax25_accept() match the logic for ax25_bind(): in both\ncases we increment the refcount, which is ultimately decremented in\nax25_release().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40910",
"url": "https://www.suse.com/security/cve/CVE-2024-40910"
},
{
"category": "external",
"summary": "SUSE Bug 1227832 for CVE-2024-40910",
"url": "https://bugzilla.suse.com/1227832"
},
{
"category": "external",
"summary": "SUSE Bug 1227902 for CVE-2024-40910",
"url": "https://bugzilla.suse.com/1227902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-40910"
},
{
"cve": "CVE-2024-40911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: Lock wiphy in cfg80211_get_station\n\nWiphy should be locked before calling rdev_get_station() (see lockdep\nassert in ieee80211_get_station()).\n\nThis fixes the following kernel NULL dereference:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050\n Mem abort info:\n ESR = 0x0000000096000006\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x06: level 2 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000006\n CM = 0, WnR = 0\n user pgtable: 4k pages, 48-bit VAs, pgdp=0000000003001000\n [0000000000000050] pgd=0800000002dca003, p4d=0800000002dca003, pud=08000000028e9003, pmd=0000000000000000\n Internal error: Oops: 0000000096000006 [#1] SMP\n Modules linked in: netconsole dwc3_meson_g12a dwc3_of_simple dwc3 ip_gre gre ath10k_pci ath10k_core ath9k ath9k_common ath9k_hw ath\n CPU: 0 PID: 1091 Comm: kworker/u8:0 Not tainted 6.4.0-02144-g565f9a3a7911-dirty #705\n Hardware name: RPT (r1) (DT)\n Workqueue: bat_events batadv_v_elp_throughput_metric_update\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : ath10k_sta_statistics+0x10/0x2dc [ath10k_core]\n lr : sta_set_sinfo+0xcc/0xbd4\n sp : ffff000007b43ad0\n x29: ffff000007b43ad0 x28: ffff0000071fa900 x27: ffff00000294ca98\n x26: ffff000006830880 x25: ffff000006830880 x24: ffff00000294c000\n x23: 0000000000000001 x22: ffff000007b43c90 x21: ffff800008898acc\n x20: ffff00000294c6e8 x19: ffff000007b43c90 x18: 0000000000000000\n x17: 445946354d552d78 x16: 62661f7200000000 x15: 57464f445946354d\n x14: 0000000000000000 x13: 00000000000000e3 x12: d5f0acbcebea978e\n x11: 00000000000000e3 x10: 000000010048fe41 x9 : 0000000000000000\n x8 : ffff000007b43d90 x7 : 000000007a1e2125 x6 : 0000000000000000\n x5 : ffff0000024e0900 x4 : ffff800000a0250c x3 : ffff000007b43c90\n x2 : ffff00000294ca98 x1 : ffff000006831920 x0 : 0000000000000000\n Call trace:\n ath10k_sta_statistics+0x10/0x2dc [ath10k_core]\n sta_set_sinfo+0xcc/0xbd4\n ieee80211_get_station+0x2c/0x44\n cfg80211_get_station+0x80/0x154\n batadv_v_elp_get_throughput+0x138/0x1fc\n batadv_v_elp_throughput_metric_update+0x1c/0xa4\n process_one_work+0x1ec/0x414\n worker_thread+0x70/0x46c\n kthread+0xdc/0xe0\n ret_from_fork+0x10/0x20\n Code: a9bb7bfd 910003fd a90153f3 f9411c40 (f9402814)\n\nThis happens because STA has time to disconnect and reconnect before\nbatadv_v_elp_throughput_metric_update() delayed work gets scheduled. In\nthis situation, ath10k_sta_state() can be in the middle of resetting\narsta data when the work queue get chance to be scheduled and ends up\naccessing it. Locking wiphy prevents that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40911",
"url": "https://www.suse.com/security/cve/CVE-2024-40911"
},
{
"category": "external",
"summary": "SUSE Bug 1227792 for CVE-2024-40911",
"url": "https://bugzilla.suse.com/1227792"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40911"
},
{
"cve": "CVE-2024-40912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40912"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()\n\nThe ieee80211_sta_ps_deliver_wakeup() function takes sta-\u003eps_lock to\nsynchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from\nsoftirq context. However using only spin_lock() to get sta-\u003eps_lock in\nieee80211_sta_ps_deliver_wakeup() does not prevent softirq to execute\non this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try to\ntake this same lock ending in deadlock. Below is an example of rcu stall\nthat arises in such situation.\n\n rcu: INFO: rcu_sched self-detected stall on CPU\n rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996\n rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4)\n CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742\n Hardware name: RPT (r1) (DT)\n pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : queued_spin_lock_slowpath+0x58/0x2d0\n lr : invoke_tx_handlers_early+0x5b4/0x5c0\n sp : ffff00001ef64660\n x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8\n x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000\n x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000\n x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000\n x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80\n x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da\n x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440\n x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880\n x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8\n Call trace:\n queued_spin_lock_slowpath+0x58/0x2d0\n ieee80211_tx+0x80/0x12c\n ieee80211_tx_pending+0x110/0x278\n tasklet_action_common.constprop.0+0x10c/0x144\n tasklet_action+0x20/0x28\n _stext+0x11c/0x284\n ____do_softirq+0xc/0x14\n call_on_irq_stack+0x24/0x34\n do_softirq_own_stack+0x18/0x20\n do_softirq+0x74/0x7c\n __local_bh_enable_ip+0xa0/0xa4\n _ieee80211_wake_txqs+0x3b0/0x4b8\n __ieee80211_wake_queue+0x12c/0x168\n ieee80211_add_pending_skbs+0xec/0x138\n ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480\n ieee80211_mps_sta_status_update.part.0+0xd8/0x11c\n ieee80211_mps_sta_status_update+0x18/0x24\n sta_apply_parameters+0x3bc/0x4c0\n ieee80211_change_station+0x1b8/0x2dc\n nl80211_set_station+0x444/0x49c\n genl_family_rcv_msg_doit.isra.0+0xa4/0xfc\n genl_rcv_msg+0x1b0/0x244\n netlink_rcv_skb+0x38/0x10c\n genl_rcv+0x34/0x48\n netlink_unicast+0x254/0x2bc\n netlink_sendmsg+0x190/0x3b4\n ____sys_sendmsg+0x1e8/0x218\n ___sys_sendmsg+0x68/0x8c\n __sys_sendmsg+0x44/0x84\n __arm64_sys_sendmsg+0x20/0x28\n do_el0_svc+0x6c/0xe8\n el0_svc+0x14/0x48\n el0t_64_sync_handler+0xb0/0xb4\n el0t_64_sync+0x14c/0x150\n\nUsing spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raise\non the same CPU that is holding the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40912",
"url": "https://www.suse.com/security/cve/CVE-2024-40912"
},
{
"category": "external",
"summary": "SUSE Bug 1227790 for CVE-2024-40912",
"url": "https://bugzilla.suse.com/1227790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40912"
},
{
"cve": "CVE-2024-40913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40913"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: defer exposing anon_fd until after copy_to_user() succeeds\n\nAfter installing the anonymous fd, we can now see it in userland and close\nit. However, at this point we may not have gotten the reference count of\nthe cache, but we will put it during colse fd, so this may cause a cache\nUAF.\n\nSo grab the cache reference count before fd_install(). In addition, by\nkernel convention, fd is taken over by the user land after fd_install(),\nand the kernel should not call close_fd() after that, i.e., it should call\nfd_install() after everything is ready, thus fd_install() is called after\ncopy_to_user() succeeds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40913",
"url": "https://www.suse.com/security/cve/CVE-2024-40913"
},
{
"category": "external",
"summary": "SUSE Bug 1227839 for CVE-2024-40913",
"url": "https://bugzilla.suse.com/1227839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40913"
},
{
"cve": "CVE-2024-40916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40916"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found\n\nWhen reading EDID fails and driver reports no modes available, the DRM\ncore adds an artificial 1024x786 mode to the connector. Unfortunately\nsome variants of the Exynos HDMI (like the one in Exynos4 SoCs) are not\nable to drive such mode, so report a safe 640x480 mode instead of nothing\nin case of the EDID reading failure.\n\nThis fixes the following issue observed on Trats2 board since commit\n13d5b040363c (\"drm/exynos: do not return negative values from .get_modes()\"):\n\n[drm] Exynos DRM: using 11c00000.fimd device for DMA mapping operations\nexynos-drm exynos-drm: bound 11c00000.fimd (ops fimd_component_ops)\nexynos-drm exynos-drm: bound 12c10000.mixer (ops mixer_component_ops)\nexynos-dsi 11c80000.dsi: [drm:samsung_dsim_host_attach] Attached s6e8aa0 device (lanes:4 bpp:24 mode-flags:0x10b)\nexynos-drm exynos-drm: bound 11c80000.dsi (ops exynos_dsi_component_ops)\nexynos-drm exynos-drm: bound 12d00000.hdmi (ops hdmi_component_ops)\n[drm] Initialized exynos 1.1.0 20180330 for exynos-drm on minor 1\nexynos-hdmi 12d00000.hdmi: [drm:hdmiphy_enable.part.0] *ERROR* PLL could not reach steady state\npanel-samsung-s6e8aa0 11c80000.dsi.0: ID: 0xa2, 0x20, 0x8c\nexynos-mixer 12c10000.mixer: timeout waiting for VSYNC\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 11 at drivers/gpu/drm/drm_atomic_helper.c:1682 drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8\n[CRTC:70:crtc-1] vblank wait timed out\nModules linked in:\nCPU: 1 PID: 11 Comm: kworker/u16:0 Not tainted 6.9.0-rc5-next-20240424 #14913\nHardware name: Samsung Exynos (Flattened Device Tree)\nWorkqueue: events_unbound deferred_probe_work_func\nCall trace:\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x68/0x88\n dump_stack_lvl from __warn+0x7c/0x1c4\n __warn from warn_slowpath_fmt+0x11c/0x1a8\n warn_slowpath_fmt from drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8\n drm_atomic_helper_wait_for_vblanks.part.0 from drm_atomic_helper_commit_tail_rpm+0x7c/0x8c\n drm_atomic_helper_commit_tail_rpm from commit_tail+0x9c/0x184\n commit_tail from drm_atomic_helper_commit+0x168/0x190\n drm_atomic_helper_commit from drm_atomic_commit+0xb4/0xe0\n drm_atomic_commit from drm_client_modeset_commit_atomic+0x23c/0x27c\n drm_client_modeset_commit_atomic from drm_client_modeset_commit_locked+0x60/0x1cc\n drm_client_modeset_commit_locked from drm_client_modeset_commit+0x24/0x40\n drm_client_modeset_commit from __drm_fb_helper_restore_fbdev_mode_unlocked+0x9c/0xc4\n __drm_fb_helper_restore_fbdev_mode_unlocked from drm_fb_helper_set_par+0x2c/0x3c\n drm_fb_helper_set_par from fbcon_init+0x3d8/0x550\n fbcon_init from visual_init+0xc0/0x108\n visual_init from do_bind_con_driver+0x1b8/0x3a4\n do_bind_con_driver from do_take_over_console+0x140/0x1ec\n do_take_over_console from do_fbcon_takeover+0x70/0xd0\n do_fbcon_takeover from fbcon_fb_registered+0x19c/0x1ac\n fbcon_fb_registered from register_framebuffer+0x190/0x21c\n register_framebuffer from __drm_fb_helper_initial_config_and_unlock+0x350/0x574\n __drm_fb_helper_initial_config_and_unlock from exynos_drm_fbdev_client_hotplug+0x6c/0xb0\n exynos_drm_fbdev_client_hotplug from drm_client_register+0x58/0x94\n drm_client_register from exynos_drm_bind+0x160/0x190\n exynos_drm_bind from try_to_bring_up_aggregate_device+0x200/0x2d8\n try_to_bring_up_aggregate_device from __component_add+0xb0/0x170\n __component_add from mixer_probe+0x74/0xcc\n mixer_probe from platform_probe+0x5c/0xb8\n platform_probe from really_probe+0xe0/0x3d8\n really_probe from __driver_probe_device+0x9c/0x1e4\n __driver_probe_device from driver_probe_device+0x30/0xc0\n driver_probe_device from __device_attach_driver+0xa8/0x120\n __device_attach_driver from bus_for_each_drv+0x80/0xcc\n bus_for_each_drv from __device_attach+0xac/0x1fc\n __device_attach from bus_probe_device+0x8c/0x90\n bus_probe_device from deferred_probe_work_func+0\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40916",
"url": "https://www.suse.com/security/cve/CVE-2024-40916"
},
{
"category": "external",
"summary": "SUSE Bug 1227846 for CVE-2024-40916",
"url": "https://bugzilla.suse.com/1227846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40916"
},
{
"cve": "CVE-2024-40920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40920"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mst: fix suspicious rcu usage in br_mst_set_state\n\nI converted br_mst_set_state to RCU to avoid a vlan use-after-free\nbut forgot to change the vlan group dereference helper. Switch to vlan\ngroup RCU deref helper to fix the suspicious rcu usage warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40920",
"url": "https://www.suse.com/security/cve/CVE-2024-40920"
},
{
"category": "external",
"summary": "SUSE Bug 1227781 for CVE-2024-40920",
"url": "https://bugzilla.suse.com/1227781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40920"
},
{
"cve": "CVE-2024-40921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40921"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mst: pass vlan group directly to br_mst_vlan_set_state\n\nPass the already obtained vlan group pointer to br_mst_vlan_set_state()\ninstead of dereferencing it again. Each caller has already correctly\ndereferenced it for their context. This change is required for the\nfollowing suspicious RCU dereference fix. No functional changes\nintended.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40921",
"url": "https://www.suse.com/security/cve/CVE-2024-40921"
},
{
"category": "external",
"summary": "SUSE Bug 1227784 for CVE-2024-40921",
"url": "https://bugzilla.suse.com/1227784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40921"
},
{
"cve": "CVE-2024-40922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40922"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rsrc: don\u0027t lock while !TASK_RUNNING\n\nThere is a report of io_rsrc_ref_quiesce() locking a mutex while not\nTASK_RUNNING, which is due to forgetting restoring the state back after\nio_run_task_work_sig() and attempts to break out of the waiting loop.\n\ndo not call blocking ops when !TASK_RUNNING; state=1 set at\n[\u003cffffffff815d2494\u003e] prepare_to_wait+0xa4/0x380\nkernel/sched/wait.c:237\nWARNING: CPU: 2 PID: 397056 at kernel/sched/core.c:10099\n__might_sleep+0x114/0x160 kernel/sched/core.c:10099\nRIP: 0010:__might_sleep+0x114/0x160 kernel/sched/core.c:10099\nCall Trace:\n \u003cTASK\u003e\n __mutex_lock_common kernel/locking/mutex.c:585 [inline]\n __mutex_lock+0xb4/0x940 kernel/locking/mutex.c:752\n io_rsrc_ref_quiesce+0x590/0x940 io_uring/rsrc.c:253\n io_sqe_buffers_unregister+0xa2/0x340 io_uring/rsrc.c:799\n __io_uring_register io_uring/register.c:424 [inline]\n __do_sys_io_uring_register+0x5b9/0x2400 io_uring/register.c:613\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd8/0x270 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6f/0x77",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40922",
"url": "https://www.suse.com/security/cve/CVE-2024-40922"
},
{
"category": "external",
"summary": "SUSE Bug 1227785 for CVE-2024-40922",
"url": "https://bugzilla.suse.com/1227785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "low"
}
],
"title": "CVE-2024-40922"
},
{
"cve": "CVE-2024-40924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/dpt: Make DPT object unshrinkable\n\nIn some scenarios, the DPT object gets shrunk but\nthe actual framebuffer did not and thus its still\nthere on the DPT\u0027s vm-\u003ebound_list. Then it tries to\nrewrite the PTEs via a stale CPU mapping. This causes panic.\n\n[vsyrjala: Add TODO comment]\n(cherry picked from commit 51064d471c53dcc8eddd2333c3f1c1d9131ba36c)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40924",
"url": "https://www.suse.com/security/cve/CVE-2024-40924"
},
{
"category": "external",
"summary": "SUSE Bug 1227787 for CVE-2024-40924",
"url": "https://bugzilla.suse.com/1227787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40924"
},
{
"cve": "CVE-2024-40926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40926"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: don\u0027t attempt to schedule hpd_work on headless cards\n\nIf the card doesn\u0027t have display hardware, hpd_work and hpd_lock are\nleft uninitialized which causes BUG when attempting to schedule hpd_work\non runtime PM resume.\n\nFix it by adding headless flag to DRM and skip any hpd if it\u0027s set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40926",
"url": "https://www.suse.com/security/cve/CVE-2024-40926"
},
{
"category": "external",
"summary": "SUSE Bug 1227791 for CVE-2024-40926",
"url": "https://bugzilla.suse.com/1227791"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40926"
},
{
"cve": "CVE-2024-40927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Handle TD clearing for multiple streams case\n\nWhen multiple streams are in use, multiple TDs might be in flight when\nan endpoint is stopped. We need to issue a Set TR Dequeue Pointer for\neach, to ensure everything is reset properly and the caches cleared.\nChange the logic so that any N\u003e1 TDs found active for different streams\nare deferred until after the first one is processed, calling\nxhci_invalidate_cancelled_tds() again from xhci_handle_cmd_set_deq() to\nqueue another command until we are done with all of them. Also change\nthe error/\"should never happen\" paths to ensure we at least clear any\naffected TDs, even if we can\u0027t issue a command to clear the hardware\ncache, and complain loudly with an xhci_warn() if this ever happens.\n\nThis problem case dates back to commit e9df17eb1408 (\"USB: xhci: Correct\nassumptions about number of rings per endpoint.\") early on in the XHCI\ndriver\u0027s life, when stream support was first added.\nIt was then identified but not fixed nor made into a warning in commit\n674f8438c121 (\"xhci: split handling halted endpoints into two steps\"),\nwhich added a FIXME comment for the problem case (without materially\nchanging the behavior as far as I can tell, though the new logic made\nthe problem more obvious).\n\nThen later, in commit 94f339147fc3 (\"xhci: Fix failure to give back some\ncached cancelled URBs.\"), it was acknowledged again.\n\n[Mathias: commit 94f339147fc3 (\"xhci: Fix failure to give back some cached\ncancelled URBs.\") was a targeted regression fix to the previously mentioned\npatch. Users reported issues with usb stuck after unmounting/disconnecting\nUAS devices. This rolled back the TD clearing of multiple streams to its\noriginal state.]\n\nApparently the commit author was aware of the problem (yet still chose\nto submit it): It was still mentioned as a FIXME, an xhci_dbg() was\nadded to log the problem condition, and the remaining issue was mentioned\nin the commit description. The choice of making the log type xhci_dbg()\nfor what is, at this point, a completely unhandled and known broken\ncondition is puzzling and unfortunate, as it guarantees that no actual\nusers would see the log in production, thereby making it nigh\nundebuggable (indeed, even if you turn on DEBUG, the message doesn\u0027t\nreally hint at there being a problem at all).\n\nIt took me *months* of random xHC crashes to finally find a reliable\nrepro and be able to do a deep dive debug session, which could all have\nbeen avoided had this unhandled, broken condition been actually reported\nwith a warning, as it should have been as a bug intentionally left in\nunfixed (never mind that it shouldn\u0027t have been left in at all).\n\n\u003e Another fix to solve clearing the caches of all stream rings with\n\u003e cancelled TDs is needed, but not as urgent.\n\n3 years after that statement and 14 years after the original bug was\nintroduced, I think it\u0027s finally time to fix it. And maybe next time\nlet\u0027s not leave bugs unfixed (that are actually worse than the original\nbug), and let\u0027s actually get people to review kernel commits please.\n\nFixes xHC crashes and IOMMU faults with UAS devices when handling\nerrors/faults. Easiest repro is to use `hdparm` to mark an early sector\n(e.g. 1024) on a disk as bad, then `cat /dev/sdX \u003e /dev/null` in a loop.\nAt least in the case of JMicron controllers, the read errors end up\nhaving to cancel two TDs (for two queued requests to different streams)\nand the one that didn\u0027t get cleared properly ends up faulting the xHC\nentirely when it tries to access DMA pages that have since been unmapped,\nreferred to by the stale TDs. This normally happens quickly (after two\nor three loops). After this fix, I left the `cat` in a loop running\novernight and experienced no xHC failures, with all read errors\nrecovered properly. Repro\u0027d and tested on an Apple M1 Mac Mini\n(dwc3 host).\n\nOn systems without an IOMMU, this bug would instead silently corrupt\nfreed memory, making this a\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40927",
"url": "https://www.suse.com/security/cve/CVE-2024-40927"
},
{
"category": "external",
"summary": "SUSE Bug 1227816 for CVE-2024-40927",
"url": "https://bugzilla.suse.com/1227816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40927"
},
{
"cve": "CVE-2024-40929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40929"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: check n_ssids before accessing the ssids\n\nIn some versions of cfg80211, the ssids poinet might be a valid one even\nthough n_ssids is 0. Accessing the pointer in this case will cuase an\nout-of-bound access. Fix this by checking n_ssids first.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40929",
"url": "https://www.suse.com/security/cve/CVE-2024-40929"
},
{
"category": "external",
"summary": "SUSE Bug 1227774 for CVE-2024-40929",
"url": "https://bugzilla.suse.com/1227774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40929"
},
{
"cve": "CVE-2024-40930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40930"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: validate HE operation element parsing\n\nValidate that the HE operation element has the correct\nlength before parsing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40930",
"url": "https://www.suse.com/security/cve/CVE-2024-40930"
},
{
"category": "external",
"summary": "SUSE Bug 1228236 for CVE-2024-40930",
"url": "https://bugzilla.suse.com/1228236"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40930"
},
{
"cve": "CVE-2024-40932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40932"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos/vidi: fix memory leak in .get_modes()\n\nThe duplicated EDID is never freed. Fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40932",
"url": "https://www.suse.com/security/cve/CVE-2024-40932"
},
{
"category": "external",
"summary": "SUSE Bug 1227828 for CVE-2024-40932",
"url": "https://bugzilla.suse.com/1227828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40932"
},
{
"cve": "CVE-2024-40934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()\n\nFix a memory leak on logi_dj_recv_send_report() error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40934",
"url": "https://www.suse.com/security/cve/CVE-2024-40934"
},
{
"category": "external",
"summary": "SUSE Bug 1227796 for CVE-2024-40934",
"url": "https://bugzilla.suse.com/1227796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40934"
},
{
"cve": "CVE-2024-40936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40936"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Fix memregion leaks in devm_cxl_add_region()\n\nMove the mode verification to __create_region() before allocating the\nmemregion to avoid the memregion leaks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40936",
"url": "https://www.suse.com/security/cve/CVE-2024-40936"
},
{
"category": "external",
"summary": "SUSE Bug 1227833 for CVE-2024-40936",
"url": "https://bugzilla.suse.com/1227833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40936"
},
{
"cve": "CVE-2024-40938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40938"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Fix d_parent walk\n\nThe WARN_ON_ONCE() in collect_domain_accesses() can be triggered when\ntrying to link a root mount point. This cannot work in practice because\nthis directory is mounted, but the VFS check is done after the call to\nsecurity_path_link().\n\nDo not use source directory\u0027s d_parent when the source directory is the\nmount point.\n\n[mic: Fix commit message]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40938",
"url": "https://www.suse.com/security/cve/CVE-2024-40938"
},
{
"category": "external",
"summary": "SUSE Bug 1227840 for CVE-2024-40938",
"url": "https://bugzilla.suse.com/1227840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40938"
},
{
"cve": "CVE-2024-40939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40939"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: iosm: Fix tainted pointer delete is case of region creation fail\n\nIn case of region creation fail in ipc_devlink_create_region(), previously\ncreated regions delete process starts from tainted pointer which actually\nholds error code value.\nFix this bug by decreasing region index before delete.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40939",
"url": "https://www.suse.com/security/cve/CVE-2024-40939"
},
{
"category": "external",
"summary": "SUSE Bug 1227799 for CVE-2024-40939",
"url": "https://bugzilla.suse.com/1227799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40939"
},
{
"cve": "CVE-2024-40941",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40941"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don\u0027t read past the mfuart notifcation\n\nIn case the firmware sends a notification that claims it has more data\nthan it has, we will read past that was allocated for the notification.\nRemove the print of the buffer, we won\u0027t see it by default. If needed,\nwe can see the content with tracing.\n\nThis was reported by KFENCE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40941",
"url": "https://www.suse.com/security/cve/CVE-2024-40941"
},
{
"category": "external",
"summary": "SUSE Bug 1227771 for CVE-2024-40941",
"url": "https://bugzilla.suse.com/1227771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40941"
},
{
"cve": "CVE-2024-40942",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40942"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: mesh: Fix leak of mesh_preq_queue objects\n\nThe hwmp code use objects of type mesh_preq_queue, added to a list in\nieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath\ngets deleted, ex mesh interface is removed, the entries in that list will\nnever get cleaned. Fix this by flushing all corresponding items of the\npreq_queue in mesh_path_flush_pending().\n\nThis should take care of KASAN reports like this:\n\nunreferenced object 0xffff00000668d800 (size 128):\n comm \"kworker/u8:4\", pid 67, jiffies 4295419552 (age 1836.444s)\n hex dump (first 32 bytes):\n 00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h.....\n 8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....\u003e...........\n backtrace:\n [\u003c000000007302a0b6\u003e] __kmem_cache_alloc_node+0x1e0/0x35c\n [\u003c00000000049bd418\u003e] kmalloc_trace+0x34/0x80\n [\u003c0000000000d792bb\u003e] mesh_queue_preq+0x44/0x2a8\n [\u003c00000000c99c3696\u003e] mesh_nexthop_resolve+0x198/0x19c\n [\u003c00000000926bf598\u003e] ieee80211_xmit+0x1d0/0x1f4\n [\u003c00000000fc8c2284\u003e] __ieee80211_subif_start_xmit+0x30c/0x764\n [\u003c000000005926ee38\u003e] ieee80211_subif_start_xmit+0x9c/0x7a4\n [\u003c000000004c86e916\u003e] dev_hard_start_xmit+0x174/0x440\n [\u003c0000000023495647\u003e] __dev_queue_xmit+0xe24/0x111c\n [\u003c00000000cfe9ca78\u003e] batadv_send_skb_packet+0x180/0x1e4\n [\u003c000000007bacc5d5\u003e] batadv_v_elp_periodic_work+0x2f4/0x508\n [\u003c00000000adc3cd94\u003e] process_one_work+0x4b8/0xa1c\n [\u003c00000000b36425d1\u003e] worker_thread+0x9c/0x634\n [\u003c0000000005852dd5\u003e] kthread+0x1bc/0x1c4\n [\u003c000000005fccd770\u003e] ret_from_fork+0x10/0x20\nunreferenced object 0xffff000009051f00 (size 128):\n comm \"kworker/u8:4\", pid 67, jiffies 4295419553 (age 1836.440s)\n hex dump (first 32 bytes):\n 90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h.....\n 36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6\u0027.......Xy.....\n backtrace:\n [\u003c000000007302a0b6\u003e] __kmem_cache_alloc_node+0x1e0/0x35c\n [\u003c00000000049bd418\u003e] kmalloc_trace+0x34/0x80\n [\u003c0000000000d792bb\u003e] mesh_queue_preq+0x44/0x2a8\n [\u003c00000000c99c3696\u003e] mesh_nexthop_resolve+0x198/0x19c\n [\u003c00000000926bf598\u003e] ieee80211_xmit+0x1d0/0x1f4\n [\u003c00000000fc8c2284\u003e] __ieee80211_subif_start_xmit+0x30c/0x764\n [\u003c000000005926ee38\u003e] ieee80211_subif_start_xmit+0x9c/0x7a4\n [\u003c000000004c86e916\u003e] dev_hard_start_xmit+0x174/0x440\n [\u003c0000000023495647\u003e] __dev_queue_xmit+0xe24/0x111c\n [\u003c00000000cfe9ca78\u003e] batadv_send_skb_packet+0x180/0x1e4\n [\u003c000000007bacc5d5\u003e] batadv_v_elp_periodic_work+0x2f4/0x508\n [\u003c00000000adc3cd94\u003e] process_one_work+0x4b8/0xa1c\n [\u003c00000000b36425d1\u003e] worker_thread+0x9c/0x634\n [\u003c0000000005852dd5\u003e] kthread+0x1bc/0x1c4\n [\u003c000000005fccd770\u003e] ret_from_fork+0x10/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40942",
"url": "https://www.suse.com/security/cve/CVE-2024-40942"
},
{
"category": "external",
"summary": "SUSE Bug 1227770 for CVE-2024-40942",
"url": "https://bugzilla.suse.com/1227770"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40942"
},
{
"cve": "CVE-2024-40943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40943"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix races between hole punching and AIO+DIO\n\nAfter commit \"ocfs2: return real error code in ocfs2_dio_wr_get_block\",\nfstests/generic/300 become from always failed to sometimes failed:\n\n========================================================================\n[ 473.293420 ] run fstests generic/300\n\n[ 475.296983 ] JBD2: Ignoring recovery information on journal\n[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.\n[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found\n[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.\n[ 494.292018 ] OCFS2: File system is now read-only.\n[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30\n[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3\nfio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072\n=========================================================================\n\nIn __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten\nextents to a list. extents are also inserted into extent tree in\nocfs2_write_begin_nolock. Then another thread call fallocate to puch a\nhole at one of the unwritten extent. The extent at cpos was removed by\nocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list\nfound there is no such extent at the cpos.\n\n T1 T2 T3\n inode lock\n ...\n insert extents\n ...\n inode unlock\nocfs2_fallocate\n __ocfs2_change_file_space\n inode lock\n lock ip_alloc_sem\n ocfs2_remove_inode_range inode\n ocfs2_remove_btree_range\n ocfs2_remove_extent\n ^---remove the extent at cpos 78723\n ...\n unlock ip_alloc_sem\n inode unlock\n ocfs2_dio_end_io\n ocfs2_dio_end_io_write\n lock ip_alloc_sem\n ocfs2_mark_extent_written\n ocfs2_change_extent_flag\n ocfs2_search_extent_list\n ^---failed to find extent\n ...\n unlock ip_alloc_sem\n\nIn most filesystems, fallocate is not compatible with racing with AIO+DIO,\nso fix it by adding to wait for all dio before fallocate/punch_hole like\next4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40943",
"url": "https://www.suse.com/security/cve/CVE-2024-40943"
},
{
"category": "external",
"summary": "SUSE Bug 1227849 for CVE-2024-40943",
"url": "https://bugzilla.suse.com/1227849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40943"
},
{
"cve": "CVE-2024-40944",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40944"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/kexec: Fix bug with call depth tracking\n\nThe call to cc_platform_has() triggers a fault and system crash if call depth\ntracking is active because the GS segment has been reset by load_segments() and\nGS_BASE is now 0 but call depth tracking uses per-CPU variables to operate.\n\nCall cc_platform_has() earlier in the function when GS is still valid.\n\n [ bp: Massage. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40944",
"url": "https://www.suse.com/security/cve/CVE-2024-40944"
},
{
"category": "external",
"summary": "SUSE Bug 1227883 for CVE-2024-40944",
"url": "https://bugzilla.suse.com/1227883"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40944"
},
{
"cve": "CVE-2024-40945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40945"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Return right value in iommu_sva_bind_device()\n\niommu_sva_bind_device() should return either a sva bond handle or an\nERR_PTR value in error cases. Existing drivers (idxd and uacce) only\ncheck the return value with IS_ERR(). This could potentially lead to\na kernel NULL pointer dereference issue if the function returns NULL\ninstead of an error pointer.\n\nIn reality, this doesn\u0027t cause any problems because iommu_sva_bind_device()\nonly returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA.\nIn this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will\nreturn an error, and the device drivers won\u0027t call iommu_sva_bind_device()\nat all.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40945",
"url": "https://www.suse.com/security/cve/CVE-2024-40945"
},
{
"category": "external",
"summary": "SUSE Bug 1227802 for CVE-2024-40945",
"url": "https://bugzilla.suse.com/1227802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40945"
},
{
"cve": "CVE-2024-40954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40954"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not leave a dangling sk pointer, when socket creation fails\n\nIt is possible to trigger a use-after-free by:\n * attaching an fentry probe to __sock_release() and the probe calling the\n bpf_get_socket_cookie() helper\n * running traceroute -I 1.1.1.1 on a freshly booted VM\n\nA KASAN enabled kernel will log something like below (decoded and stripped):\n==================================================================\nBUG: KASAN: slab-use-after-free in __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nRead of size 8 at addr ffff888007110dd8 by task traceroute/299\n\nCPU: 2 PID: 299 Comm: traceroute Tainted: G E 6.10.0-rc2+ #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\ndump_stack_lvl (lib/dump_stack.c:117 (discriminator 1))\nprint_report (mm/kasan/report.c:378 mm/kasan/report.c:488)\n? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nkasan_report (mm/kasan/report.c:603)\n? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nkasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)\n__sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nbpf_get_socket_ptr_cookie (./arch/x86/include/asm/preempt.h:94 ./include/linux/sock_diag.h:42 net/core/filter.c:5094 net/core/filter.c:5092)\nbpf_prog_875642cf11f1d139___sock_release+0x6e/0x8e\nbpf_trampoline_6442506592+0x47/0xaf\n__sock_release (net/socket.c:652)\n__sock_create (net/socket.c:1601)\n...\nAllocated by task 299 on cpu 2 at 78.328492s:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (mm/kasan/common.c:68)\n__kasan_slab_alloc (mm/kasan/common.c:312 mm/kasan/common.c:338)\nkmem_cache_alloc_noprof (mm/slub.c:3941 mm/slub.c:4000 mm/slub.c:4007)\nsk_prot_alloc (net/core/sock.c:2075)\nsk_alloc (net/core/sock.c:2134)\ninet_create (net/ipv4/af_inet.c:327 net/ipv4/af_inet.c:252)\n__sock_create (net/socket.c:1572)\n__sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706)\n__x64_sys_socket (net/socket.c:1718)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nFreed by task 299 on cpu 2 at 78.328502s:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (mm/kasan/common.c:68)\nkasan_save_free_info (mm/kasan/generic.c:582)\npoison_slab_object (mm/kasan/common.c:242)\n__kasan_slab_free (mm/kasan/common.c:256)\nkmem_cache_free (mm/slub.c:4437 mm/slub.c:4511)\n__sk_destruct (net/core/sock.c:2117 net/core/sock.c:2208)\ninet_create (net/ipv4/af_inet.c:397 net/ipv4/af_inet.c:252)\n__sock_create (net/socket.c:1572)\n__sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706)\n__x64_sys_socket (net/socket.c:1718)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nFix this by clearing the struct socket reference in sk_common_release() to cover\nall protocol families create functions, which may already attached the\nreference to the sk object with sock_init_data().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40954",
"url": "https://www.suse.com/security/cve/CVE-2024-40954"
},
{
"category": "external",
"summary": "SUSE Bug 1227808 for CVE-2024-40954",
"url": "https://bugzilla.suse.com/1227808"
},
{
"category": "external",
"summary": "SUSE Bug 1228786 for CVE-2024-40954",
"url": "https://bugzilla.suse.com/1228786"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-40954"
},
{
"cve": "CVE-2024-40956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40956"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list\n\nUse list_for_each_entry_safe() to allow iterating through the list and\ndeleting the entry in the iteration process. The descriptor is freed via\nidxd_desc_complete() and there\u0027s a slight chance may cause issue for\nthe list iterator when the descriptor is reused by another thread\nwithout it being deleted from the list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40956",
"url": "https://www.suse.com/security/cve/CVE-2024-40956"
},
{
"category": "external",
"summary": "SUSE Bug 1227810 for CVE-2024-40956",
"url": "https://bugzilla.suse.com/1227810"
},
{
"category": "external",
"summary": "SUSE Bug 1228585 for CVE-2024-40956",
"url": "https://bugzilla.suse.com/1228585"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-40956"
},
{
"cve": "CVE-2024-40957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nseg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors\n\ninput_action_end_dx4() and input_action_end_dx6() are called NF_HOOK() for\nPREROUTING hook, in PREROUTING hook, we should passing a valid indev,\nand a NULL outdev to NF_HOOK(), otherwise may trigger a NULL pointer\ndereference, as below:\n\n [74830.647293] BUG: kernel NULL pointer dereference, address: 0000000000000090\n [74830.655633] #PF: supervisor read access in kernel mode\n [74830.657888] #PF: error_code(0x0000) - not-present page\n [74830.659500] PGD 0 P4D 0\n [74830.660450] Oops: 0000 [#1] PREEMPT SMP PTI\n ...\n [74830.664953] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\n [74830.666569] RIP: 0010:rpfilter_mt+0x44/0x15e [ipt_rpfilter]\n ...\n [74830.689725] Call Trace:\n [74830.690402] \u003cIRQ\u003e\n [74830.690953] ? show_trace_log_lvl+0x1c4/0x2df\n [74830.692020] ? show_trace_log_lvl+0x1c4/0x2df\n [74830.693095] ? ipt_do_table+0x286/0x710 [ip_tables]\n [74830.694275] ? __die_body.cold+0x8/0xd\n [74830.695205] ? page_fault_oops+0xac/0x140\n [74830.696244] ? exc_page_fault+0x62/0x150\n [74830.697225] ? asm_exc_page_fault+0x22/0x30\n [74830.698344] ? rpfilter_mt+0x44/0x15e [ipt_rpfilter]\n [74830.699540] ipt_do_table+0x286/0x710 [ip_tables]\n [74830.700758] ? ip6_route_input+0x19d/0x240\n [74830.701752] nf_hook_slow+0x3f/0xb0\n [74830.702678] input_action_end_dx4+0x19b/0x1e0\n [74830.703735] ? input_action_end_t+0xe0/0xe0\n [74830.704734] seg6_local_input_core+0x2d/0x60\n [74830.705782] lwtunnel_input+0x5b/0xb0\n [74830.706690] __netif_receive_skb_one_core+0x63/0xa0\n [74830.707825] process_backlog+0x99/0x140\n [74830.709538] __napi_poll+0x2c/0x160\n [74830.710673] net_rx_action+0x296/0x350\n [74830.711860] __do_softirq+0xcb/0x2ac\n [74830.713049] do_softirq+0x63/0x90\n\ninput_action_end_dx4() passing a NULL indev to NF_HOOK(), and finally\ntrigger a NULL dereference in rpfilter_mt()-\u003erpfilter_is_loopback():\n\n static bool\n rpfilter_is_loopback(const struct sk_buff *skb,\n \t const struct net_device *in)\n {\n // in is NULL\n return skb-\u003epkt_type == PACKET_LOOPBACK ||\n \t in-\u003eflags \u0026 IFF_LOOPBACK;\n }",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40957",
"url": "https://www.suse.com/security/cve/CVE-2024-40957"
},
{
"category": "external",
"summary": "SUSE Bug 1227811 for CVE-2024-40957",
"url": "https://bugzilla.suse.com/1227811"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40957"
},
{
"cve": "CVE-2024-40958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40958"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetns: Make get_net_ns() handle zero refcount net\n\nSyzkaller hit a warning:\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 3 PID: 7890 at lib/refcount.c:25 refcount_warn_saturate+0xdf/0x1d0\nModules linked in:\nCPU: 3 PID: 7890 Comm: tun Not tainted 6.10.0-rc3-00100-gcaa4f9578aba-dirty #310\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xdf/0x1d0\nCode: 41 49 04 31 ff 89 de e8 9f 1e cd fe 84 db 75 9c e8 76 26 cd fe c6 05 b6 41 49 04 01 90 48 c7 c7 b8 8e 25 86 e8 d2 05 b5 fe 90 \u003c0f\u003e 0b 90 90 e9 79 ff ff ff e8 53 26 cd fe 0f b6 1\nRSP: 0018:ffff8881067b7da0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff811c72ac\nRDX: ffff8881026a2140 RSI: ffffffff811c72b5 RDI: 0000000000000001\nRBP: ffff8881067b7db0 R08: 0000000000000000 R09: 205b5d3730353139\nR10: 0000000000000000 R11: 205d303938375420 R12: ffff8881086500c4\nR13: ffff8881086500c4 R14: ffff8881086500b0 R15: ffff888108650040\nFS: 00007f5b2961a4c0(0000) GS:ffff88823bd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055d7ed36fd18 CR3: 00000001482f6000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0xa3/0xc0\n ? __warn+0xa5/0x1c0\n ? refcount_warn_saturate+0xdf/0x1d0\n ? report_bug+0x1fc/0x2d0\n ? refcount_warn_saturate+0xdf/0x1d0\n ? handle_bug+0xa1/0x110\n ? exc_invalid_op+0x3c/0xb0\n ? asm_exc_invalid_op+0x1f/0x30\n ? __warn_printk+0xcc/0x140\n ? __warn_printk+0xd5/0x140\n ? refcount_warn_saturate+0xdf/0x1d0\n get_net_ns+0xa4/0xc0\n ? __pfx_get_net_ns+0x10/0x10\n open_related_ns+0x5a/0x130\n __tun_chr_ioctl+0x1616/0x2370\n ? __sanitizer_cov_trace_switch+0x58/0xa0\n ? __sanitizer_cov_trace_const_cmp2+0x1c/0x30\n ? __pfx_tun_chr_ioctl+0x10/0x10\n tun_chr_ioctl+0x2f/0x40\n __x64_sys_ioctl+0x11b/0x160\n x64_sys_call+0x1211/0x20d0\n do_syscall_64+0x9e/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f5b28f165d7\nCode: b3 66 90 48 8b 05 b1 48 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 48 2d 00 8\nRSP: 002b:00007ffc2b59c5e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5b28f165d7\nRDX: 0000000000000000 RSI: 00000000000054e3 RDI: 0000000000000003\nRBP: 00007ffc2b59c650 R08: 00007f5b291ed8c0 R09: 00007f5b2961a4c0\nR10: 0000000029690010 R11: 0000000000000246 R12: 0000000000400730\nR13: 00007ffc2b59cf40 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\n\nThis is trigger as below:\n ns0 ns1\ntun_set_iff() //dev is tun0\n tun-\u003edev = dev\n//ip link set tun0 netns ns1\n put_net() //ref is 0\n__tun_chr_ioctl() //TUNGETDEVNETNS\n net = dev_net(tun-\u003edev);\n open_related_ns(\u0026net-\u003ens, get_net_ns); //ns1\n get_net_ns()\n get_net() //addition on 0\n\nUse maybe_get_net() in get_net_ns in case net\u0027s ref is zero to fix this",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40958",
"url": "https://www.suse.com/security/cve/CVE-2024-40958"
},
{
"category": "external",
"summary": "SUSE Bug 1227812 for CVE-2024-40958",
"url": "https://bugzilla.suse.com/1227812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40958"
},
{
"cve": "CVE-2024-40959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40959"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()\n\nip6_dst_idev() can return NULL, xfrm6_get_saddr() must act accordingly.\n\nsyzbot reported:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 1 PID: 12 Comm: kworker/u8:1 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nWorkqueue: wg-kex-wg1 wg_packet_handshake_send_worker\n RIP: 0010:xfrm6_get_saddr+0x93/0x130 net/ipv6/xfrm6_policy.c:64\nCode: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 97 00 00 00 4c 8b ab d8 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 86 00 00 00 4d 8b 6d 00 e8 ca 13 47 01 48 b8 00\nRSP: 0018:ffffc90000117378 EFLAGS: 00010246\nRAX: dffffc0000000000 RBX: ffff88807b079dc0 RCX: ffffffff89a0d6d7\nRDX: 0000000000000000 RSI: ffffffff89a0d6e9 RDI: ffff88807b079e98\nRBP: ffff88807ad73248 R08: 0000000000000007 R09: fffffffffffff000\nR10: ffff88807b079dc0 R11: 0000000000000007 R12: ffffc90000117480\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f4586d00440 CR3: 0000000079042000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n xfrm_get_saddr net/xfrm/xfrm_policy.c:2452 [inline]\n xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2481 [inline]\n xfrm_tmpl_resolve+0xa26/0xf10 net/xfrm/xfrm_policy.c:2541\n xfrm_resolve_and_create_bundle+0x140/0x2570 net/xfrm/xfrm_policy.c:2835\n xfrm_bundle_lookup net/xfrm/xfrm_policy.c:3070 [inline]\n xfrm_lookup_with_ifid+0x4d1/0x1e60 net/xfrm/xfrm_policy.c:3201\n xfrm_lookup net/xfrm/xfrm_policy.c:3298 [inline]\n xfrm_lookup_route+0x3b/0x200 net/xfrm/xfrm_policy.c:3309\n ip6_dst_lookup_flow+0x15c/0x1d0 net/ipv6/ip6_output.c:1256\n send6+0x611/0xd20 drivers/net/wireguard/socket.c:139\n wg_socket_send_skb_to_peer+0xf9/0x220 drivers/net/wireguard/socket.c:178\n wg_socket_send_buffer_to_peer+0x12b/0x190 drivers/net/wireguard/socket.c:200\n wg_packet_send_handshake_initiation+0x227/0x360 drivers/net/wireguard/send.c:40\n wg_packet_handshake_send_worker+0x1c/0x30 drivers/net/wireguard/send.c:51\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40959",
"url": "https://www.suse.com/security/cve/CVE-2024-40959"
},
{
"category": "external",
"summary": "SUSE Bug 1227884 for CVE-2024-40959",
"url": "https://bugzilla.suse.com/1227884"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40959"
},
{
"cve": "CVE-2024-40962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40962"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: allocate dummy checksums for zoned NODATASUM writes\n\nShin\u0027ichiro reported that when he\u0027s running fstests\u0027 test-case\nbtrfs/167 on emulated zoned devices, he\u0027s seeing the following NULL\npointer dereference in \u0027btrfs_zone_finish_endio()\u0027:\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000011: 0000 [#1] PREEMPT SMP KASAN NOPTI\n KASAN: null-ptr-deref in range [0x0000000000000088-0x000000000000008f]\n CPU: 4 PID: 2332440 Comm: kworker/u80:15 Tainted: G W 6.10.0-rc2-kts+ #4\n Hardware name: Supermicro Super Server/X11SPi-TF, BIOS 3.3 02/21/2020\n Workqueue: btrfs-endio-write btrfs_work_helper [btrfs]\n RIP: 0010:btrfs_zone_finish_endio.part.0+0x34/0x160 [btrfs]\n\n RSP: 0018:ffff88867f107a90 EFLAGS: 00010206\n RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff893e5534\n RDX: 0000000000000011 RSI: 0000000000000004 RDI: 0000000000000088\n RBP: 0000000000000002 R08: 0000000000000001 R09: ffffed1081696028\n R10: ffff88840b4b0143 R11: ffff88834dfff600 R12: ffff88840b4b0000\n R13: 0000000000020000 R14: 0000000000000000 R15: ffff888530ad5210\n FS: 0000000000000000(0000) GS:ffff888e3f800000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f87223fff38 CR3: 00000007a7c6a002 CR4: 00000000007706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die_addr+0x46/0x70\n ? exc_general_protection+0x14f/0x250\n ? asm_exc_general_protection+0x26/0x30\n ? do_raw_read_unlock+0x44/0x70\n ? btrfs_zone_finish_endio.part.0+0x34/0x160 [btrfs]\n btrfs_finish_one_ordered+0x5d9/0x19a0 [btrfs]\n ? __pfx_lock_release+0x10/0x10\n ? do_raw_write_lock+0x90/0x260\n ? __pfx_do_raw_write_lock+0x10/0x10\n ? __pfx_btrfs_finish_one_ordered+0x10/0x10 [btrfs]\n ? _raw_write_unlock+0x23/0x40\n ? btrfs_finish_ordered_zoned+0x5a9/0x850 [btrfs]\n ? lock_acquire+0x435/0x500\n btrfs_work_helper+0x1b1/0xa70 [btrfs]\n ? __schedule+0x10a8/0x60b0\n ? __pfx___might_resched+0x10/0x10\n process_one_work+0x862/0x1410\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x16c/0x240\n worker_thread+0x5e6/0x1010\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x2c3/0x3a0\n ? trace_irq_enable.constprop.0+0xce/0x110\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nEnabling CONFIG_BTRFS_ASSERT revealed the following assertion to\ntrigger:\n\n assertion failed: !list_empty(\u0026ordered-\u003elist), in fs/btrfs/zoned.c:1815\n\nThis indicates, that we\u0027re missing the checksums list on the\nordered_extent. As btrfs/167 is doing a NOCOW write this is to be\nexpected.\n\nFurther analysis with drgn confirmed the assumption:\n\n \u003e\u003e\u003e inode = prog.crashed_thread().stack_trace()[11][\u0027ordered\u0027].inode\n \u003e\u003e\u003e btrfs_inode = drgn.container_of(inode, \"struct btrfs_inode\", \\\n \t\t\t\t\"vfs_inode\")\n \u003e\u003e\u003e print(btrfs_inode.flags)\n (u32)1\n\nAs zoned emulation mode simulates conventional zones on regular devices,\nwe cannot use zone-append for writing. But we\u0027re only attaching dummy\nchecksums if we\u0027re doing a zone-append write.\n\nSo for NOCOW zoned data writes on conventional zones, also attach a\ndummy checksum.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40962",
"url": "https://www.suse.com/security/cve/CVE-2024-40962"
},
{
"category": "external",
"summary": "SUSE Bug 1227815 for CVE-2024-40962",
"url": "https://bugzilla.suse.com/1227815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40962"
},
{
"cve": "CVE-2024-40964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40964"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind()\n\nThe cs35l41_hda_unbind() function clears the hda_component entry\nmatching it\u0027s index and then dereferences the codec pointer held in the\nfirst element of the hda_component array, this is an issue when the\ndevice index was 0.\n\nInstead use the codec pointer stashed in the cs35l41_hda structure as it\nwill still be valid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40964",
"url": "https://www.suse.com/security/cve/CVE-2024-40964"
},
{
"category": "external",
"summary": "SUSE Bug 1227818 for CVE-2024-40964",
"url": "https://bugzilla.suse.com/1227818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40964"
},
{
"cve": "CVE-2024-40967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40967"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: imx: Introduce timeout when waiting on transmitter empty\n\nBy waiting at most 1 second for USR2_TXDC to be set, we avoid a potential\ndeadlock.\n\nIn case of the timeout, there is not much we can do, so we simply ignore\nthe transmitter state and optimistically try to continue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40967",
"url": "https://www.suse.com/security/cve/CVE-2024-40967"
},
{
"category": "external",
"summary": "SUSE Bug 1227891 for CVE-2024-40967",
"url": "https://bugzilla.suse.com/1227891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40967"
},
{
"cve": "CVE-2024-40976",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40976"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/lima: mask irqs in timeout path before hard reset\n\nThere is a race condition in which a rendering job might take just long\nenough to trigger the drm sched job timeout handler but also still\ncomplete before the hard reset is done by the timeout handler.\nThis runs into race conditions not expected by the timeout handler.\nIn some very specific cases it currently may result in a refcount\nimbalance on lima_pm_idle, with a stack dump such as:\n\n[10136.669170] WARNING: CPU: 0 PID: 0 at drivers/gpu/drm/lima/lima_devfreq.c:205 lima_devfreq_record_idle+0xa0/0xb0\n...\n[10136.669459] pc : lima_devfreq_record_idle+0xa0/0xb0\n...\n[10136.669628] Call trace:\n[10136.669634] lima_devfreq_record_idle+0xa0/0xb0\n[10136.669646] lima_sched_pipe_task_done+0x5c/0xb0\n[10136.669656] lima_gp_irq_handler+0xa8/0x120\n[10136.669666] __handle_irq_event_percpu+0x48/0x160\n[10136.669679] handle_irq_event+0x4c/0xc0\n\nWe can prevent that race condition entirely by masking the irqs at the\nbeginning of the timeout handler, at which point we give up on waiting\nfor that job entirely.\nThe irqs will be enabled again at the next hard reset which is already\ndone as a recovery by the timeout handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40976",
"url": "https://www.suse.com/security/cve/CVE-2024-40976"
},
{
"category": "external",
"summary": "SUSE Bug 1227893 for CVE-2024-40976",
"url": "https://bugzilla.suse.com/1227893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40976"
},
{
"cve": "CVE-2024-40977",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40977"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921s: fix potential hung tasks during chip recovery\n\nDuring chip recovery (e.g. chip reset), there is a possible situation that\nkernel worker reset_work is holding the lock and waiting for kernel thread\nstat_worker to be parked, while stat_worker is waiting for the release of\nthe same lock.\nIt causes a deadlock resulting in the dumping of hung tasks messages and\npossible rebooting of the device.\n\nThis patch prevents the execution of stat_worker during the chip recovery.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40977",
"url": "https://www.suse.com/security/cve/CVE-2024-40977"
},
{
"category": "external",
"summary": "SUSE Bug 1227950 for CVE-2024-40977",
"url": "https://bugzilla.suse.com/1227950"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40977"
},
{
"cve": "CVE-2024-40978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedi: Fix crash while reading debugfs attribute\n\nThe qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly\non a __user pointer, which results into the crash.\n\nTo fix this issue, use a small local stack buffer for sprintf() and then\ncall simple_read_from_buffer(), which in turns make the copy_to_user()\ncall.\n\nBUG: unable to handle page fault for address: 00007f4801111000\nPGD 8000000864df6067 P4D 8000000864df6067 PUD 864df7067 PMD 846028067 PTE 0\nOops: 0002 [#1] PREEMPT SMP PTI\nHardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 06/15/2023\nRIP: 0010:memcpy_orig+0xcd/0x130\nRSP: 0018:ffffb7a18c3ffc40 EFLAGS: 00010202\nRAX: 00007f4801111000 RBX: 00007f4801111000 RCX: 000000000000000f\nRDX: 000000000000000f RSI: ffffffffc0bfd7a0 RDI: 00007f4801111000\nRBP: ffffffffc0bfd7a0 R08: 725f746f6e5f6f64 R09: 3d7265766f636572\nR10: ffffb7a18c3ffd08 R11: 0000000000000000 R12: 00007f4881110fff\nR13: 000000007fffffff R14: ffffb7a18c3ffca0 R15: ffffffffc0bfd7af\nFS: 00007f480118a740(0000) GS:ffff98e38af00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f4801111000 CR3: 0000000864b8e001 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x183/0x510\n ? exc_page_fault+0x69/0x150\n ? asm_exc_page_fault+0x22/0x30\n ? memcpy_orig+0xcd/0x130\n vsnprintf+0x102/0x4c0\n sprintf+0x51/0x80\n qedi_dbg_do_not_recover_cmd_read+0x2f/0x50 [qedi 6bcfdeeecdea037da47069eca2ba717c84a77324]\n full_proxy_read+0x50/0x80\n vfs_read+0xa5/0x2e0\n ? folio_add_new_anon_rmap+0x44/0xa0\n ? set_pte_at+0x15/0x30\n ? do_pte_missing+0x426/0x7f0\n ksys_read+0xa5/0xe0\n do_syscall_64+0x58/0x80\n ? __count_memcg_events+0x46/0x90\n ? count_memcg_event_mm+0x3d/0x60\n ? handle_mm_fault+0x196/0x2f0\n ? do_user_addr_fault+0x267/0x890\n ? exc_page_fault+0x69/0x150\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7f4800f20b4d",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40978",
"url": "https://www.suse.com/security/cve/CVE-2024-40978"
},
{
"category": "external",
"summary": "SUSE Bug 1227929 for CVE-2024-40978",
"url": "https://bugzilla.suse.com/1227929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40978"
},
{
"cve": "CVE-2024-40981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: bypass empty buckets in batadv_purge_orig_ref()\n\nMany syzbot reports are pointing to soft lockups in\nbatadv_purge_orig_ref() [1]\n\nRoot cause is unknown, but we can avoid spending too much\ntime there and perhaps get more interesting reports.\n\n[1]\n\nwatchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621]\nModules linked in:\nirq event stamp: 6182794\n hardirqs last enabled at (6182793): [\u003cffff8000801dae10\u003e] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\n hardirqs last disabled at (6182794): [\u003cffff80008ad66a78\u003e] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\n hardirqs last disabled at (6182794): [\u003cffff80008ad66a78\u003e] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\n softirqs last enabled at (6182792): [\u003cffff80008aab71c4\u003e] spin_unlock_bh include/linux/spinlock.h:396 [inline]\n softirqs last enabled at (6182792): [\u003cffff80008aab71c4\u003e] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\n softirqs last disabled at (6182790): [\u003cffff80008aab61dc\u003e] spin_lock_bh include/linux/spinlock.h:356 [inline]\n softirqs last disabled at (6182790): [\u003cffff80008aab61dc\u003e] batadv_purge_orig_ref+0x164/0x1228 net/batman-adv/originator.c:1271\nCPU: 0 PID: 621 Comm: kworker/u4:6 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\nWorkqueue: bat_events batadv_purge_orig\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : should_resched arch/arm64/include/asm/preempt.h:79 [inline]\n pc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:388\n lr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\nsp : ffff800099007970\nx29: ffff800099007980 x28: 1fffe00018fce1bd x27: dfff800000000000\nx26: ffff0000d2620008 x25: ffff0000c7e70de8 x24: 0000000000000001\nx23: 1fffe00018e57781 x22: dfff800000000000 x21: ffff80008aab71c4\nx20: ffff0001b40136c0 x19: ffff0000c72bbc08 x18: 1fffe0001a817bb0\nx17: ffff800125414000 x16: ffff80008032116c x15: 0000000000000001\nx14: 1fffe0001ee9d610 x13: 0000000000000000 x12: 0000000000000003\nx11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000\nx8 : 00000000005e5789 x7 : ffff80008aab61dc x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000\nx2 : 0000000000000006 x1 : 0000000000000080 x0 : ffff800125414000\nCall trace:\n __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline]\n arch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline]\n __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:386\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]\n _raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\n batadv_purge_orig+0x20/0x70 net/batman-adv/originator.c:1300\n process_one_work+0x694/0x1204 kernel/workqueue.c:2633\n process_scheduled_works kernel/workqueue.c:2706 [inline]\n worker_thread+0x938/0xef4 kernel/workqueue.c:2787\n kthread+0x288/0x310 kernel/kthread.c:388\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860\nSending NMI from CPU 0 to CPUs 1:\nNMI backtrace for cpu 1\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:51\n lr : default_idle_call+0xf8/0x128 kernel/sched/idle.c:103\nsp : ffff800093a17d30\nx29: ffff800093a17d30 x28: dfff800000000000 x27: 1ffff00012742fb4\nx26: ffff80008ec9d000 x25: 0000000000000000 x24: 0000000000000002\nx23: 1ffff00011d93a74 x22: ffff80008ec9d3a0 x21: 0000000000000000\nx20: ffff0000c19dbc00 x19: ffff8000802d0fd8 x18: 1fffe00036804396\nx17: ffff80008ec9d000 x16: ffff8000802d089c x15: 0000000000000001\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40981",
"url": "https://www.suse.com/security/cve/CVE-2024-40981"
},
{
"category": "external",
"summary": "SUSE Bug 1227864 for CVE-2024-40981",
"url": "https://bugzilla.suse.com/1227864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "low"
}
],
"title": "CVE-2024-40981"
},
{
"cve": "CVE-2024-40982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40982"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40982",
"url": "https://www.suse.com/security/cve/CVE-2024-40982"
},
{
"category": "external",
"summary": "SUSE Bug 1227865 for CVE-2024-40982",
"url": "https://bugzilla.suse.com/1227865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40982"
},
{
"cve": "CVE-2024-40984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40984"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"\n\nUndo the modifications made in commit d410ee5109a1 (\"ACPICA: avoid\n\"Info: mapping multiple BARs. Your kernel is fine.\"\"). The initial\npurpose of this commit was to stop memory mappings for operation\nregions from overlapping page boundaries, as it can trigger warnings\nif different page attributes are present.\n\nHowever, it was found that when this situation arises, mapping\ncontinues until the boundary\u0027s end, but there is still an attempt to\nread/write the entire length of the map, leading to a NULL pointer\ndeference. For example, if a four-byte mapping request is made but\nonly one byte is mapped because it hits the current page boundary\u0027s\nend, a four-byte read/write attempt is still made, resulting in a NULL\npointer deference.\n\nInstead, map the entire length, as the ACPI specification does not\nmandate that it must be within the same page boundary. It is\npermissible for it to be mapped across different regions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40984",
"url": "https://www.suse.com/security/cve/CVE-2024-40984"
},
{
"category": "external",
"summary": "SUSE Bug 1227820 for CVE-2024-40984",
"url": "https://bugzilla.suse.com/1227820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40984"
},
{
"cve": "CVE-2024-40987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40987"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix UBSAN warning in kv_dpm.c\n\nAdds bounds check for sumo_vid_mapping_entry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40987",
"url": "https://www.suse.com/security/cve/CVE-2024-40987"
},
{
"category": "external",
"summary": "SUSE Bug 1228235 for CVE-2024-40987",
"url": "https://bugzilla.suse.com/1228235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40987"
},
{
"cve": "CVE-2024-40988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40988"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: fix UBSAN warning in kv_dpm.c\n\nAdds bounds check for sumo_vid_mapping_entry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40988",
"url": "https://www.suse.com/security/cve/CVE-2024-40988"
},
{
"category": "external",
"summary": "SUSE Bug 1227957 for CVE-2024-40988",
"url": "https://bugzilla.suse.com/1227957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40988"
},
{
"cve": "CVE-2024-40989",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40989"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Disassociate vcpus from redistributor region on teardown\n\nWhen tearing down a redistributor region, make sure we don\u0027t have\nany dangling pointer to that region stored in a vcpu.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40989",
"url": "https://www.suse.com/security/cve/CVE-2024-40989"
},
{
"category": "external",
"summary": "SUSE Bug 1227823 for CVE-2024-40989",
"url": "https://bugzilla.suse.com/1227823"
},
{
"category": "external",
"summary": "SUSE Bug 1228589 for CVE-2024-40989",
"url": "https://bugzilla.suse.com/1228589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-40989"
},
{
"cve": "CVE-2024-40990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40990"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Add check for srq max_sge attribute\n\nmax_sge attribute is passed by the user, and is inserted and used\nunchecked, so verify that the value doesn\u0027t exceed maximum allowed value\nbefore using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40990",
"url": "https://www.suse.com/security/cve/CVE-2024-40990"
},
{
"category": "external",
"summary": "SUSE Bug 1227824 for CVE-2024-40990",
"url": "https://bugzilla.suse.com/1227824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40990"
},
{
"cve": "CVE-2024-40992",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40992"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix responder length checking for UD request packets\n\nAccording to the IBA specification:\nIf a UD request packet is detected with an invalid length, the request\nshall be an invalid request and it shall be silently dropped by\nthe responder. The responder then waits for a new request packet.\n\ncommit 689c5421bfe0 (\"RDMA/rxe: Fix incorrect responder length checking\")\ndefers responder length check for UD QPs in function `copy_data`.\nBut it introduces a regression issue for UD QPs.\n\nWhen the packet size is too large to fit in the receive buffer.\n`copy_data` will return error code -EINVAL. Then `send_data_in`\nwill return RESPST_ERR_MALFORMED_WQE. UD QP will transfer into\nERROR state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40992",
"url": "https://www.suse.com/security/cve/CVE-2024-40992"
},
{
"category": "external",
"summary": "SUSE Bug 1227826 for CVE-2024-40992",
"url": "https://bugzilla.suse.com/1227826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40992"
},
{
"cve": "CVE-2024-40994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: fix integer overflow in max_vclocks_store\n\nOn 32bit systems, the \"4 * max\" multiply can overflow. Use kcalloc()\nto do the allocation to prevent this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40994",
"url": "https://www.suse.com/security/cve/CVE-2024-40994"
},
{
"category": "external",
"summary": "SUSE Bug 1227829 for CVE-2024-40994",
"url": "https://bugzilla.suse.com/1227829"
},
{
"category": "external",
"summary": "SUSE Bug 1228587 for CVE-2024-40994",
"url": "https://bugzilla.suse.com/1228587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-40994"
},
{
"cve": "CVE-2024-40995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()\n\nsyzbot found hanging tasks waiting on rtnl_lock [1]\n\nA reproducer is available in the syzbot bug.\n\nWhen a request to add multiple actions with the same index is sent, the\nsecond request will block forever on the first request. This holds\nrtnl_lock, and causes tasks to hang.\n\nReturn -EAGAIN to prevent infinite looping, while keeping documented\nbehavior.\n\n[1]\n\nINFO: task kworker/1:0:5088 blocked for more than 143 seconds.\nNot tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:kworker/1:0 state:D stack:23744 pid:5088 tgid:5088 ppid:2 flags:0x00004000\nWorkqueue: events_power_efficient reg_check_chans_work\nCall Trace:\n\u003cTASK\u003e\ncontext_switch kernel/sched/core.c:5409 [inline]\n__schedule+0xf15/0x5d00 kernel/sched/core.c:6746\n__schedule_loop kernel/sched/core.c:6823 [inline]\nschedule+0xe7/0x350 kernel/sched/core.c:6838\nschedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895\n__mutex_lock_common kernel/locking/mutex.c:684 [inline]\n__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752\nwiphy_lock include/net/cfg80211.h:5953 [inline]\nreg_leave_invalid_chans net/wireless/reg.c:2466 [inline]\nreg_check_chans_work+0x10a/0x10e0 net/wireless/reg.c:2481",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40995",
"url": "https://www.suse.com/security/cve/CVE-2024-40995"
},
{
"category": "external",
"summary": "SUSE Bug 1227830 for CVE-2024-40995",
"url": "https://bugzilla.suse.com/1227830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40995"
},
{
"cve": "CVE-2024-40997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: fix memory leak on CPU EPP exit\n\nThe cpudata memory from kzalloc() in amd_pstate_epp_cpu_init() is\nnot freed in the analogous exit function, so fix that.\n\n[ rjw: Subject and changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40997",
"url": "https://www.suse.com/security/cve/CVE-2024-40997"
},
{
"category": "external",
"summary": "SUSE Bug 1227853 for CVE-2024-40997",
"url": "https://bugzilla.suse.com/1227853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-40997"
},
{
"cve": "CVE-2024-41000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41000"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock/ioctl: prefer different overflow check\n\nRunning syzkaller with the newly reintroduced signed integer overflow\nsanitizer shows this report:\n\n[ 62.982337] ------------[ cut here ]------------\n[ 62.985692] cgroup: Invalid name\n[ 62.986211] UBSAN: signed-integer-overflow in ../block/ioctl.c:36:46\n[ 62.989370] 9pnet_fd: p9_fd_create_tcp (7343): problem connecting socket to 127.0.0.1\n[ 62.992992] 9223372036854775807 + 4095 cannot be represented in type \u0027long long\u0027\n[ 62.997827] 9pnet_fd: p9_fd_create_tcp (7345): problem connecting socket to 127.0.0.1\n[ 62.999369] random: crng reseeded on system resumption\n[ 63.000634] GUP no longer grows the stack in syz-executor.2 (7353): 20002000-20003000 (20001000)\n[ 63.000668] CPU: 0 PID: 7353 Comm: syz-executor.2 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1\n[ 63.000677] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 63.000682] Call Trace:\n[ 63.000686] \u003cTASK\u003e\n[ 63.000731] dump_stack_lvl+0x93/0xd0\n[ 63.000919] __get_user_pages+0x903/0xd30\n[ 63.001030] __gup_longterm_locked+0x153e/0x1ba0\n[ 63.001041] ? _raw_read_unlock_irqrestore+0x17/0x50\n[ 63.001072] ? try_get_folio+0x29c/0x2d0\n[ 63.001083] internal_get_user_pages_fast+0x1119/0x1530\n[ 63.001109] iov_iter_extract_pages+0x23b/0x580\n[ 63.001206] bio_iov_iter_get_pages+0x4de/0x1220\n[ 63.001235] iomap_dio_bio_iter+0x9b6/0x1410\n[ 63.001297] __iomap_dio_rw+0xab4/0x1810\n[ 63.001316] iomap_dio_rw+0x45/0xa0\n[ 63.001328] ext4_file_write_iter+0xdde/0x1390\n[ 63.001372] vfs_write+0x599/0xbd0\n[ 63.001394] ksys_write+0xc8/0x190\n[ 63.001403] do_syscall_64+0xd4/0x1b0\n[ 63.001421] ? arch_exit_to_user_mode_prepare+0x3a/0x60\n[ 63.001479] entry_SYSCALL_64_after_hwframe+0x6f/0x77\n[ 63.001535] RIP: 0033:0x7f7fd3ebf539\n[ 63.001551] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\n[ 63.001562] RSP: 002b:00007f7fd32570c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 63.001584] RAX: ffffffffffffffda RBX: 00007f7fd3ff3f80 RCX: 00007f7fd3ebf539\n[ 63.001590] RDX: 4db6d1e4f7e43360 RSI: 0000000020000000 RDI: 0000000000000004\n[ 63.001595] RBP: 00007f7fd3f1e496 R08: 0000000000000000 R09: 0000000000000000\n[ 63.001599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n[ 63.001604] R13: 0000000000000006 R14: 00007f7fd3ff3f80 R15: 00007ffd415ad2b8\n...\n[ 63.018142] ---[ end trace ]---\n\nHistorically, the signed integer overflow sanitizer did not work in the\nkernel due to its interaction with `-fwrapv` but this has since been\nchanged [1] in the newest version of Clang; It was re-enabled in the\nkernel with Commit 557f8c582a9ba8ab (\"ubsan: Reintroduce signed overflow\nsanitizer\").\n\nLet\u0027s rework this overflow checking logic to not actually perform an\noverflow during the check itself, thus avoiding the UBSAN splat.\n\n[1]: https://github.com/llvm/llvm-project/pull/82432",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41000",
"url": "https://www.suse.com/security/cve/CVE-2024-41000"
},
{
"category": "external",
"summary": "SUSE Bug 1227867 for CVE-2024-41000",
"url": "https://bugzilla.suse.com/1227867"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41000"
},
{
"cve": "CVE-2024-41001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41001"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/sqpoll: work around a potential audit memory leak\n\nkmemleak complains that there\u0027s a memory leak related to connect\nhandling:\n\nunreferenced object 0xffff0001093bdf00 (size 128):\ncomm \"iou-sqp-455\", pid 457, jiffies 4294894164\nhex dump (first 32 bytes):\n02 00 fa ea 7f 00 00 01 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace (crc 2e481b1a):\n[\u003c00000000c0a26af4\u003e] kmemleak_alloc+0x30/0x38\n[\u003c000000009c30bb45\u003e] kmalloc_trace+0x228/0x358\n[\u003c000000009da9d39f\u003e] __audit_sockaddr+0xd0/0x138\n[\u003c0000000089a93e34\u003e] move_addr_to_kernel+0x1a0/0x1f8\n[\u003c000000000b4e80e6\u003e] io_connect_prep+0x1ec/0x2d4\n[\u003c00000000abfbcd99\u003e] io_submit_sqes+0x588/0x1e48\n[\u003c00000000e7c25e07\u003e] io_sq_thread+0x8a4/0x10e4\n[\u003c00000000d999b491\u003e] ret_from_fork+0x10/0x20\n\nwhich can can happen if:\n\n1) The command type does something on the prep side that triggers an\n audit call.\n2) The thread hasn\u0027t done any operations before this that triggered\n an audit call inside -\u003eissue(), where we have audit_uring_entry()\n and audit_uring_exit().\n\nWork around this by issuing a blanket NOP operation before the SQPOLL\ndoes anything.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41001",
"url": "https://www.suse.com/security/cve/CVE-2024-41001"
},
{
"category": "external",
"summary": "SUSE Bug 1227869 for CVE-2024-41001",
"url": "https://bugzilla.suse.com/1227869"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41001"
},
{
"cve": "CVE-2024-41002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41002"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/sec - Fix memory leak for sec resource release\n\nThe AIV is one of the SEC resources. When releasing resources,\nit need to release the AIV resources at the same time.\nOtherwise, memory leakage occurs.\n\nThe aiv resource release is added to the sec resource release\nfunction.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41002",
"url": "https://www.suse.com/security/cve/CVE-2024-41002"
},
{
"category": "external",
"summary": "SUSE Bug 1227870 for CVE-2024-41002",
"url": "https://bugzilla.suse.com/1227870"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41002"
},
{
"cve": "CVE-2024-41004",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41004"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Build event generation tests only as modules\n\nThe kprobes and synth event generation test modules add events and lock\n(get a reference) those event file reference in module init function,\nand unlock and delete it in module exit function. This is because those\nare designed for playing as modules.\n\nIf we make those modules as built-in, those events are left locked in the\nkernel, and never be removed. This causes kprobe event self-test failure\nas below.\n\n[ 97.349708] ------------[ cut here ]------------\n[ 97.353453] WARNING: CPU: 3 PID: 1 at kernel/trace/trace_kprobe.c:2133 kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.357106] Modules linked in:\n[ 97.358488] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 6.9.0-g699646734ab5-dirty #14\n[ 97.361556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n[ 97.363880] RIP: 0010:kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.365538] Code: a8 24 08 82 e9 ae fd ff ff 90 0f 0b 90 48 c7 c7 e5 aa 0b 82 e9 ee fc ff ff 90 0f 0b 90 48 c7 c7 2d 61 06 82 e9 8e fd ff ff 90 \u003c0f\u003e 0b 90 48 c7 c7 33 0b 0c 82 89 c6 e8 6e 03 1f ff 41 ff c7 e9 90\n[ 97.370429] RSP: 0000:ffffc90000013b50 EFLAGS: 00010286\n[ 97.371852] RAX: 00000000fffffff0 RBX: ffff888005919c00 RCX: 0000000000000000\n[ 97.373829] RDX: ffff888003f40000 RSI: ffffffff8236a598 RDI: ffff888003f40a68\n[ 97.375715] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n[ 97.377675] R10: ffffffff811c9ae5 R11: ffffffff8120c4e0 R12: 0000000000000000\n[ 97.379591] R13: 0000000000000001 R14: 0000000000000015 R15: 0000000000000000\n[ 97.381536] FS: 0000000000000000(0000) GS:ffff88807dcc0000(0000) knlGS:0000000000000000\n[ 97.383813] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 97.385449] CR2: 0000000000000000 CR3: 0000000002244000 CR4: 00000000000006b0\n[ 97.387347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 97.389277] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 97.391196] Call Trace:\n[ 97.391967] \u003cTASK\u003e\n[ 97.392647] ? __warn+0xcc/0x180\n[ 97.393640] ? kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.395181] ? report_bug+0xbd/0x150\n[ 97.396234] ? handle_bug+0x3e/0x60\n[ 97.397311] ? exc_invalid_op+0x1a/0x50\n[ 97.398434] ? asm_exc_invalid_op+0x1a/0x20\n[ 97.399652] ? trace_kprobe_is_busy+0x20/0x20\n[ 97.400904] ? tracing_reset_all_online_cpus+0x15/0x90\n[ 97.402304] ? kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.403773] ? init_kprobe_trace+0x50/0x50\n[ 97.404972] do_one_initcall+0x112/0x240\n[ 97.406113] do_initcall_level+0x95/0xb0\n[ 97.407286] ? kernel_init+0x1a/0x1a0\n[ 97.408401] do_initcalls+0x3f/0x70\n[ 97.409452] kernel_init_freeable+0x16f/0x1e0\n[ 97.410662] ? rest_init+0x1f0/0x1f0\n[ 97.411738] kernel_init+0x1a/0x1a0\n[ 97.412788] ret_from_fork+0x39/0x50\n[ 97.413817] ? rest_init+0x1f0/0x1f0\n[ 97.414844] ret_from_fork_asm+0x11/0x20\n[ 97.416285] \u003c/TASK\u003e\n[ 97.417134] irq event stamp: 13437323\n[ 97.418376] hardirqs last enabled at (13437337): [\u003cffffffff8110bc0c\u003e] console_unlock+0x11c/0x150\n[ 97.421285] hardirqs last disabled at (13437370): [\u003cffffffff8110bbf1\u003e] console_unlock+0x101/0x150\n[ 97.423838] softirqs last enabled at (13437366): [\u003cffffffff8108e17f\u003e] handle_softirqs+0x23f/0x2a0\n[ 97.426450] softirqs last disabled at (13437393): [\u003cffffffff8108e346\u003e] __irq_exit_rcu+0x66/0xd0\n[ 97.428850] ---[ end trace 0000000000000000 ]---\n\nAnd also, since we can not cleanup dynamic_event file, ftracetest are\nfailed too.\n\nTo avoid these issues, build these tests only as modules.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41004",
"url": "https://www.suse.com/security/cve/CVE-2024-41004"
},
{
"category": "external",
"summary": "SUSE Bug 1227851 for CVE-2024-41004",
"url": "https://bugzilla.suse.com/1227851"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41004"
},
{
"cve": "CVE-2024-41007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: avoid too many retransmit packets\n\nIf a TCP socket is using TCP_USER_TIMEOUT, and the other peer\nretracted its window to zero, tcp_retransmit_timer() can\nretransmit a packet every two jiffies (2 ms for HZ=1000),\nfor about 4 minutes after TCP_USER_TIMEOUT has \u0027expired\u0027.\n\nThe fix is to make sure tcp_rtx_probe0_timed_out() takes\nicsk-\u003eicsk_user_timeout into account.\n\nBefore blamed commit, the socket would not timeout after\nicsk-\u003eicsk_user_timeout, but would use standard exponential\nbackoff for the retransmits.\n\nAlso worth noting that before commit e89688e3e978 (\"net: tcp:\nfix unexcepted socket die when snd_wnd is 0\"), the issue\nwould last 2 minutes instead of 4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41007",
"url": "https://www.suse.com/security/cve/CVE-2024-41007"
},
{
"category": "external",
"summary": "SUSE Bug 1227863 for CVE-2024-41007",
"url": "https://bugzilla.suse.com/1227863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "low"
}
],
"title": "CVE-2024-41007"
},
{
"cve": "CVE-2024-41009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overrunning reservations in ringbuf\n\nThe BPF ring buffer internally is implemented as a power-of-2 sized circular\nbuffer, with two logical and ever-increasing counters: consumer_pos is the\nconsumer counter to show which logical position the consumer consumed the\ndata, and producer_pos which is the producer counter denoting the amount of\ndata reserved by all producers.\n\nEach time a record is reserved, the producer that \"owns\" the record will\nsuccessfully advance producer counter. In user space each time a record is\nread, the consumer of the data advanced the consumer counter once it finished\nprocessing. Both counters are stored in separate pages so that from user\nspace, the producer counter is read-only and the consumer counter is read-write.\n\nOne aspect that simplifies and thus speeds up the implementation of both\nproducers and consumers is how the data area is mapped twice contiguously\nback-to-back in the virtual memory, allowing to not take any special measures\nfor samples that have to wrap around at the end of the circular buffer data\narea, because the next page after the last data page would be first data page\nagain, and thus the sample will still appear completely contiguous in virtual\nmemory.\n\nEach record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for\nbook-keeping the length and offset, and is inaccessible to the BPF program.\nHelpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`\nfor the BPF program to use. Bing-Jhong and Muhammad reported that it is however\npossible to make a second allocated memory chunk overlapping with the first\nchunk and as a result, the BPF program is now able to edit first chunk\u0027s\nheader.\n\nFor example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size\nof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to\nbpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in\n[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets\nallocate a chunk B with size 0x3000. This will succeed because consumer_pos\nwas edited ahead of time to pass the `new_prod_pos - cons_pos \u003e rb-\u003emask`\ncheck. Chunk B will be in range [0x3008,0x6010], and the BPF program is able\nto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned\nearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data\npages. This means that chunk B at [0x4000,0x4008] is chunk A\u0027s header.\nbpf_ringbuf_submit() / bpf_ringbuf_discard() use the header\u0027s pg_off to then\nlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk\nB modified chunk A\u0027s header, then bpf_ringbuf_commit() refers to the wrong\npage and could cause a crash.\n\nFix it by calculating the oldest pending_pos and check whether the range\nfrom the oldest outstanding record to the newest would span beyond the ring\nbuffer size. If that is the case, then reject the request. We\u0027ve tested with\nthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)\nbefore/after the fix and while it seems a bit slower on some benchmarks, it\nis still not significantly enough to matter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41009",
"url": "https://www.suse.com/security/cve/CVE-2024-41009"
},
{
"category": "external",
"summary": "SUSE Bug 1228020 for CVE-2024-41009",
"url": "https://bugzilla.suse.com/1228020"
},
{
"category": "external",
"summary": "SUSE Bug 1245988 for CVE-2024-41009",
"url": "https://bugzilla.suse.com/1245988"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-41009"
},
{
"cve": "CVE-2024-41010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix too early release of tcx_entry\n\nPedro Pinto and later independently also Hyunwoo Kim and Wongi Lee reported\nan issue that the tcx_entry can be released too early leading to a use\nafter free (UAF) when an active old-style ingress or clsact qdisc with a\nshared tc block is later replaced by another ingress or clsact instance.\n\nEssentially, the sequence to trigger the UAF (one example) can be as follows:\n\n 1. A network namespace is created\n 2. An ingress qdisc is created. This allocates a tcx_entry, and\n \u0026tcx_entry-\u003eminiq is stored in the qdisc\u0027s miniqp-\u003ep_miniq. At the\n same time, a tcf block with index 1 is created.\n 3. chain0 is attached to the tcf block. chain0 must be connected to\n the block linked to the ingress qdisc to later reach the function\n tcf_chain0_head_change_cb_del() which triggers the UAF.\n 4. Create and graft a clsact qdisc. This causes the ingress qdisc\n created in step 1 to be removed, thus freeing the previously linked\n tcx_entry:\n\n rtnetlink_rcv_msg()\n =\u003e tc_modify_qdisc()\n =\u003e qdisc_create()\n =\u003e clsact_init() [a]\n =\u003e qdisc_graft()\n =\u003e qdisc_destroy()\n =\u003e __qdisc_destroy()\n =\u003e ingress_destroy() [b]\n =\u003e tcx_entry_free()\n =\u003e kfree_rcu() // tcx_entry freed\n\n 5. Finally, the network namespace is closed. This registers the\n cleanup_net worker, and during the process of releasing the\n remaining clsact qdisc, it accesses the tcx_entry that was\n already freed in step 4, causing the UAF to occur:\n\n cleanup_net()\n =\u003e ops_exit_list()\n =\u003e default_device_exit_batch()\n =\u003e unregister_netdevice_many()\n =\u003e unregister_netdevice_many_notify()\n =\u003e dev_shutdown()\n =\u003e qdisc_put()\n =\u003e clsact_destroy() [c]\n =\u003e tcf_block_put_ext()\n =\u003e tcf_chain0_head_change_cb_del()\n =\u003e tcf_chain_head_change_item()\n =\u003e clsact_chain_head_change()\n =\u003e mini_qdisc_pair_swap() // UAF\n\nThere are also other variants, the gist is to add an ingress (or clsact)\nqdisc with a specific shared block, then to replace that qdisc, waiting\nfor the tcx_entry kfree_rcu() to be executed and subsequently accessing\nthe current active qdisc\u0027s miniq one way or another.\n\nThe correct fix is to turn the miniq_active boolean into a counter. What\ncan be observed, at step 2 above, the counter transitions from 0-\u003e1, at\nstep [a] from 1-\u003e2 (in order for the miniq object to remain active during\nthe replacement), then in [b] from 2-\u003e1 and finally [c] 1-\u003e0 with the\neventual release. The reference counter in general ranges from [0,2] and\nit does not need to be atomic since all access to the counter is protected\nby the rtnl mutex. With this in place, there is no longer a UAF happening\nand the tcx_entry is freed at the correct time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41010",
"url": "https://www.suse.com/security/cve/CVE-2024-41010"
},
{
"category": "external",
"summary": "SUSE Bug 1228021 for CVE-2024-41010",
"url": "https://bugzilla.suse.com/1228021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41010"
},
{
"cve": "CVE-2024-41012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41012"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: Remove locks reliably when fcntl/close race is detected\n\nWhen fcntl_setlk() races with close(), it removes the created lock with\ndo_lock_file_wait().\nHowever, LSMs can allow the first do_lock_file_wait() that created the lock\nwhile denying the second do_lock_file_wait() that tries to remove the lock.\nSeparately, posix_lock_file() could also fail to\nremove a lock due to GFP_KERNEL allocation failure (when splitting a range\nin the middle).\n\nAfter the bug has been triggered, use-after-free reads will occur in\nlock_get_status() when userspace reads /proc/locks. This can likely be used\nto read arbitrary kernel memory, but can\u0027t corrupt kernel memory.\n\nFix it by calling locks_remove_posix() instead, which is designed to\nreliably get rid of POSIX locks associated with the given file and\nfiles_struct and is also used by filp_flush().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41012",
"url": "https://www.suse.com/security/cve/CVE-2024-41012"
},
{
"category": "external",
"summary": "SUSE Bug 1228247 for CVE-2024-41012",
"url": "https://bugzilla.suse.com/1228247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41012"
},
{
"cve": "CVE-2024-41015",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41015"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_check_dir_entry()\n\nThis adds sanity checks for ocfs2_dir_entry to make sure all members of\nocfs2_dir_entry don\u0027t stray beyond valid memory region.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41015",
"url": "https://www.suse.com/security/cve/CVE-2024-41015"
},
{
"category": "external",
"summary": "SUSE Bug 1228409 for CVE-2024-41015",
"url": "https://bugzilla.suse.com/1228409"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41015"
},
{
"cve": "CVE-2024-41016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe \u0027non-indexed\u0027, which saved with additional space\nrequested. It\u0027s better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41016",
"url": "https://www.suse.com/security/cve/CVE-2024-41016"
},
{
"category": "external",
"summary": "SUSE Bug 1228410 for CVE-2024-41016",
"url": "https://bugzilla.suse.com/1228410"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41016"
},
{
"cve": "CVE-2024-41020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: Fix fcntl/close race recovery compat path\n\nWhen I wrote commit 3cad1bc01041 (\"filelock: Remove locks reliably when\nfcntl/close race is detected\"), I missed that there are two copies of the\ncode I was patching: The normal version, and the version for 64-bit offsets\non 32-bit kernels.\nThanks to Greg KH for stumbling over this while doing the stable\nbackport...\n\nApply exactly the same fix to the compat path for 32-bit kernels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41020",
"url": "https://www.suse.com/security/cve/CVE-2024-41020"
},
{
"category": "external",
"summary": "SUSE Bug 1228427 for CVE-2024-41020",
"url": "https://bugzilla.suse.com/1228427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41020"
},
{
"cve": "CVE-2024-41022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41022"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()\n\nThe \"instance\" variable needs to be signed for the error handling to work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41022",
"url": "https://www.suse.com/security/cve/CVE-2024-41022"
},
{
"category": "external",
"summary": "SUSE Bug 1228429 for CVE-2024-41022",
"url": "https://bugzilla.suse.com/1228429"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41022"
},
{
"cve": "CVE-2024-41024",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41024"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41024",
"url": "https://www.suse.com/security/cve/CVE-2024-41024"
},
{
"category": "external",
"summary": "SUSE Bug 1228525 for CVE-2024-41024",
"url": "https://bugzilla.suse.com/1228525"
},
{
"category": "external",
"summary": "SUSE Bug 1229274 for CVE-2024-41024",
"url": "https://bugzilla.suse.com/1229274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-41024"
},
{
"cve": "CVE-2024-41025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41025"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix memory leak in audio daemon attach operation\n\nAudio PD daemon send the name as part of the init IOCTL call. This\nname needs to be copied to kernel for which memory is allocated.\nThis memory is never freed which might result in memory leak. Free\nthe memory when it is not needed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41025",
"url": "https://www.suse.com/security/cve/CVE-2024-41025"
},
{
"category": "external",
"summary": "SUSE Bug 1228527 for CVE-2024-41025",
"url": "https://bugzilla.suse.com/1228527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41025"
},
{
"cve": "CVE-2024-41028",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41028"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: toshiba_acpi: Fix array out-of-bounds access\n\nIn order to use toshiba_dmi_quirks[] together with the standard DMI\nmatching functions, it must be terminated by a empty entry.\n\nSince this entry is missing, an array out-of-bounds access occurs\nevery time the quirk list is processed.\n\nFix this by adding the terminating empty entry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41028",
"url": "https://www.suse.com/security/cve/CVE-2024-41028"
},
{
"category": "external",
"summary": "SUSE Bug 1228539 for CVE-2024-41028",
"url": "https://bugzilla.suse.com/1228539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41028"
},
{
"cve": "CVE-2024-41032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41032"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: vmalloc: check if a hash-index is in cpu_possible_mask\n\nThe problem is that there are systems where cpu_possible_mask has gaps\nbetween set CPUs, for example SPARC. In this scenario addr_to_vb_xa()\nhash function can return an index which accesses to not-possible and not\nsetup CPU area using per_cpu() macro. This results in an oops on SPARC.\n\nA per-cpu vmap_block_queue is also used as hash table, incorrectly\nassuming the cpu_possible_mask has no gaps. Fix it by adjusting an index\nto a next possible CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41032",
"url": "https://www.suse.com/security/cve/CVE-2024-41032"
},
{
"category": "external",
"summary": "SUSE Bug 1228460 for CVE-2024-41032",
"url": "https://bugzilla.suse.com/1228460"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41032"
},
{
"cve": "CVE-2024-41035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor\n\nSyzbot has identified a bug in usbcore (see the Closes: tag below)\ncaused by our assumption that the reserved bits in an endpoint\ndescriptor\u0027s bEndpointAddress field will always be 0. As a result of\nthe bug, the endpoint_is_duplicate() routine in config.c (and possibly\nother routines as well) may believe that two descriptors are for\ndistinct endpoints, even though they have the same direction and\nendpoint number. This can lead to confusion, including the bug\nidentified by syzbot (two descriptors with matching endpoint numbers\nand directions, where one was interrupt and the other was bulk).\n\nTo fix the bug, we will clear the reserved bits in bEndpointAddress\nwhen we parse the descriptor. (Note that both the USB-2.0 and USB-3.1\nspecs say these bits are \"Reserved, reset to zero\".) This requires us\nto make a copy of the descriptor earlier in usb_parse_endpoint() and\nuse the copy instead of the original when checking for duplicates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41035",
"url": "https://www.suse.com/security/cve/CVE-2024-41035"
},
{
"category": "external",
"summary": "SUSE Bug 1228485 for CVE-2024-41035",
"url": "https://bugzilla.suse.com/1228485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41035"
},
{
"cve": "CVE-2024-41036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ks8851: Fix deadlock with the SPI chip variant\n\nWhen SMP is enabled and spinlocks are actually functional then there is\na deadlock with the \u0027statelock\u0027 spinlock between ks8851_start_xmit_spi\nand ks8851_irq:\n\n watchdog: BUG: soft lockup - CPU#0 stuck for 27s!\n call trace:\n queued_spin_lock_slowpath+0x100/0x284\n do_raw_spin_lock+0x34/0x44\n ks8851_start_xmit_spi+0x30/0xb8\n ks8851_start_xmit+0x14/0x20\n netdev_start_xmit+0x40/0x6c\n dev_hard_start_xmit+0x6c/0xbc\n sch_direct_xmit+0xa4/0x22c\n __qdisc_run+0x138/0x3fc\n qdisc_run+0x24/0x3c\n net_tx_action+0xf8/0x130\n handle_softirqs+0x1ac/0x1f0\n __do_softirq+0x14/0x20\n ____do_softirq+0x10/0x1c\n call_on_irq_stack+0x3c/0x58\n do_softirq_own_stack+0x1c/0x28\n __irq_exit_rcu+0x54/0x9c\n irq_exit_rcu+0x10/0x1c\n el1_interrupt+0x38/0x50\n el1h_64_irq_handler+0x18/0x24\n el1h_64_irq+0x64/0x68\n __netif_schedule+0x6c/0x80\n netif_tx_wake_queue+0x38/0x48\n ks8851_irq+0xb8/0x2c8\n irq_thread_fn+0x2c/0x74\n irq_thread+0x10c/0x1b0\n kthread+0xc8/0xd8\n ret_from_fork+0x10/0x20\n\nThis issue has not been identified earlier because tests were done on\na device with SMP disabled and so spinlocks were actually NOPs.\n\nNow use spin_(un)lock_bh for TX queue related locking to avoid execution\nof softirq work synchronously that would lead to a deadlock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41036",
"url": "https://www.suse.com/security/cve/CVE-2024-41036"
},
{
"category": "external",
"summary": "SUSE Bug 1228496 for CVE-2024-41036",
"url": "https://bugzilla.suse.com/1228496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41036"
},
{
"cve": "CVE-2024-41037",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41037"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda: fix null deref on system suspend entry\n\nWhen system enters suspend with an active stream, SOF core\ncalls hw_params_upon_resume(). On Intel platforms with HDA DMA used\nto manage the link DMA, this leads to call chain of\n\n hda_dsp_set_hw_params_upon_resume()\n -\u003e hda_dsp_dais_suspend()\n -\u003e hda_dai_suspend()\n -\u003e hda_ipc4_post_trigger()\n\nA bug is hit in hda_dai_suspend() as hda_link_dma_cleanup() is run first,\nwhich clears hext_stream-\u003elink_substream, and then hda_ipc4_post_trigger()\nis called with a NULL snd_pcm_substream pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41037",
"url": "https://www.suse.com/security/cve/CVE-2024-41037"
},
{
"category": "external",
"summary": "SUSE Bug 1228508 for CVE-2024-41037",
"url": "https://bugzilla.suse.com/1228508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41037"
},
{
"cve": "CVE-2024-41038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41038"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers\n\nCheck that all fields of a V2 algorithm header fit into the available\nfirmware data buffer.\n\nThe wmfw V2 format introduced variable-length strings in the algorithm\nblock header. This means the overall header length is variable, and the\nposition of most fields varies depending on the length of the string\nfields. Each field must be checked to ensure that it does not overflow\nthe firmware data buffer.\n\nAs this ia bugfix patch, the fixes avoid making any significant change to\nthe existing code. This makes it easier to review and less likely to\nintroduce new bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41038",
"url": "https://www.suse.com/security/cve/CVE-2024-41038"
},
{
"category": "external",
"summary": "SUSE Bug 1228509 for CVE-2024-41038",
"url": "https://bugzilla.suse.com/1228509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41038"
},
{
"cve": "CVE-2024-41039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41039"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Fix overflow checking of wmfw header\n\nFix the checking that firmware file buffer is large enough for the\nwmfw header, to prevent overrunning the buffer.\n\nThe original code tested that the firmware data buffer contained\nenough bytes for the sums of the size of the structs\n\n\twmfw_header + wmfw_adsp1_sizes + wmfw_footer\n\nBut wmfw_adsp1_sizes is only used on ADSP1 firmware. For ADSP2 and\nHalo Core the equivalent struct is wmfw_adsp2_sizes, which is\n4 bytes longer. So the length check didn\u0027t guarantee that there\nare enough bytes in the firmware buffer for a header with\nwmfw_adsp2_sizes.\n\nThis patch splits the length check into three separate parts. Each\nof the wmfw_header, wmfw_adsp?_sizes and wmfw_footer are checked\nseparately before they are used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41039",
"url": "https://www.suse.com/security/cve/CVE-2024-41039"
},
{
"category": "external",
"summary": "SUSE Bug 1228515 for CVE-2024-41039",
"url": "https://bugzilla.suse.com/1228515"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41039"
},
{
"cve": "CVE-2024-41040",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41040"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Fix UAF when resolving a clash\n\nKASAN reports the following UAF:\n\n BUG: KASAN: slab-use-after-free in tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct]\n Read of size 1 at addr ffff888c07603600 by task handler130/6469\n\n Call Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x48/0x70\n print_address_description.constprop.0+0x33/0x3d0\n print_report+0xc0/0x2b0\n kasan_report+0xd0/0x120\n __asan_load1+0x6c/0x80\n tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct]\n tcf_ct_act+0x886/0x1350 [act_ct]\n tcf_action_exec+0xf8/0x1f0\n fl_classify+0x355/0x360 [cls_flower]\n __tcf_classify+0x1fd/0x330\n tcf_classify+0x21c/0x3c0\n sch_handle_ingress.constprop.0+0x2c5/0x500\n __netif_receive_skb_core.constprop.0+0xb25/0x1510\n __netif_receive_skb_list_core+0x220/0x4c0\n netif_receive_skb_list_internal+0x446/0x620\n napi_complete_done+0x157/0x3d0\n gro_cell_poll+0xcf/0x100\n __napi_poll+0x65/0x310\n net_rx_action+0x30c/0x5c0\n __do_softirq+0x14f/0x491\n __irq_exit_rcu+0x82/0xc0\n irq_exit_rcu+0xe/0x20\n common_interrupt+0xa1/0xb0\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_common_interrupt+0x27/0x40\n\n Allocated by task 6469:\n kasan_save_stack+0x38/0x70\n kasan_set_track+0x25/0x40\n kasan_save_alloc_info+0x1e/0x40\n __kasan_krealloc+0x133/0x190\n krealloc+0xaa/0x130\n nf_ct_ext_add+0xed/0x230 [nf_conntrack]\n tcf_ct_act+0x1095/0x1350 [act_ct]\n tcf_action_exec+0xf8/0x1f0\n fl_classify+0x355/0x360 [cls_flower]\n __tcf_classify+0x1fd/0x330\n tcf_classify+0x21c/0x3c0\n sch_handle_ingress.constprop.0+0x2c5/0x500\n __netif_receive_skb_core.constprop.0+0xb25/0x1510\n __netif_receive_skb_list_core+0x220/0x4c0\n netif_receive_skb_list_internal+0x446/0x620\n napi_complete_done+0x157/0x3d0\n gro_cell_poll+0xcf/0x100\n __napi_poll+0x65/0x310\n net_rx_action+0x30c/0x5c0\n __do_softirq+0x14f/0x491\n\n Freed by task 6469:\n kasan_save_stack+0x38/0x70\n kasan_set_track+0x25/0x40\n kasan_save_free_info+0x2b/0x60\n ____kasan_slab_free+0x180/0x1f0\n __kasan_slab_free+0x12/0x30\n slab_free_freelist_hook+0xd2/0x1a0\n __kmem_cache_free+0x1a2/0x2f0\n kfree+0x78/0x120\n nf_conntrack_free+0x74/0x130 [nf_conntrack]\n nf_ct_destroy+0xb2/0x140 [nf_conntrack]\n __nf_ct_resolve_clash+0x529/0x5d0 [nf_conntrack]\n nf_ct_resolve_clash+0xf6/0x490 [nf_conntrack]\n __nf_conntrack_confirm+0x2c6/0x770 [nf_conntrack]\n tcf_ct_act+0x12ad/0x1350 [act_ct]\n tcf_action_exec+0xf8/0x1f0\n fl_classify+0x355/0x360 [cls_flower]\n __tcf_classify+0x1fd/0x330\n tcf_classify+0x21c/0x3c0\n sch_handle_ingress.constprop.0+0x2c5/0x500\n __netif_receive_skb_core.constprop.0+0xb25/0x1510\n __netif_receive_skb_list_core+0x220/0x4c0\n netif_receive_skb_list_internal+0x446/0x620\n napi_complete_done+0x157/0x3d0\n gro_cell_poll+0xcf/0x100\n __napi_poll+0x65/0x310\n net_rx_action+0x30c/0x5c0\n __do_softirq+0x14f/0x491\n\nThe ct may be dropped if a clash has been resolved but is still passed to\nthe tcf_ct_flow_table_process_conn function for further usage. This issue\ncan be fixed by retrieving ct from skb again after confirming conntrack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41040",
"url": "https://www.suse.com/security/cve/CVE-2024-41040"
},
{
"category": "external",
"summary": "SUSE Bug 1228518 for CVE-2024-41040",
"url": "https://bugzilla.suse.com/1228518"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41040"
},
{
"cve": "CVE-2024-41041",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41041"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().\n\nsyzkaller triggered the warning [0] in udp_v4_early_demux().\n\nIn udp_v[46]_early_demux() and sk_lookup(), we do not touch the refcount\nof the looked-up sk and use sock_pfree() as skb-\u003edestructor, so we check\nSOCK_RCU_FREE to ensure that the sk is safe to access during the RCU grace\nperiod.\n\nCurrently, SOCK_RCU_FREE is flagged for a bound socket after being put\ninto the hash table. Moreover, the SOCK_RCU_FREE check is done too early\nin udp_v[46]_early_demux() and sk_lookup(), so there could be a small race\nwindow:\n\n CPU1 CPU2\n ---- ----\n udp_v4_early_demux() udp_lib_get_port()\n | |- hlist_add_head_rcu()\n |- sk = __udp4_lib_demux_lookup() |\n |- DEBUG_NET_WARN_ON_ONCE(sk_is_refcounted(sk));\n `- sock_set_flag(sk, SOCK_RCU_FREE)\n\nWe had the same bug in TCP and fixed it in commit 871019b22d1b (\"net:\nset SOCK_RCU_FREE before inserting socket into hashtable\").\n\nLet\u0027s apply the same fix for UDP.\n\n[0]:\nWARNING: CPU: 0 PID: 11198 at net/ipv4/udp.c:2599 udp_v4_early_demux+0x481/0xb70 net/ipv4/udp.c:2599\nModules linked in:\nCPU: 0 PID: 11198 Comm: syz-executor.1 Not tainted 6.9.0-g93bda33046e7 #13\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:udp_v4_early_demux+0x481/0xb70 net/ipv4/udp.c:2599\nCode: c5 7a 15 fe bb 01 00 00 00 44 89 e9 31 ff d3 e3 81 e3 bf ef ff ff 89 de e8 2c 74 15 fe 85 db 0f 85 02 06 00 00 e8 9f 7a 15 fe \u003c0f\u003e 0b e8 98 7a 15 fe 49 8d 7e 60 e8 4f 39 2f fe 49 c7 46 60 20 52\nRSP: 0018:ffffc9000ce3fa58 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8318c92c\nRDX: ffff888036ccde00 RSI: ffffffff8318c2f1 RDI: 0000000000000001\nRBP: ffff88805a2dd6e0 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0001ffffffffffff R12: ffff88805a2dd680\nR13: 0000000000000007 R14: ffff88800923f900 R15: ffff88805456004e\nFS: 00007fc449127640(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fc449126e38 CR3: 000000003de4b002 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ip_rcv_finish_core.constprop.0+0xbdd/0xd20 net/ipv4/ip_input.c:349\n ip_rcv_finish+0xda/0x150 net/ipv4/ip_input.c:447\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n ip_rcv+0x16c/0x180 net/ipv4/ip_input.c:569\n __netif_receive_skb_one_core+0xb3/0xe0 net/core/dev.c:5624\n __netif_receive_skb+0x21/0xd0 net/core/dev.c:5738\n netif_receive_skb_internal net/core/dev.c:5824 [inline]\n netif_receive_skb+0x271/0x300 net/core/dev.c:5884\n tun_rx_batched drivers/net/tun.c:1549 [inline]\n tun_get_user+0x24db/0x2c50 drivers/net/tun.c:2002\n tun_chr_write_iter+0x107/0x1a0 drivers/net/tun.c:2048\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x76f/0x8d0 fs/read_write.c:590\n ksys_write+0xbf/0x190 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x41/0x50 fs/read_write.c:652\n x64_sys_call+0xe66/0x1990 arch/x86/include/generated/asm/syscalls_64.h:2\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x4b/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\nRIP: 0033:0x7fc44a68bc1f\nCode: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 e9 cf f5 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 3c d0 f5 ff 48\nRSP: 002b:00007fc449126c90 EFLAGS: 00000293 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00000000004bc050 RCX: 00007fc44a68bc1f\nR\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41041",
"url": "https://www.suse.com/security/cve/CVE-2024-41041"
},
{
"category": "external",
"summary": "SUSE Bug 1228520 for CVE-2024-41041",
"url": "https://bugzilla.suse.com/1228520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41041"
},
{
"cve": "CVE-2024-41044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41044"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: reject claimed-as-LCP but actually malformed packets\n\nSince \u0027ppp_async_encode()\u0027 assumes valid LCP packets (with code\nfrom 1 to 7 inclusive), add \u0027ppp_check_packet()\u0027 to ensure that\nLCP packet has an actual body beyond PPP_LCP header bytes, and\nreject claimed-as-LCP but actually malformed data otherwise.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41044",
"url": "https://www.suse.com/security/cve/CVE-2024-41044"
},
{
"category": "external",
"summary": "SUSE Bug 1228530 for CVE-2024-41044",
"url": "https://bugzilla.suse.com/1228530"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41044"
},
{
"cve": "CVE-2024-41045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41045"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Defer work in bpf_timer_cancel_and_free\n\nCurrently, the same case as previous patch (two timer callbacks trying\nto cancel each other) can be invoked through bpf_map_update_elem as\nwell, or more precisely, freeing map elements containing timers. Since\nthis relies on hrtimer_cancel as well, it is prone to the same deadlock\nsituation as the previous patch.\n\nIt would be sufficient to use hrtimer_try_to_cancel to fix this problem,\nas the timer cannot be enqueued after async_cancel_and_free. Once\nasync_cancel_and_free has been done, the timer must be reinitialized\nbefore it can be armed again. The callback running in parallel trying to\narm the timer will fail, and freeing bpf_hrtimer without waiting is\nsufficient (given kfree_rcu), and bpf_timer_cb will return\nHRTIMER_NORESTART, preventing the timer from being rearmed again.\n\nHowever, there exists a UAF scenario where the callback arms the timer\nbefore entering this function, such that if cancellation fails (due to\ntimer callback invoking this routine, or the target timer callback\nrunning concurrently). In such a case, if the timer expiration is\nsignificantly far in the future, the RCU grace period expiration\nhappening before it will free the bpf_hrtimer state and along with it\nthe struct hrtimer, that is enqueued.\n\nHence, it is clear cancellation needs to occur after\nasync_cancel_and_free, and yet it cannot be done inline due to deadlock\nissues. We thus modify bpf_timer_cancel_and_free to defer work to the\nglobal workqueue, adding a work_struct alongside rcu_head (both used at\n_different_ points of time, so can share space).\n\nUpdate existing code comments to reflect the new state of affairs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41045",
"url": "https://www.suse.com/security/cve/CVE-2024-41045"
},
{
"category": "external",
"summary": "SUSE Bug 1228531 for CVE-2024-41045",
"url": "https://bugzilla.suse.com/1228531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41045"
},
{
"cve": "CVE-2024-41048",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41048"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nskmsg: Skip zero length skb in sk_msg_recvmsg\n\nWhen running BPF selftests (./test_progs -t sockmap_basic) on a Loongarch\nplatform, the following kernel panic occurs:\n\n [...]\n Oops[#1]:\n CPU: 22 PID: 2824 Comm: test_progs Tainted: G OE 6.10.0-rc2+ #18\n Hardware name: LOONGSON Dabieshan/Loongson-TC542F0, BIOS Loongson-UDK2018\n ... ...\n ra: 90000000048bf6c0 sk_msg_recvmsg+0x120/0x560\n ERA: 9000000004162774 copy_page_to_iter+0x74/0x1c0\n CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n PRMD: 0000000c (PPLV0 +PIE +PWE)\n EUEN: 00000007 (+FPE +SXE +ASXE -BTE)\n ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7)\n ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0)\n BADV: 0000000000000040\n PRID: 0014c011 (Loongson-64bit, Loongson-3C5000)\n Modules linked in: bpf_testmod(OE) xt_CHECKSUM xt_MASQUERADE xt_conntrack\n Process test_progs (pid: 2824, threadinfo=0000000000863a31, task=...)\n Stack : ...\n Call Trace:\n [\u003c9000000004162774\u003e] copy_page_to_iter+0x74/0x1c0\n [\u003c90000000048bf6c0\u003e] sk_msg_recvmsg+0x120/0x560\n [\u003c90000000049f2b90\u003e] tcp_bpf_recvmsg_parser+0x170/0x4e0\n [\u003c90000000049aae34\u003e] inet_recvmsg+0x54/0x100\n [\u003c900000000481ad5c\u003e] sock_recvmsg+0x7c/0xe0\n [\u003c900000000481e1a8\u003e] __sys_recvfrom+0x108/0x1c0\n [\u003c900000000481e27c\u003e] sys_recvfrom+0x1c/0x40\n [\u003c9000000004c076ec\u003e] do_syscall+0x8c/0xc0\n [\u003c9000000003731da4\u003e] handle_syscall+0xc4/0x160\n Code: ...\n ---[ end trace 0000000000000000 ]---\n Kernel panic - not syncing: Fatal exception\n Kernel relocated by 0x3510000\n .text @ 0x9000000003710000\n .data @ 0x9000000004d70000\n .bss @ 0x9000000006469400\n ---[ end Kernel panic - not syncing: Fatal exception ]---\n [...]\n\nThis crash happens every time when running sockmap_skb_verdict_shutdown\nsubtest in sockmap_basic.\n\nThis crash is because a NULL pointer is passed to page_address() in the\nsk_msg_recvmsg(). Due to the different implementations depending on the\narchitecture, page_address(NULL) will trigger a panic on Loongarch\nplatform but not on x86 platform. So this bug was hidden on x86 platform\nfor a while, but now it is exposed on Loongarch platform. The root cause\nis that a zero length skb (skb-\u003elen == 0) was put on the queue.\n\nThis zero length skb is a TCP FIN packet, which was sent by shutdown(),\ninvoked in test_sockmap_skb_verdict_shutdown():\n\n\tshutdown(p1, SHUT_WR);\n\nIn this case, in sk_psock_skb_ingress_enqueue(), num_sge is zero, and no\npage is put to this sge (see sg_set_page in sg_set_page), but this empty\nsge is queued into ingress_msg list.\n\nAnd in sk_msg_recvmsg(), this empty sge is used, and a NULL page is got by\nsg_page(sge). Pass this NULL page to copy_page_to_iter(), which passes it\nto kmap_local_page() and to page_address(), then kernel panics.\n\nTo solve this, we should skip this zero length skb. So in sk_msg_recvmsg(),\nif copy is zero, that means it\u0027s a zero length skb, skip invoking\ncopy_page_to_iter(). We are using the EFAULT return triggered by\ncopy_page_to_iter to check for is_fin in tcp_bpf.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41048",
"url": "https://www.suse.com/security/cve/CVE-2024-41048"
},
{
"category": "external",
"summary": "SUSE Bug 1228565 for CVE-2024-41048",
"url": "https://bugzilla.suse.com/1228565"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41048"
},
{
"cve": "CVE-2024-41049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: fix potential use-after-free in posix_lock_inode\n\nLight Hsieh reported a KASAN UAF warning in trace_posix_lock_inode().\nThe request pointer had been changed earlier to point to a lock entry\nthat was added to the inode\u0027s list. However, before the tracepoint could\nfire, another task raced in and freed that lock.\n\nFix this by moving the tracepoint inside the spinlock, which should\nensure that this doesn\u0027t happen.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41049",
"url": "https://www.suse.com/security/cve/CVE-2024-41049"
},
{
"category": "external",
"summary": "SUSE Bug 1228486 for CVE-2024-41049",
"url": "https://bugzilla.suse.com/1228486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41049"
},
{
"cve": "CVE-2024-41050",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41050"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: cyclic allocation of msg_id to avoid reuse\n\nReusing the msg_id after a maliciously completed reopen request may cause\na read request to remain unprocessed and result in a hung, as shown below:\n\n t1 | t2 | t3\n-------------------------------------------------\ncachefiles_ondemand_select_req\n cachefiles_ondemand_object_is_close(A)\n cachefiles_ondemand_set_object_reopening(A)\n queue_work(fscache_object_wq, \u0026info-\u003ework)\n ondemand_object_worker\n cachefiles_ondemand_init_object(A)\n cachefiles_ondemand_send_req(OPEN)\n // get msg_id 6\n wait_for_completion(\u0026req_A-\u003edone)\ncachefiles_ondemand_daemon_read\n // read msg_id 6 req_A\n cachefiles_ondemand_get_fd\n copy_to_user\n // Malicious completion msg_id 6\n copen 6,-1\n cachefiles_ondemand_copen\n complete(\u0026req_A-\u003edone)\n // will not set the object to close\n // because ondemand_id \u0026\u0026 fd is valid.\n\n // ondemand_object_worker() is done\n // but the object is still reopening.\n\n // new open req_B\n cachefiles_ondemand_init_object(B)\n cachefiles_ondemand_send_req(OPEN)\n // reuse msg_id 6\nprocess_open_req\n copen 6,A.size\n // The expected failed copen was executed successfully\n\nExpect copen to fail, and when it does, it closes fd, which sets the\nobject to close, and then close triggers reopen again. However, due to\nmsg_id reuse resulting in a successful copen, the anonymous fd is not\nclosed until the daemon exits. Therefore read requests waiting for reopen\nto complete may trigger hung task.\n\nTo avoid this issue, allocate the msg_id cyclically to avoid reusing the\nmsg_id for a very short duration of time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41050",
"url": "https://www.suse.com/security/cve/CVE-2024-41050"
},
{
"category": "external",
"summary": "SUSE Bug 1228499 for CVE-2024-41050",
"url": "https://bugzilla.suse.com/1228499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41050"
},
{
"cve": "CVE-2024-41051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: wait for ondemand_object_worker to finish when dropping object\n\nWhen queuing ondemand_object_worker() to re-open the object,\ncachefiles_object is not pinned. The cachefiles_object may be freed when\nthe pending read request is completed intentionally and the related\nerofs is umounted. If ondemand_object_worker() runs after the object is\nfreed, it will incur use-after-free problem as shown below.\n\nprocess A processs B process C process D\n\ncachefiles_ondemand_send_req()\n// send a read req X\n// wait for its completion\n\n // close ondemand fd\n cachefiles_ondemand_fd_release()\n // set object as CLOSE\n\n cachefiles_ondemand_daemon_read()\n // set object as REOPENING\n queue_work(fscache_wq, \u0026info-\u003eondemand_work)\n\n // close /dev/cachefiles\n cachefiles_daemon_release\n cachefiles_flush_reqs\n complete(\u0026req-\u003edone)\n\n// read req X is completed\n// umount the erofs fs\ncachefiles_put_object()\n// object will be freed\ncachefiles_ondemand_deinit_obj_info()\nkmem_cache_free(object)\n // both info and object are freed\n ondemand_object_worker()\n\nWhen dropping an object, it is no longer necessary to reopen the object,\nso use cancel_work_sync() to cancel or wait for ondemand_object_worker()\nto finish.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41051",
"url": "https://www.suse.com/security/cve/CVE-2024-41051"
},
{
"category": "external",
"summary": "SUSE Bug 1228468 for CVE-2024-41051",
"url": "https://bugzilla.suse.com/1228468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41051"
},
{
"cve": "CVE-2024-41056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files\n\nUse strnlen() instead of strlen() on the algorithm and coefficient name\nstring arrays in V1 wmfw files.\n\nIn V1 wmfw files the name is a NUL-terminated string in a fixed-size\narray. cs_dsp should protect against overrunning the array if the NUL\nterminator is missing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41056",
"url": "https://www.suse.com/security/cve/CVE-2024-41056"
},
{
"category": "external",
"summary": "SUSE Bug 1228480 for CVE-2024-41056",
"url": "https://bugzilla.suse.com/1228480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41056"
},
{
"cve": "CVE-2024-41057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie()\n\nWe got the following issue in our fault injection stress test:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in cachefiles_withdraw_cookie+0x4d9/0x600\nRead of size 8 at addr ffff888118efc000 by task kworker/u78:0/109\n\nCPU: 13 PID: 109 Comm: kworker/u78:0 Not tainted 6.8.0-dirty #566\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n cachefiles_withdraw_cookie+0x4d9/0x600\n fscache_cookie_state_machine+0x5c8/0x1230\n fscache_cookie_worker+0x91/0x1c0\n process_one_work+0x7fa/0x1800\n [...]\n\nAllocated by task 117:\n kmalloc_trace+0x1b3/0x3c0\n cachefiles_acquire_volume+0xf3/0x9c0\n fscache_create_volume_work+0x97/0x150\n process_one_work+0x7fa/0x1800\n [...]\n\nFreed by task 120301:\n kfree+0xf1/0x2c0\n cachefiles_withdraw_cache+0x3fa/0x920\n cachefiles_put_unbind_pincount+0x1f6/0x250\n cachefiles_daemon_release+0x13b/0x290\n __fput+0x204/0xa00\n task_work_run+0x139/0x230\n do_exit+0x87a/0x29b0\n [...]\n==================================================================\n\nFollowing is the process that triggers the issue:\n\n p1 | p2\n------------------------------------------------------------\n fscache_begin_lookup\n fscache_begin_volume_access\n fscache_cache_is_live(fscache_cache)\ncachefiles_daemon_release\n cachefiles_put_unbind_pincount\n cachefiles_daemon_unbind\n cachefiles_withdraw_cache\n fscache_withdraw_cache\n fscache_set_cache_state(cache, FSCACHE_CACHE_IS_WITHDRAWN);\n cachefiles_withdraw_objects(cache)\n fscache_wait_for_objects(fscache)\n atomic_read(\u0026fscache_cache-\u003eobject_count) == 0\n fscache_perform_lookup\n cachefiles_lookup_cookie\n cachefiles_alloc_object\n refcount_set(\u0026object-\u003eref, 1);\n object-\u003evolume = volume\n fscache_count_object(vcookie-\u003ecache);\n atomic_inc(\u0026fscache_cache-\u003eobject_count)\n cachefiles_withdraw_volumes\n cachefiles_withdraw_volume\n fscache_withdraw_volume\n __cachefiles_free_volume\n kfree(cachefiles_volume)\n fscache_cookie_state_machine\n cachefiles_withdraw_cookie\n cache = object-\u003evolume-\u003ecache;\n // cachefiles_volume UAF !!!\n\nAfter setting FSCACHE_CACHE_IS_WITHDRAWN, wait for all the cookie lookups\nto complete first, and then wait for fscache_cache-\u003eobject_count == 0 to\navoid the cookie exiting after the volume has been freed and triggering\nthe above issue. Therefore call fscache_withdraw_volume() before calling\ncachefiles_withdraw_objects().\n\nThis way, after setting FSCACHE_CACHE_IS_WITHDRAWN, only the following two\ncases will occur:\n1) fscache_begin_lookup fails in fscache_begin_volume_access().\n2) fscache_withdraw_volume() will ensure that fscache_count_object() has\n been executed before calling fscache_wait_for_objects().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41057",
"url": "https://www.suse.com/security/cve/CVE-2024-41057"
},
{
"category": "external",
"summary": "SUSE Bug 1228462 for CVE-2024-41057",
"url": "https://bugzilla.suse.com/1228462"
},
{
"category": "external",
"summary": "SUSE Bug 1229275 for CVE-2024-41057",
"url": "https://bugzilla.suse.com/1229275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-41057"
},
{
"cve": "CVE-2024-41058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix slab-use-after-free in fscache_withdraw_volume()\n\nWe got the following issue in our fault injection stress test:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in fscache_withdraw_volume+0x2e1/0x370\nRead of size 4 at addr ffff88810680be08 by task ondemand-04-dae/5798\n\nCPU: 0 PID: 5798 Comm: ondemand-04-dae Not tainted 6.8.0-dirty #565\nCall Trace:\n kasan_check_range+0xf6/0x1b0\n fscache_withdraw_volume+0x2e1/0x370\n cachefiles_withdraw_volume+0x31/0x50\n cachefiles_withdraw_cache+0x3ad/0x900\n cachefiles_put_unbind_pincount+0x1f6/0x250\n cachefiles_daemon_release+0x13b/0x290\n __fput+0x204/0xa00\n task_work_run+0x139/0x230\n\nAllocated by task 5820:\n __kmalloc+0x1df/0x4b0\n fscache_alloc_volume+0x70/0x600\n __fscache_acquire_volume+0x1c/0x610\n erofs_fscache_register_volume+0x96/0x1a0\n erofs_fscache_register_fs+0x49a/0x690\n erofs_fc_fill_super+0x6c0/0xcc0\n vfs_get_super+0xa9/0x140\n vfs_get_tree+0x8e/0x300\n do_new_mount+0x28c/0x580\n [...]\n\nFreed by task 5820:\n kfree+0xf1/0x2c0\n fscache_put_volume.part.0+0x5cb/0x9e0\n erofs_fscache_unregister_fs+0x157/0x1b0\n erofs_kill_sb+0xd9/0x1c0\n deactivate_locked_super+0xa3/0x100\n vfs_get_super+0x105/0x140\n vfs_get_tree+0x8e/0x300\n do_new_mount+0x28c/0x580\n [...]\n==================================================================\n\nFollowing is the process that triggers the issue:\n\n mount failed | daemon exit\n------------------------------------------------------------\n deactivate_locked_super cachefiles_daemon_release\n erofs_kill_sb\n erofs_fscache_unregister_fs\n fscache_relinquish_volume\n __fscache_relinquish_volume\n fscache_put_volume(fscache_volume, fscache_volume_put_relinquish)\n zero = __refcount_dec_and_test(\u0026fscache_volume-\u003eref, \u0026ref);\n cachefiles_put_unbind_pincount\n cachefiles_daemon_unbind\n cachefiles_withdraw_cache\n cachefiles_withdraw_volumes\n list_del_init(\u0026volume-\u003ecache_link)\n fscache_free_volume(fscache_volume)\n cache-\u003eops-\u003efree_volume\n cachefiles_free_volume\n list_del_init(\u0026cachefiles_volume-\u003ecache_link);\n kfree(fscache_volume)\n cachefiles_withdraw_volume\n fscache_withdraw_volume\n fscache_volume-\u003en_accesses\n // fscache_volume UAF !!!\n\nThe fscache_volume in cache-\u003evolumes must not have been freed yet, but its\nreference count may be 0. So use the new fscache_try_get_volume() helper\nfunction try to get its reference count.\n\nIf the reference count of fscache_volume is 0, fscache_put_volume() is\nfreeing it, so wait for it to be removed from cache-\u003evolumes.\n\nIf its reference count is not 0, call cachefiles_withdraw_volume() with\nreference count protection to avoid the above issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41058",
"url": "https://www.suse.com/security/cve/CVE-2024-41058"
},
{
"category": "external",
"summary": "SUSE Bug 1228459 for CVE-2024-41058",
"url": "https://bugzilla.suse.com/1228459"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41058"
},
{
"cve": "CVE-2024-41059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41059"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix uninit-value in copy_name\n\n[syzbot reported]\nBUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160\n sized_strscpy+0xc4/0x160\n copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411\n hfsplus_listxattr+0x11e9/0x1a50 fs/hfsplus/xattr.c:750\n vfs_listxattr fs/xattr.c:493 [inline]\n listxattr+0x1f3/0x6b0 fs/xattr.c:840\n path_listxattr fs/xattr.c:864 [inline]\n __do_sys_listxattr fs/xattr.c:876 [inline]\n __se_sys_listxattr fs/xattr.c:873 [inline]\n __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873\n x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3877 [inline]\n slab_alloc_node mm/slub.c:3918 [inline]\n kmalloc_trace+0x57b/0xbe0 mm/slub.c:4065\n kmalloc include/linux/slab.h:628 [inline]\n hfsplus_listxattr+0x4cc/0x1a50 fs/hfsplus/xattr.c:699\n vfs_listxattr fs/xattr.c:493 [inline]\n listxattr+0x1f3/0x6b0 fs/xattr.c:840\n path_listxattr fs/xattr.c:864 [inline]\n __do_sys_listxattr fs/xattr.c:876 [inline]\n __se_sys_listxattr fs/xattr.c:873 [inline]\n __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873\n x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[Fix]\nWhen allocating memory to strbuf, initialize memory to 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41059",
"url": "https://www.suse.com/security/cve/CVE-2024-41059"
},
{
"category": "external",
"summary": "SUSE Bug 1228561 for CVE-2024-41059",
"url": "https://bugzilla.suse.com/1228561"
},
{
"category": "external",
"summary": "SUSE Bug 1228573 for CVE-2024-41059",
"url": "https://bugzilla.suse.com/1228573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-41059"
},
{
"cve": "CVE-2024-41060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: check bo_va-\u003ebo is non-NULL before using it\n\nThe call to radeon_vm_clear_freed might clear bo_va-\u003ebo, so\nwe have to check it before dereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41060",
"url": "https://www.suse.com/security/cve/CVE-2024-41060"
},
{
"category": "external",
"summary": "SUSE Bug 1228567 for CVE-2024-41060",
"url": "https://bugzilla.suse.com/1228567"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41060"
},
{
"cve": "CVE-2024-41061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport\n\n[Why]\nPotential out of bounds access in dml2_calculate_rq_and_dlg_params()\nbecause the value of out_lowest_state_idx used as an index for FCLKChangeSupport\narray can be greater than 1.\n\n[How]\nCurrently dml2 core specifies identical values for all FCLKChangeSupport\nelements. Always use index 0 in the condition to avoid out of bounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41061",
"url": "https://www.suse.com/security/cve/CVE-2024-41061"
},
{
"category": "external",
"summary": "SUSE Bug 1228572 for CVE-2024-41061",
"url": "https://bugzilla.suse.com/1228572"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41061"
},
{
"cve": "CVE-2024-41062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbluetooth/l2cap: sync sock recv cb and release\n\nThe problem occurs between the system call to close the sock and hci_rx_work,\nwhere the former releases the sock and the latter accesses it without lock protection.\n\n CPU0 CPU1\n ---- ----\n sock_close hci_rx_work\n\t l2cap_sock_release hci_acldata_packet\n\t l2cap_sock_kill l2cap_recv_frame\n\t sk_free l2cap_conless_channel\n\t l2cap_sock_recv_cb\n\nIf hci_rx_work processes the data that needs to be received before the sock is\nclosed, then everything is normal; Otherwise, the work thread may access the\nreleased sock when receiving data.\n\nAdd a chan mutex in the rx callback of the sock to achieve synchronization between\nthe sock release and recv cb.\n\nSock is dead, so set chan data to NULL, avoid others use invalid sock pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41062",
"url": "https://www.suse.com/security/cve/CVE-2024-41062"
},
{
"category": "external",
"summary": "SUSE Bug 1228576 for CVE-2024-41062",
"url": "https://bugzilla.suse.com/1228576"
},
{
"category": "external",
"summary": "SUSE Bug 1228578 for CVE-2024-41062",
"url": "https://bugzilla.suse.com/1228578"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-41062"
},
{
"cve": "CVE-2024-41063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: cancel all works upon hci_unregister_dev()\n\nsyzbot is reporting that calling hci_release_dev() from hci_error_reset()\ndue to hci_dev_put() from hci_error_reset() can cause deadlock at\ndestroy_workqueue(), for hci_error_reset() is called from\nhdev-\u003ereq_workqueue which destroy_workqueue() needs to flush.\n\nWe need to make sure that hdev-\u003e{rx_work,cmd_work,tx_work} which are\nqueued into hdev-\u003eworkqueue and hdev-\u003e{power_on,error_reset} which are\nqueued into hdev-\u003ereq_workqueue are no longer running by the moment\n\n destroy_workqueue(hdev-\u003eworkqueue);\n destroy_workqueue(hdev-\u003ereq_workqueue);\n\nare called from hci_release_dev().\n\nCall cancel_work_sync() on these work items from hci_unregister_dev()\nas soon as hdev-\u003elist is removed from hci_dev_list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41063",
"url": "https://www.suse.com/security/cve/CVE-2024-41063"
},
{
"category": "external",
"summary": "SUSE Bug 1228580 for CVE-2024-41063",
"url": "https://bugzilla.suse.com/1228580"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41063"
},
{
"cve": "CVE-2024-41064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41064"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/eeh: avoid possible crash when edev-\u003epdev changes\n\nIf a PCI device is removed during eeh_pe_report_edev(), edev-\u003epdev\nwill change and can cause a crash, hold the PCI rescan/remove lock\nwhile taking a copy of edev-\u003epdev-\u003ebus.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41064",
"url": "https://www.suse.com/security/cve/CVE-2024-41064"
},
{
"category": "external",
"summary": "SUSE Bug 1228599 for CVE-2024-41064",
"url": "https://bugzilla.suse.com/1228599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41064"
},
{
"cve": "CVE-2024-41065",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41065"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Whitelist dtl slub object for copying to userspace\n\nReading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu-*\nresults in a BUG() when the config CONFIG_HARDENED_USERCOPY is enabled as\nshown below.\n\n kernel BUG at mm/usercopy.c:102!\n Oops: Exception in kernel mode, sig: 5 [#1]\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n Modules linked in: xfs libcrc32c dm_service_time sd_mod t10_pi sg ibmvfc\n scsi_transport_fc ibmveth pseries_wdt dm_multipath dm_mirror dm_region_hash dm_log dm_mod fuse\n CPU: 27 PID: 1815 Comm: python3 Not tainted 6.10.0-rc3 #85\n Hardware name: IBM,9040-MRX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NM1060_042) hv:phyp pSeries\n NIP: c0000000005d23d4 LR: c0000000005d23d0 CTR: 00000000006ee6f8\n REGS: c000000120c078c0 TRAP: 0700 Not tainted (6.10.0-rc3)\n MSR: 8000000000029033 \u003cSF,EE,ME,IR,DR,RI,LE\u003e CR: 2828220f XER: 0000000e\n CFAR: c0000000001fdc80 IRQMASK: 0\n [ ... GPRs omitted ... ]\n NIP [c0000000005d23d4] usercopy_abort+0x78/0xb0\n LR [c0000000005d23d0] usercopy_abort+0x74/0xb0\n Call Trace:\n usercopy_abort+0x74/0xb0 (unreliable)\n __check_heap_object+0xf8/0x120\n check_heap_object+0x218/0x240\n __check_object_size+0x84/0x1a4\n dtl_file_read+0x17c/0x2c4\n full_proxy_read+0x8c/0x110\n vfs_read+0xdc/0x3a0\n ksys_read+0x84/0x144\n system_call_exception+0x124/0x330\n system_call_vectored_common+0x15c/0x2ec\n --- interrupt: 3000 at 0x7fff81f3ab34\n\nCommit 6d07d1cd300f (\"usercopy: Restrict non-usercopy caches to size 0\")\nrequires that only whitelisted areas in slab/slub objects can be copied to\nuserspace when usercopy hardening is enabled using CONFIG_HARDENED_USERCOPY.\nDtl contains hypervisor dispatch events which are expected to be read by\nprivileged users. Hence mark this safe for user access.\nSpecify useroffset=0 and usersize=DISPATCH_LOG_BYTES to whitelist the\nentire object.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41065",
"url": "https://www.suse.com/security/cve/CVE-2024-41065"
},
{
"category": "external",
"summary": "SUSE Bug 1228636 for CVE-2024-41065",
"url": "https://bugzilla.suse.com/1228636"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41065"
},
{
"cve": "CVE-2024-41066",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41066"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Add tx check to prevent skb leak\n\nBelow is a summary of how the driver stores a reference to an skb during\ntransmit:\n tx_buff[free_map[consumer_index]]-\u003eskb = new_skb;\n free_map[consumer_index] = IBMVNIC_INVALID_MAP;\n consumer_index ++;\nWhere variable data looks like this:\n free_map == [4, IBMVNIC_INVALID_MAP, IBMVNIC_INVALID_MAP, 0, 3]\n \tconsumer_index^\n tx_buff == [skb=null, skb=\u003cptr\u003e, skb=\u003cptr\u003e, skb=null, skb=null]\n\nThe driver has checks to ensure that free_map[consumer_index] pointed to\na valid index but there was no check to ensure that this index pointed\nto an unused/null skb address. So, if, by some chance, our free_map and\ntx_buff lists become out of sync then we were previously risking an\nskb memory leak. This could then cause tcp congestion control to stop\nsending packets, eventually leading to ETIMEDOUT.\n\nTherefore, add a conditional to ensure that the skb address is null. If\nnot then warn the user (because this is still a bug that should be\npatched) and free the old pointer to prevent memleak/tcp problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41066",
"url": "https://www.suse.com/security/cve/CVE-2024-41066"
},
{
"category": "external",
"summary": "SUSE Bug 1228640 for CVE-2024-41066",
"url": "https://bugzilla.suse.com/1228640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41066"
},
{
"cve": "CVE-2024-41068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41068"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Fix sclp_init() cleanup on failure\n\nIf sclp_init() fails it only partially cleans up: if there are multiple\nfailing calls to sclp_init() sclp_state_change_event will be added several\ntimes to sclp_reg_list, which results in the following warning:\n\n------------[ cut here ]------------\nlist_add double add: new=000003ffe1598c10, prev=000003ffe1598bf0, next=000003ffe1598c10.\nWARNING: CPU: 0 PID: 1 at lib/list_debug.c:35 __list_add_valid_or_report+0xde/0xf8\nCPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-rc3\nKrnl PSW : 0404c00180000000 000003ffe0d6076a (__list_add_valid_or_report+0xe2/0xf8)\n R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\n...\nCall Trace:\n [\u003c000003ffe0d6076a\u003e] __list_add_valid_or_report+0xe2/0xf8\n([\u003c000003ffe0d60766\u003e] __list_add_valid_or_report+0xde/0xf8)\n [\u003c000003ffe0a8d37e\u003e] sclp_init+0x40e/0x450\n [\u003c000003ffe00009f2\u003e] do_one_initcall+0x42/0x1e0\n [\u003c000003ffe15b77a6\u003e] do_initcalls+0x126/0x150\n [\u003c000003ffe15b7a0a\u003e] kernel_init_freeable+0x1ba/0x1f8\n [\u003c000003ffe0d6650e\u003e] kernel_init+0x2e/0x180\n [\u003c000003ffe000301c\u003e] __ret_from_fork+0x3c/0x60\n [\u003c000003ffe0d759ca\u003e] ret_from_fork+0xa/0x30\n\nFix this by removing sclp_state_change_event from sclp_reg_list when\nsclp_init() fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41068",
"url": "https://www.suse.com/security/cve/CVE-2024-41068"
},
{
"category": "external",
"summary": "SUSE Bug 1228579 for CVE-2024-41068",
"url": "https://bugzilla.suse.com/1228579"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41068"
},
{
"cve": "CVE-2024-41069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: topology: Fix references to freed memory\n\nMost users after parsing a topology file, release memory used by it, so\nhaving pointer references directly into topology file contents is wrong.\nUse devm_kmemdup(), to allocate memory as needed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41069",
"url": "https://www.suse.com/security/cve/CVE-2024-41069"
},
{
"category": "external",
"summary": "SUSE Bug 1228644 for CVE-2024-41069",
"url": "https://bugzilla.suse.com/1228644"
},
{
"category": "external",
"summary": "SUSE Bug 1228645 for CVE-2024-41069",
"url": "https://bugzilla.suse.com/1228645"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-41069"
},
{
"cve": "CVE-2024-41070",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41070"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()\n\nAl reported a possible use-after-free (UAF) in kvm_spapr_tce_attach_iommu_group().\n\nIt looks up `stt` from tablefd, but then continues to use it after doing\nfdput() on the returned fd. After the fdput() the tablefd is free to be\nclosed by another thread. The close calls kvm_spapr_tce_release() and\nthen release_spapr_tce_table() (via call_rcu()) which frees `stt`.\n\nAlthough there are calls to rcu_read_lock() in\nkvm_spapr_tce_attach_iommu_group() they are not sufficient to prevent\nthe UAF, because `stt` is used outside the locked regions.\n\nWith an artifcial delay after the fdput() and a userspace program which\ntriggers the race, KASAN detects the UAF:\n\n BUG: KASAN: slab-use-after-free in kvm_spapr_tce_attach_iommu_group+0x298/0x720 [kvm]\n Read of size 4 at addr c000200027552c30 by task kvm-vfio/2505\n CPU: 54 PID: 2505 Comm: kvm-vfio Not tainted 6.10.0-rc3-next-20240612-dirty #1\n Hardware name: 8335-GTH POWER9 0x4e1202 opal:skiboot-v6.5.3-35-g1851b2a06 PowerNV\n Call Trace:\n dump_stack_lvl+0xb4/0x108 (unreliable)\n print_report+0x2b4/0x6ec\n kasan_report+0x118/0x2b0\n __asan_load4+0xb8/0xd0\n kvm_spapr_tce_attach_iommu_group+0x298/0x720 [kvm]\n kvm_vfio_set_attr+0x524/0xac0 [kvm]\n kvm_device_ioctl+0x144/0x240 [kvm]\n sys_ioctl+0x62c/0x1810\n system_call_exception+0x190/0x440\n system_call_vectored_common+0x15c/0x2ec\n ...\n Freed by task 0:\n ...\n kfree+0xec/0x3e0\n release_spapr_tce_table+0xd4/0x11c [kvm]\n rcu_core+0x568/0x16a0\n handle_softirqs+0x23c/0x920\n do_softirq_own_stack+0x6c/0x90\n do_softirq_own_stack+0x58/0x90\n __irq_exit_rcu+0x218/0x2d0\n irq_exit+0x30/0x80\n arch_local_irq_restore+0x128/0x230\n arch_local_irq_enable+0x1c/0x30\n cpuidle_enter_state+0x134/0x5cc\n cpuidle_enter+0x6c/0xb0\n call_cpuidle+0x7c/0x100\n do_idle+0x394/0x410\n cpu_startup_entry+0x60/0x70\n start_secondary+0x3fc/0x410\n start_secondary_prolog+0x10/0x14\n\nFix it by delaying the fdput() until `stt` is no longer in use, which\nis effectively the entire function. To keep the patch minimal add a call\nto fdput() at each of the existing return paths. Future work can convert\nthe function to goto or __cleanup style cleanup.\n\nWith the fix in place the test case no longer triggers the UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41070",
"url": "https://www.suse.com/security/cve/CVE-2024-41070"
},
{
"category": "external",
"summary": "SUSE Bug 1228581 for CVE-2024-41070",
"url": "https://bugzilla.suse.com/1228581"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41070"
},
{
"cve": "CVE-2024-41071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41071"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41071",
"url": "https://www.suse.com/security/cve/CVE-2024-41071"
},
{
"category": "external",
"summary": "SUSE Bug 1228625 for CVE-2024-41071",
"url": "https://bugzilla.suse.com/1228625"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41071"
},
{
"cve": "CVE-2024-41072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41072"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: wext: add extra SIOCSIWSCAN data check\n\nIn \u0027cfg80211_wext_siwscan()\u0027, add extra check whether number of\nchannels passed via \u0027ioctl(sock, SIOCSIWSCAN, ...)\u0027 doesn\u0027t exceed\nIW_MAX_FREQUENCIES and reject invalid request with -EINVAL otherwise.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41072",
"url": "https://www.suse.com/security/cve/CVE-2024-41072"
},
{
"category": "external",
"summary": "SUSE Bug 1228626 for CVE-2024-41072",
"url": "https://bugzilla.suse.com/1228626"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41072"
},
{
"cve": "CVE-2024-41073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: avoid double free special payload\n\nIf a discard request needs to be retried, and that retry may fail before\na new special payload is added, a double free will result. Clear the\nRQF_SPECIAL_LOAD when the request is cleaned.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41073",
"url": "https://www.suse.com/security/cve/CVE-2024-41073"
},
{
"category": "external",
"summary": "SUSE Bug 1228635 for CVE-2024-41073",
"url": "https://bugzilla.suse.com/1228635"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41073"
},
{
"cve": "CVE-2024-41074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41074"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set object to close if ondemand_id \u003c 0 in copen\n\nIf copen is maliciously called in the user mode, it may delete the request\ncorresponding to the random id. And the request may have not been read yet.\n\nNote that when the object is set to reopen, the open request will be done\nwith the still reopen state in above case. As a result, the request\ncorresponding to this object is always skipped in select_req function, so\nthe read request is never completed and blocks other process.\n\nFix this issue by simply set object to close if its id \u003c 0 in copen.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41074",
"url": "https://www.suse.com/security/cve/CVE-2024-41074"
},
{
"category": "external",
"summary": "SUSE Bug 1228643 for CVE-2024-41074",
"url": "https://bugzilla.suse.com/1228643"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41074"
},
{
"cve": "CVE-2024-41075",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41075"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: add consistency check for copen/cread\n\nThis prevents malicious processes from completing random copen/cread\nrequests and crashing the system. Added checks are listed below:\n\n * Generic, copen can only complete open requests, and cread can only\n complete read requests.\n * For copen, ondemand_id must not be 0, because this indicates that the\n request has not been read by the daemon.\n * For cread, the object corresponding to fd and req should be the same.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41075",
"url": "https://www.suse.com/security/cve/CVE-2024-41075"
},
{
"category": "external",
"summary": "SUSE Bug 1228646 for CVE-2024-41075",
"url": "https://bugzilla.suse.com/1228646"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41075"
},
{
"cve": "CVE-2024-41076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4: Fix memory leak in nfs4_set_security_label\n\nWe leak nfs_fattr and nfs4_label every time we set a security xattr.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41076",
"url": "https://www.suse.com/security/cve/CVE-2024-41076"
},
{
"category": "external",
"summary": "SUSE Bug 1228649 for CVE-2024-41076",
"url": "https://bugzilla.suse.com/1228649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41076"
},
{
"cve": "CVE-2024-41078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: fix quota root leak after quota disable failure\n\nIf during the quota disable we fail when cleaning the quota tree or when\ndeleting the root from the root tree, we jump to the \u0027out\u0027 label without\never dropping the reference on the quota root, resulting in a leak of the\nroot since fs_info-\u003equota_root is no longer pointing to the root (we have\nset it to NULL just before those steps).\n\nFix this by always doing a btrfs_put_root() call under the \u0027out\u0027 label.\nThis is a problem that exists since qgroups were first added in 2012 by\ncommit bed92eae26cc (\"Btrfs: qgroup implementation and prototypes\"), but\nback then we missed a kfree on the quota root and free_extent_buffer()\ncalls on its root and commit root nodes, since back then roots were not\nyet reference counted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41078",
"url": "https://www.suse.com/security/cve/CVE-2024-41078"
},
{
"category": "external",
"summary": "SUSE Bug 1228655 for CVE-2024-41078",
"url": "https://bugzilla.suse.com/1228655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41078"
},
{
"cve": "CVE-2024-41079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: always initialize cqe.result\n\nThe spec doesn\u0027t mandate that the first two double words (aka results)\nfor the command queue entry need to be set to 0 when they are not\nused (not specified). Though, the target implemention returns 0 for TCP\nand FC but not for RDMA.\n\nLet\u0027s make RDMA behave the same and thus explicitly initializing the\nresult field. This prevents leaking any data from the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41079",
"url": "https://www.suse.com/security/cve/CVE-2024-41079"
},
{
"category": "external",
"summary": "SUSE Bug 1228615 for CVE-2024-41079",
"url": "https://bugzilla.suse.com/1228615"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41079"
},
{
"cve": "CVE-2024-41080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix possible deadlock in io_register_iowq_max_workers()\n\nThe io_register_iowq_max_workers() function calls io_put_sq_data(),\nwhich acquires the sqd-\u003elock without releasing the uring_lock.\nSimilar to the commit 009ad9f0c6ee (\"io_uring: drop ctx-\u003euring_lock\nbefore acquiring sqd-\u003elock\"), this can lead to a potential deadlock\nsituation.\n\nTo resolve this issue, the uring_lock is released before calling\nio_put_sq_data(), and then it is re-acquired after the function call.\n\nThis change ensures that the locks are acquired in the correct\norder, preventing the possibility of a deadlock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41080",
"url": "https://www.suse.com/security/cve/CVE-2024-41080"
},
{
"category": "external",
"summary": "SUSE Bug 1228616 for CVE-2024-41080",
"url": "https://bugzilla.suse.com/1228616"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41080"
},
{
"cve": "CVE-2024-41081",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41081"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: block BH in ila_output()\n\nAs explained in commit 1378817486d6 (\"tipc: block BH\nbefore using dst_cache\"), net/core/dst_cache.c\nhelpers need to be called with BH disabled.\n\nila_output() is called from lwtunnel_output()\npossibly from process context, and under rcu_read_lock().\n\nWe might be interrupted by a softirq, re-enter ila_output()\nand corrupt dst_cache data structures.\n\nFix the race by using local_bh_disable().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41081",
"url": "https://www.suse.com/security/cve/CVE-2024-41081"
},
{
"category": "external",
"summary": "SUSE Bug 1228617 for CVE-2024-41081",
"url": "https://bugzilla.suse.com/1228617"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41081"
},
{
"cve": "CVE-2024-41084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41084"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Avoid null pointer dereference in region lookup\n\ncxl_dpa_to_region() looks up a region based on a memdev and DPA.\nIt wrongly assumes an endpoint found mapping the DPA is also of\na fully assembled region. When not true it leads to a null pointer\ndereference looking up the region name.\n\nThis appears during testing of region lookup after a failure to\nassemble a BIOS defined region or if the lookup raced with the\nassembly of the BIOS defined region.\n\nFailure to clean up BIOS defined regions that fail assembly is an\nissue in itself and a fix to that problem will alleviate some of\nthe impact. It will not alleviate the race condition so let\u0027s harden\nthis path.\n\nThe behavior change is that the kernel oops due to a null pointer\ndereference is replaced with a dev_dbg() message noting that an\nendpoint was mapped.\n\nAdditional comments are added so that future users of this function\ncan more clearly understand what it provides.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41084",
"url": "https://www.suse.com/security/cve/CVE-2024-41084"
},
{
"category": "external",
"summary": "SUSE Bug 1228472 for CVE-2024-41084",
"url": "https://bugzilla.suse.com/1228472"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41084"
},
{
"cve": "CVE-2024-41087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-core: Fix double free on error\n\nIf e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump\nto the err_out label, which will call devres_release_group().\ndevres_release_group() will trigger a call to ata_host_release().\nata_host_release() calls kfree(host), so executing the kfree(host) in\nata_host_alloc() will lead to a double free:\n\nkernel BUG at mm/slub.c:553!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 11 PID: 599 Comm: (udev-worker) Not tainted 6.10.0-rc5 #47\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:kfree+0x2cf/0x2f0\nCode: 5d 41 5e 41 5f 5d e9 80 d6 ff ff 4d 89 f1 41 b8 01 00 00 00 48 89 d9 48 89 da\nRSP: 0018:ffffc90000f377f0 EFLAGS: 00010246\nRAX: ffff888112b1f2c0 RBX: ffff888112b1f2c0 RCX: ffff888112b1f320\nRDX: 000000000000400b RSI: ffffffffc02c9de5 RDI: ffff888112b1f2c0\nRBP: ffffc90000f37830 R08: 0000000000000000 R09: 0000000000000000\nR10: ffffc90000f37610 R11: 617461203a736b6e R12: ffffea00044ac780\nR13: ffff888100046400 R14: ffffffffc02c9de5 R15: 0000000000000006\nFS: 00007f2f1cabe980(0000) GS:ffff88813b380000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f2f1c3acf75 CR3: 0000000111724000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0xca/0x110\n ? do_error_trap+0x6a/0x90\n ? kfree+0x2cf/0x2f0\n ? exc_invalid_op+0x50/0x70\n ? kfree+0x2cf/0x2f0\n ? asm_exc_invalid_op+0x1a/0x20\n ? ata_host_alloc+0xf5/0x120 [libata]\n ? ata_host_alloc+0xf5/0x120 [libata]\n ? kfree+0x2cf/0x2f0\n ata_host_alloc+0xf5/0x120 [libata]\n ata_host_alloc_pinfo+0x14/0xa0 [libata]\n ahci_init_one+0x6c9/0xd20 [ahci]\n\nEnsure that we will not call kfree(host) twice, by performing the kfree()\nonly if the devres_open_group() call failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41087",
"url": "https://www.suse.com/security/cve/CVE-2024-41087"
},
{
"category": "external",
"summary": "SUSE Bug 1228466 for CVE-2024-41087",
"url": "https://bugzilla.suse.com/1228466"
},
{
"category": "external",
"summary": "SUSE Bug 1228740 for CVE-2024-41087",
"url": "https://bugzilla.suse.com/1228740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-41087"
},
{
"cve": "CVE-2024-41088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251xfd: fix infinite loop when xmit fails\n\nWhen the mcp251xfd_start_xmit() function fails, the driver stops\nprocessing messages, and the interrupt routine does not return,\nrunning indefinitely even after killing the running application.\n\nError messages:\n[ 441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16\n[ 441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf, tef_head=0x000017d0, tx_head=0x000017d3).\n... and repeat forever.\n\nThe issue can be triggered when multiple devices share the same SPI\ninterface. And there is concurrent access to the bus.\n\nThe problem occurs because tx_ring-\u003ehead increments even if\nmcp251xfd_start_xmit() fails. Consequently, the driver skips one TX\npackage while still expecting a response in\nmcp251xfd_handle_tefif_one().\n\nResolve the issue by starting a workqueue to write the tx obj\nsynchronously if err = -EBUSY. In case of another error, decrement\ntx_ring-\u003ehead, remove skb from the echo stack, and drop the message.\n\n[mkl: use more imperative wording in patch description]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41088",
"url": "https://www.suse.com/security/cve/CVE-2024-41088"
},
{
"category": "external",
"summary": "SUSE Bug 1228469 for CVE-2024-41088",
"url": "https://bugzilla.suse.com/1228469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41088"
},
{
"cve": "CVE-2024-41089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes\n\nIn nv17_tv_get_hd_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). The same applies to drm_cvt_mode().\nAdd a check to avoid null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41089",
"url": "https://www.suse.com/security/cve/CVE-2024-41089"
},
{
"category": "external",
"summary": "SUSE Bug 1228658 for CVE-2024-41089",
"url": "https://bugzilla.suse.com/1228658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41089"
},
{
"cve": "CVE-2024-41092",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41092"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Fix potential UAF by revoke of fence registers\n\nCI has been sporadically reporting the following issue triggered by\nigt@i915_selftest@live@hangcheck on ADL-P and similar machines:\n\n\u003c6\u003e [414.049203] i915: Running intel_hangcheck_live_selftests/igt_reset_evict_fence\n...\n\u003c6\u003e [414.068804] i915 0000:00:02.0: [drm] GT0: GUC: submission enabled\n\u003c6\u003e [414.068812] i915 0000:00:02.0: [drm] GT0: GUC: SLPC enabled\n\u003c3\u003e [414.070354] Unable to pin Y-tiled fence; err:-4\n\u003c3\u003e [414.071282] i915_vma_revoke_fence:301 GEM_BUG_ON(!i915_active_is_idle(\u0026fence-\u003eactive))\n...\n\u003c4\u003e[ 609.603992] ------------[ cut here ]------------\n\u003c2\u003e[ 609.603995] kernel BUG at drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c:301!\n\u003c4\u003e[ 609.604003] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n\u003c4\u003e[ 609.604006] CPU: 0 PID: 268 Comm: kworker/u64:3 Tainted: G U W 6.9.0-CI_DRM_14785-g1ba62f8cea9c+ #1\n\u003c4\u003e[ 609.604008] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023\n\u003c4\u003e[ 609.604010] Workqueue: i915 __i915_gem_free_work [i915]\n\u003c4\u003e[ 609.604149] RIP: 0010:i915_vma_revoke_fence+0x187/0x1f0 [i915]\n...\n\u003c4\u003e[ 609.604271] Call Trace:\n\u003c4\u003e[ 609.604273] \u003cTASK\u003e\n...\n\u003c4\u003e[ 609.604716] __i915_vma_evict+0x2e9/0x550 [i915]\n\u003c4\u003e[ 609.604852] __i915_vma_unbind+0x7c/0x160 [i915]\n\u003c4\u003e[ 609.604977] force_unbind+0x24/0xa0 [i915]\n\u003c4\u003e[ 609.605098] i915_vma_destroy+0x2f/0xa0 [i915]\n\u003c4\u003e[ 609.605210] __i915_gem_object_pages_fini+0x51/0x2f0 [i915]\n\u003c4\u003e[ 609.605330] __i915_gem_free_objects.isra.0+0x6a/0xc0 [i915]\n\u003c4\u003e[ 609.605440] process_scheduled_works+0x351/0x690\n...\n\nIn the past, there were similar failures reported by CI from other IGT\ntests, observed on other platforms.\n\nBefore commit 63baf4f3d587 (\"drm/i915/gt: Only wait for GPU activity\nbefore unbinding a GGTT fence\"), i915_vma_revoke_fence() was waiting for\nidleness of vma-\u003eactive via fence_update(). That commit introduced\nvma-\u003efence-\u003eactive in order for the fence_update() to be able to wait\nselectively on that one instead of vma-\u003eactive since only idleness of\nfence registers was needed. But then, another commit 0d86ee35097a\n(\"drm/i915/gt: Make fence revocation unequivocal\") replaced the call to\nfence_update() in i915_vma_revoke_fence() with only fence_write(), and\nalso added that GEM_BUG_ON(!i915_active_is_idle(\u0026fence-\u003eactive)) in front.\nNo justification was provided on why we might then expect idleness of\nvma-\u003efence-\u003eactive without first waiting on it.\n\nThe issue can be potentially caused by a race among revocation of fence\nregisters on one side and sequential execution of signal callbacks invoked\non completion of a request that was using them on the other, still\nprocessed in parallel to revocation of those fence registers. Fix it by\nwaiting for idleness of vma-\u003efence-\u003eactive in i915_vma_revoke_fence().\n\n(cherry picked from commit 24bb052d3dd499c5956abad5f7d8e4fd07da7fb1)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41092",
"url": "https://www.suse.com/security/cve/CVE-2024-41092"
},
{
"category": "external",
"summary": "SUSE Bug 1228483 for CVE-2024-41092",
"url": "https://bugzilla.suse.com/1228483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41092"
},
{
"cve": "CVE-2024-41093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41093"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid using null object of framebuffer\n\nInstead of using state-\u003efb-\u003eobj[0] directly, get object from framebuffer\nby calling drm_gem_fb_get_obj() and return error code when object is\nnull to avoid using null object of framebuffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41093",
"url": "https://www.suse.com/security/cve/CVE-2024-41093"
},
{
"category": "external",
"summary": "SUSE Bug 1228660 for CVE-2024-41093",
"url": "https://bugzilla.suse.com/1228660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41093"
},
{
"cve": "CVE-2024-41094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41094"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/fbdev-dma: Only set smem_start is enable per module option\n\nOnly export struct fb_info.fix.smem_start if that is required by the\nuser and the memory does not come from vmalloc().\n\nSetting struct fb_info.fix.smem_start breaks systems where DMA\nmemory is backed by vmalloc address space. An example error is\nshown below.\n\n[ 3.536043] ------------[ cut here ]------------\n[ 3.540716] virt_to_phys used for non-linear address: 000000007fc4f540 (0xffff800086001000)\n[ 3.552628] WARNING: CPU: 4 PID: 61 at arch/arm64/mm/physaddr.c:12 __virt_to_phys+0x68/0x98\n[ 3.565455] Modules linked in:\n[ 3.568525] CPU: 4 PID: 61 Comm: kworker/u12:5 Not tainted 6.6.23-06226-g4986cc3e1b75-dirty #250\n[ 3.577310] Hardware name: NXP i.MX95 19X19 board (DT)\n[ 3.582452] Workqueue: events_unbound deferred_probe_work_func\n[ 3.588291] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 3.595233] pc : __virt_to_phys+0x68/0x98\n[ 3.599246] lr : __virt_to_phys+0x68/0x98\n[ 3.603276] sp : ffff800083603990\n[ 3.677939] Call trace:\n[ 3.680393] __virt_to_phys+0x68/0x98\n[ 3.684067] drm_fbdev_dma_helper_fb_probe+0x138/0x238\n[ 3.689214] __drm_fb_helper_initial_config_and_unlock+0x2b0/0x4c0\n[ 3.695385] drm_fb_helper_initial_config+0x4c/0x68\n[ 3.700264] drm_fbdev_dma_client_hotplug+0x8c/0xe0\n[ 3.705161] drm_client_register+0x60/0xb0\n[ 3.709269] drm_fbdev_dma_setup+0x94/0x148\n\nAdditionally, DMA memory is assumed to by contiguous in physical\naddress space, which is not guaranteed by vmalloc().\n\nResolve this by checking the module flag drm_leak_fbdev_smem when\nDRM allocated the instance of struct fb_info. Fbdev-dma then only\nsets smem_start only if required (via FBINFO_HIDE_SMEM_START). Also\nguarantee that the framebuffer is not located in vmalloc address\nspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41094",
"url": "https://www.suse.com/security/cve/CVE-2024-41094"
},
{
"category": "external",
"summary": "SUSE Bug 1228458 for CVE-2024-41094",
"url": "https://bugzilla.suse.com/1228458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41094"
},
{
"cve": "CVE-2024-41095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes\n\nIn nv17_tv_get_ld_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41095",
"url": "https://www.suse.com/security/cve/CVE-2024-41095"
},
{
"category": "external",
"summary": "SUSE Bug 1228662 for CVE-2024-41095",
"url": "https://bugzilla.suse.com/1228662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41095"
},
{
"cve": "CVE-2024-41096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/MSI: Fix UAF in msi_capability_init\n\nKFENCE reports the following UAF:\n\n BUG: KFENCE: use-after-free read in __pci_enable_msi_range+0x2c0/0x488\n\n Use-after-free read at 0x0000000024629571 (in kfence-#12):\n __pci_enable_msi_range+0x2c0/0x488\n pci_alloc_irq_vectors_affinity+0xec/0x14c\n pci_alloc_irq_vectors+0x18/0x28\n\n kfence-#12: 0x0000000008614900-0x00000000e06c228d, size=104, cache=kmalloc-128\n\n allocated by task 81 on cpu 7 at 10.808142s:\n __kmem_cache_alloc_node+0x1f0/0x2bc\n kmalloc_trace+0x44/0x138\n msi_alloc_desc+0x3c/0x9c\n msi_domain_insert_msi_desc+0x30/0x78\n msi_setup_msi_desc+0x13c/0x184\n __pci_enable_msi_range+0x258/0x488\n pci_alloc_irq_vectors_affinity+0xec/0x14c\n pci_alloc_irq_vectors+0x18/0x28\n\n freed by task 81 on cpu 7 at 10.811436s:\n msi_domain_free_descs+0xd4/0x10c\n msi_domain_free_locked.part.0+0xc0/0x1d8\n msi_domain_alloc_irqs_all_locked+0xb4/0xbc\n pci_msi_setup_msi_irqs+0x30/0x4c\n __pci_enable_msi_range+0x2a8/0x488\n pci_alloc_irq_vectors_affinity+0xec/0x14c\n pci_alloc_irq_vectors+0x18/0x28\n\nDescriptor allocation done in:\n__pci_enable_msi_range\n msi_capability_init\n msi_setup_msi_desc\n msi_insert_msi_desc\n msi_domain_insert_msi_desc\n msi_alloc_desc\n ...\n\nFreed in case of failure in __msi_domain_alloc_locked()\n__pci_enable_msi_range\n msi_capability_init\n pci_msi_setup_msi_irqs\n msi_domain_alloc_irqs_all_locked\n msi_domain_alloc_locked\n __msi_domain_alloc_locked =\u003e fails\n msi_domain_free_locked\n ...\n\nThat failure propagates back to pci_msi_setup_msi_irqs() in\nmsi_capability_init() which accesses the descriptor for unmasking in the\nerror exit path.\n\nCure it by copying the descriptor and using the copy for the error exit path\nunmask operation.\n\n[ tglx: Massaged change log ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41096",
"url": "https://www.suse.com/security/cve/CVE-2024-41096"
},
{
"category": "external",
"summary": "SUSE Bug 1228479 for CVE-2024-41096",
"url": "https://bugzilla.suse.com/1228479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41096"
},
{
"cve": "CVE-2024-41097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41097"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: atm: cxacru: fix endpoint checking in cxacru_bind()\n\nSyzbot is still reporting quite an old issue [1] that occurs due to\nincomplete checking of present usb endpoints. As such, wrong\nendpoints types may be used at urb sumbitting stage which in turn\ntriggers a warning in usb_submit_urb().\n\nFix the issue by verifying that required endpoint types are present\nfor both in and out endpoints, taking into account cmd endpoint type.\n\nUnfortunately, this patch has not been tested on real hardware.\n\n[1] Syzbot report:\nusb 1-1: BOGUS urb xfer, pipe 1 != type 3\nWARNING: CPU: 0 PID: 8667 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\nModules linked in:\nCPU: 0 PID: 8667 Comm: kworker/0:4 Not tainted 5.14.0-rc4-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\n...\nCall Trace:\n cxacru_cm+0x3c0/0x8e0 drivers/usb/atm/cxacru.c:649\n cxacru_card_status+0x22/0xd0 drivers/usb/atm/cxacru.c:760\n cxacru_bind+0x7ac/0x11a0 drivers/usb/atm/cxacru.c:1209\n usbatm_usb_probe+0x321/0x1ae0 drivers/usb/atm/usbatm.c:1055\n cxacru_usb_probe+0xdf/0x1e0 drivers/usb/atm/cxacru.c:1363\n usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:517 [inline]\n really_probe+0x23c/0xcd0 drivers/base/dd.c:595\n __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747\n driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777\n __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894\n bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427\n __device_attach+0x228/0x4a0 drivers/base/dd.c:965\n bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487\n device_add+0xc2f/0x2180 drivers/base/core.c:3354\n usb_set_configuration+0x113a/0x1910 drivers/usb/core/message.c:2170\n usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238\n usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41097",
"url": "https://www.suse.com/security/cve/CVE-2024-41097"
},
{
"category": "external",
"summary": "SUSE Bug 1228513 for CVE-2024-41097",
"url": "https://bugzilla.suse.com/1228513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41097"
},
{
"cve": "CVE-2024-41098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41098"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-core: Fix null pointer dereference on error\n\nIf the ata_port_alloc() call in ata_host_alloc() fails,\nata_host_release() will get called.\n\nHowever, the code in ata_host_release() tries to free ata_port struct\nmembers unconditionally, which can lead to the following:\n\nBUG: unable to handle page fault for address: 0000000000003990\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 10 PID: 594 Comm: (udev-worker) Not tainted 6.10.0-rc5 #44\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:ata_host_release.cold+0x2f/0x6e [libata]\nCode: e4 4d 63 f4 44 89 e2 48 c7 c6 90 ad 32 c0 48 c7 c7 d0 70 33 c0 49 83 c6 0e 41\nRSP: 0018:ffffc90000ebb968 EFLAGS: 00010246\nRAX: 0000000000000041 RBX: ffff88810fb52e78 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff88813b3218c0 RDI: ffff88813b3218c0\nRBP: ffff88810fb52e40 R08: 0000000000000000 R09: 6c65725f74736f68\nR10: ffffc90000ebb738 R11: 73692033203a746e R12: 0000000000000004\nR13: 0000000000000000 R14: 0000000000000011 R15: 0000000000000006\nFS: 00007f6cc55b9980(0000) GS:ffff88813b300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000003990 CR3: 00000001122a2000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? page_fault_oops+0x15a/0x2f0\n ? exc_page_fault+0x7e/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? ata_host_release.cold+0x2f/0x6e [libata]\n ? ata_host_release.cold+0x2f/0x6e [libata]\n release_nodes+0x35/0xb0\n devres_release_group+0x113/0x140\n ata_host_alloc+0xed/0x120 [libata]\n ata_host_alloc_pinfo+0x14/0xa0 [libata]\n ahci_init_one+0x6c9/0xd20 [ahci]\n\nDo not access ata_port struct members unconditionally.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41098",
"url": "https://www.suse.com/security/cve/CVE-2024-41098"
},
{
"category": "external",
"summary": "SUSE Bug 1228467 for CVE-2024-41098",
"url": "https://bugzilla.suse.com/1228467"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-41098"
},
{
"cve": "CVE-2024-42064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42064"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip pipe if the pipe idx not set properly\n\n[why]\nDriver crashes when pipe idx not set properly\n\n[how]\nAdd code to skip the pipe that idx not set properly",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42064",
"url": "https://www.suse.com/security/cve/CVE-2024-42064"
},
{
"category": "external",
"summary": "SUSE Bug 1228586 for CVE-2024-42064",
"url": "https://bugzilla.suse.com/1228586"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42064"
},
{
"cve": "CVE-2024-42069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix possible double free in error handling path\n\nWhen auxiliary_device_add() returns error and then calls\nauxiliary_device_uninit(), callback function adev_release\ncalls kfree(madev). We shouldn\u0027t call kfree(madev) again\nin the error handling path. Set \u0027madev\u0027 to NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42069",
"url": "https://www.suse.com/security/cve/CVE-2024-42069"
},
{
"category": "external",
"summary": "SUSE Bug 1228463 for CVE-2024-42069",
"url": "https://bugzilla.suse.com/1228463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42069"
},
{
"cve": "CVE-2024-42070",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42070"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers\n\nregister store validation for NFT_DATA_VALUE is conditional, however,\nthe datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This\nonly requires a new helper function to infer the register type from the\nset datatype so this conditional check can be removed. Otherwise,\npointer to chain object can be leaked through the registers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42070",
"url": "https://www.suse.com/security/cve/CVE-2024-42070"
},
{
"category": "external",
"summary": "SUSE Bug 1228470 for CVE-2024-42070",
"url": "https://bugzilla.suse.com/1228470"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42070"
},
{
"cve": "CVE-2024-42073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems\n\nThe following two shared buffer operations make use of the Shared Buffer\nStatus Register (SBSR):\n\n # devlink sb occupancy snapshot pci/0000:01:00.0\n # devlink sb occupancy clearmax pci/0000:01:00.0\n\nThe register has two masks of 256 bits to denote on which ingress /\negress ports the register should operate on. Spectrum-4 has more than\n256 ports, so the register was extended by cited commit with a new\n\u0027port_page\u0027 field.\n\nHowever, when filling the register\u0027s payload, the driver specifies the\nports as absolute numbers and not relative to the first port of the port\npage, resulting in memory corruptions [1].\n\nFix by specifying the ports relative to the first port of the port page.\n\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_sb_occ_snapshot+0xb6d/0xbc0\nRead of size 1 at addr ffff8881068cb00f by task devlink/1566\n[...]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xc6/0x120\n print_report+0xce/0x670\n kasan_report+0xd7/0x110\n mlxsw_sp_sb_occ_snapshot+0xb6d/0xbc0\n mlxsw_devlink_sb_occ_snapshot+0x75/0xb0\n devlink_nl_sb_occ_snapshot_doit+0x1f9/0x2a0\n genl_family_rcv_msg_doit+0x20c/0x300\n genl_rcv_msg+0x567/0x800\n netlink_rcv_skb+0x170/0x450\n genl_rcv+0x2d/0x40\n netlink_unicast+0x547/0x830\n netlink_sendmsg+0x8d4/0xdb0\n __sys_sendto+0x49b/0x510\n __x64_sys_sendto+0xe5/0x1c0\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[...]\nAllocated by task 1:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n copy_verifier_state+0xbc2/0xfb0\n do_check_common+0x2c51/0xc7e0\n bpf_check+0x5107/0x9960\n bpf_prog_load+0xf0e/0x2690\n __sys_bpf+0x1a61/0x49d0\n __x64_sys_bpf+0x7d/0xc0\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 1:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n poison_slab_object+0x109/0x170\n __kasan_slab_free+0x14/0x30\n kfree+0xca/0x2b0\n free_verifier_state+0xce/0x270\n do_check_common+0x4828/0xc7e0\n bpf_check+0x5107/0x9960\n bpf_prog_load+0xf0e/0x2690\n __sys_bpf+0x1a61/0x49d0\n __x64_sys_bpf+0x7d/0xc0\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42073",
"url": "https://www.suse.com/security/cve/CVE-2024-42073"
},
{
"category": "external",
"summary": "SUSE Bug 1228457 for CVE-2024-42073",
"url": "https://bugzilla.suse.com/1228457"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42073"
},
{
"cve": "CVE-2024-42074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42074"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: acp: add a null check for chip_pdev structure\n\nWhen acp platform device creation is skipped, chip-\u003echip_pdev value will\nremain NULL. Add NULL check for chip-\u003echip_pdev structure in\nsnd_acp_resume() function to avoid null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42074",
"url": "https://www.suse.com/security/cve/CVE-2024-42074"
},
{
"category": "external",
"summary": "SUSE Bug 1228481 for CVE-2024-42074",
"url": "https://bugzilla.suse.com/1228481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42074"
},
{
"cve": "CVE-2024-42076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: can: j1939: Initialize unused data in j1939_send_one()\n\nsyzbot reported kernel-infoleak in raw_recvmsg() [1]. j1939_send_one()\ncreates full frame including unused data, but it doesn\u0027t initialize\nit. This causes the kernel-infoleak issue. Fix this by initializing\nunused data.\n\n[1]\nBUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\nBUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline]\nBUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline]\nBUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\nBUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline]\nBUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n copy_to_user_iter lib/iov_iter.c:24 [inline]\n iterate_ubuf include/linux/iov_iter.h:29 [inline]\n iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n iterate_and_advance include/linux/iov_iter.h:271 [inline]\n _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185\n copy_to_iter include/linux/uio.h:196 [inline]\n memcpy_to_msg include/linux/skbuff.h:4113 [inline]\n raw_recvmsg+0x2b8/0x9e0 net/can/raw.c:1008\n sock_recvmsg_nosec net/socket.c:1046 [inline]\n sock_recvmsg+0x2c4/0x340 net/socket.c:1068\n ____sys_recvmsg+0x18a/0x620 net/socket.c:2803\n ___sys_recvmsg+0x223/0x840 net/socket.c:2845\n do_recvmmsg+0x4fc/0xfd0 net/socket.c:2939\n __sys_recvmmsg net/socket.c:3018 [inline]\n __do_sys_recvmmsg net/socket.c:3041 [inline]\n __se_sys_recvmmsg net/socket.c:3034 [inline]\n __x64_sys_recvmmsg+0x397/0x490 net/socket.c:3034\n x64_sys_call+0xf6c/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:300\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3804 [inline]\n slab_alloc_node mm/slub.c:3845 [inline]\n kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577\n __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668\n alloc_skb include/linux/skbuff.h:1313 [inline]\n alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504\n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795\n sock_alloc_send_skb include/net/sock.h:1842 [inline]\n j1939_sk_alloc_skb net/can/j1939/socket.c:878 [inline]\n j1939_sk_send_loop net/can/j1939/socket.c:1142 [inline]\n j1939_sk_sendmsg+0xc0a/0x2730 net/can/j1939/socket.c:1277\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:745\n ____sys_sendmsg+0x877/0xb60 net/socket.c:2584\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n __sys_sendmsg net/socket.c:2667 [inline]\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2674\n x64_sys_call+0xc4b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nBytes 12-15 of 16 are uninitialized\nMemory access of size 16 starts at ffff888120969690\nData copied to user address 00000000200017c0\n\nCPU: 1 PID: 5050 Comm: syz-executor198 Not tainted 6.9.0-rc5-syzkaller-00031-g71b1543c83d6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42076",
"url": "https://www.suse.com/security/cve/CVE-2024-42076"
},
{
"category": "external",
"summary": "SUSE Bug 1228484 for CVE-2024-42076",
"url": "https://bugzilla.suse.com/1228484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42076"
},
{
"cve": "CVE-2024-42077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix DIO failure due to insufficient transaction credits\n\nThe code in ocfs2_dio_end_io_write() estimates number of necessary\ntransaction credits using ocfs2_calc_extend_credits(). This however does\nnot take into account that the IO could be arbitrarily large and can\ncontain arbitrary number of extents.\n\nExtent tree manipulations do often extend the current transaction but not\nin all of the cases. For example if we have only single block extents in\nthe tree, ocfs2_mark_extent_written() will end up calling\nocfs2_replace_extent_rec() all the time and we will never extend the\ncurrent transaction and eventually exhaust all the transaction credits if\nthe IO contains many single block extents. Once that happens a\nWARN_ON(jbd2_handle_buffer_credits(handle) \u003c= 0) is triggered in\njbd2_journal_dirty_metadata() and subsequently OCFS2 aborts in response to\nthis error. This was actually triggered by one of our customers on a\nheavily fragmented OCFS2 filesystem.\n\nTo fix the issue make sure the transaction always has enough credits for\none extent insert before each call of ocfs2_mark_extent_written().\n\nHeming Zhao said:\n\n------\nPANIC: \"Kernel panic - not syncing: OCFS2: (device dm-1): panic forced after error\"\n\nPID: xxx TASK: xxxx CPU: 5 COMMAND: \"SubmitThread-CA\"\n #0 machine_kexec at ffffffff8c069932\n #1 __crash_kexec at ffffffff8c1338fa\n #2 panic at ffffffff8c1d69b9\n #3 ocfs2_handle_error at ffffffffc0c86c0c [ocfs2]\n #4 __ocfs2_abort at ffffffffc0c88387 [ocfs2]\n #5 ocfs2_journal_dirty at ffffffffc0c51e98 [ocfs2]\n #6 ocfs2_split_extent at ffffffffc0c27ea3 [ocfs2]\n #7 ocfs2_change_extent_flag at ffffffffc0c28053 [ocfs2]\n #8 ocfs2_mark_extent_written at ffffffffc0c28347 [ocfs2]\n #9 ocfs2_dio_end_io_write at ffffffffc0c2bef9 [ocfs2]\n#10 ocfs2_dio_end_io at ffffffffc0c2c0f5 [ocfs2]\n#11 dio_complete at ffffffff8c2b9fa7\n#12 do_blockdev_direct_IO at ffffffff8c2bc09f\n#13 ocfs2_direct_IO at ffffffffc0c2b653 [ocfs2]\n#14 generic_file_direct_write at ffffffff8c1dcf14\n#15 __generic_file_write_iter at ffffffff8c1dd07b\n#16 ocfs2_file_write_iter at ffffffffc0c49f1f [ocfs2]\n#17 aio_write at ffffffff8c2cc72e\n#18 kmem_cache_alloc at ffffffff8c248dde\n#19 do_io_submit at ffffffff8c2ccada\n#20 do_syscall_64 at ffffffff8c004984\n#21 entry_SYSCALL_64_after_hwframe at ffffffff8c8000ba",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42077",
"url": "https://www.suse.com/security/cve/CVE-2024-42077"
},
{
"category": "external",
"summary": "SUSE Bug 1228516 for CVE-2024-42077",
"url": "https://bugzilla.suse.com/1228516"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42077"
},
{
"cve": "CVE-2024-42079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix NULL pointer dereference in gfs2_log_flush\n\nIn gfs2_jindex_free(), set sdp-\u003esd_jdesc to NULL under the log flush\nlock to provide exclusion against gfs2_log_flush().\n\nIn gfs2_log_flush(), check if sdp-\u003esd_jdesc is non-NULL before\ndereferencing it. Otherwise, we could run into a NULL pointer\ndereference when outstanding glock work races with an unmount\n(glock_work_func -\u003e run_queue -\u003e do_xmote -\u003e inode_go_sync -\u003e\ngfs2_log_flush).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42079",
"url": "https://www.suse.com/security/cve/CVE-2024-42079"
},
{
"category": "external",
"summary": "SUSE Bug 1228672 for CVE-2024-42079",
"url": "https://bugzilla.suse.com/1228672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42079"
},
{
"cve": "CVE-2024-42080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/restrack: Fix potential invalid address access\n\nstruct rdma_restrack_entry\u0027s kern_name was set to KBUILD_MODNAME\nin ib_create_cq(), while if the module exited but forgot del this\nrdma_restrack_entry, it would cause a invalid address access in\nrdma_restrack_clean() when print the owner of this rdma_restrack_entry.\n\nThese code is used to help find one forgotten PD release in one of the\nULPs. But it is not needed anymore, so delete them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42080",
"url": "https://www.suse.com/security/cve/CVE-2024-42080"
},
{
"category": "external",
"summary": "SUSE Bug 1228673 for CVE-2024-42080",
"url": "https://bugzilla.suse.com/1228673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42080"
},
{
"cve": "CVE-2024-42082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: Remove WARN() from __xdp_reg_mem_model()\n\nsyzkaller reports a warning in __xdp_reg_mem_model().\n\nThe warning occurs only if __mem_id_init_hash_table() returns an error. It\nreturns the error in two cases:\n\n 1. memory allocation fails;\n 2. rhashtable_init() fails when some fields of rhashtable_params\n struct are not initialized properly.\n\nThe second case cannot happen since there is a static const rhashtable_params\nstruct with valid fields. So, warning is only triggered when there is a\nproblem with memory allocation.\n\nThus, there is no sense in using WARN() to handle this error and it can be\nsafely removed.\n\nWARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299\n\nCPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299\n\nCall Trace:\n xdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344\n xdp_test_run_setup net/bpf/test_run.c:188 [inline]\n bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377\n bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267\n bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240\n __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649\n __do_sys_bpf kernel/bpf/syscall.c:5738 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5736 [inline]\n __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nFound by Linux Verification Center (linuxtesting.org) with syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42082",
"url": "https://www.suse.com/security/cve/CVE-2024-42082"
},
{
"category": "external",
"summary": "SUSE Bug 1228482 for CVE-2024-42082",
"url": "https://bugzilla.suse.com/1228482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42082"
},
{
"cve": "CVE-2024-42085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock\n\nWhen config CONFIG_USB_DWC3_DUAL_ROLE is selected, and trigger system\nto enter suspend status with below command:\necho mem \u003e /sys/power/state\nThere will be a deadlock issue occurring. Detailed invoking path as\nbelow:\ndwc3_suspend_common()\n spin_lock_irqsave(\u0026dwc-\u003elock, flags); \u003c-- 1st\n dwc3_gadget_suspend(dwc);\n dwc3_gadget_soft_disconnect(dwc);\n spin_lock_irqsave(\u0026dwc-\u003elock, flags); \u003c-- 2nd\nThis issue is exposed by commit c7ebd8149ee5 (\"usb: dwc3: gadget: Fix\nNULL pointer dereference in dwc3_gadget_suspend\") that removes the code\nof checking whether dwc-\u003egadget_driver is NULL or not. It causes the\nfollowing code is executed and deadlock occurs when trying to get the\nspinlock. In fact, the root cause is the commit 5265397f9442(\"usb: dwc3:\nRemove DWC3 locking during gadget suspend/resume\") that forgot to remove\nthe lock of otg mode. So, remove the redundant lock of otg mode during\ngadget suspend/resume.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42085",
"url": "https://www.suse.com/security/cve/CVE-2024-42085"
},
{
"category": "external",
"summary": "SUSE Bug 1228456 for CVE-2024-42085",
"url": "https://bugzilla.suse.com/1228456"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42085"
},
{
"cve": "CVE-2024-42086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42086"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: chemical: bme680: Fix overflows in compensate() functions\n\nThere are cases in the compensate functions of the driver that\nthere could be overflows of variables due to bit shifting ops.\nThese implications were initially discussed here [1] and they\nwere mentioned in log message of Commit 1b3bd8592780 (\"iio:\nchemical: Add support for Bosch BME680 sensor\").\n\n[1]: https://lore.kernel.org/linux-iio/20180728114028.3c1bbe81@archlinux/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42086",
"url": "https://www.suse.com/security/cve/CVE-2024-42086"
},
{
"category": "external",
"summary": "SUSE Bug 1228452 for CVE-2024-42086",
"url": "https://bugzilla.suse.com/1228452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42086"
},
{
"cve": "CVE-2024-42087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep\n\nThe ilitek-ili9881c controls the reset GPIO using the non-sleeping\ngpiod_set_value() function. This complains loudly when the GPIO\ncontroller needs to sleep. As the caller can sleep, use\ngpiod_set_value_cansleep() to fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42087",
"url": "https://www.suse.com/security/cve/CVE-2024-42087"
},
{
"category": "external",
"summary": "SUSE Bug 1228677 for CVE-2024-42087",
"url": "https://bugzilla.suse.com/1228677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42087"
},
{
"cve": "CVE-2024-42089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl-asoc-card: set priv-\u003epdev before using it\n\npriv-\u003epdev pointer was set after being used in\nfsl_asoc_card_audmux_init().\nMove this assignment at the start of the probe function, so\nsub-functions can correctly use pdev through priv.\n\nfsl_asoc_card_audmux_init() dereferences priv-\u003epdev to get access to the\ndev struct, used with dev_err macros.\nAs priv is zero-initialised, there would be a NULL pointer dereference.\nNote that if priv-\u003edev is dereferenced before assignment but never used,\nfor example if there is no error to be printed, the driver won\u0027t crash\nprobably due to compiler optimisations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42089",
"url": "https://www.suse.com/security/cve/CVE-2024-42089"
},
{
"category": "external",
"summary": "SUSE Bug 1228450 for CVE-2024-42089",
"url": "https://bugzilla.suse.com/1228450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42089"
},
{
"cve": "CVE-2024-42090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER\n\nIn create_pinctrl(), pinctrl_maps_mutex is acquired before calling\nadd_setting(). If add_setting() returns -EPROBE_DEFER, create_pinctrl()\ncalls pinctrl_free(). However, pinctrl_free() attempts to acquire\npinctrl_maps_mutex, which is already held by create_pinctrl(), leading to\na potential deadlock.\n\nThis patch resolves the issue by releasing pinctrl_maps_mutex before\ncalling pinctrl_free(), preventing the deadlock.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42090",
"url": "https://www.suse.com/security/cve/CVE-2024-42090"
},
{
"category": "external",
"summary": "SUSE Bug 1228449 for CVE-2024-42090",
"url": "https://bugzilla.suse.com/1228449"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42090"
},
{
"cve": "CVE-2024-42092",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42092"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: davinci: Validate the obtained number of IRQs\n\nValue of pdata-\u003egpio_unbanked is taken from Device Tree. In case of broken\nDT due to any error this value can be any. Without this value validation\nthere can be out of chips-\u003eirqs array boundaries access in\ndavinci_gpio_probe().\n\nValidate the obtained nirq value so that it won\u0027t exceed the maximum\nnumber of IRQs per bank.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42092",
"url": "https://www.suse.com/security/cve/CVE-2024-42092"
},
{
"category": "external",
"summary": "SUSE Bug 1228447 for CVE-2024-42092",
"url": "https://bugzilla.suse.com/1228447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42092"
},
{
"cve": "CVE-2024-42093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42093"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/dpaa2: Avoid explicit cpumask var allocation on stack\n\nFor CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask\nvariable on stack is not recommended since it can cause potential stack\noverflow.\n\nInstead, kernel code should always use *cpumask_var API(s) to allocate\ncpumask var in config-neutral way, leaving allocation strategy to\nCONFIG_CPUMASK_OFFSTACK.\n\nUse *cpumask_var API(s) to address it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42093",
"url": "https://www.suse.com/security/cve/CVE-2024-42093"
},
{
"category": "external",
"summary": "SUSE Bug 1228680 for CVE-2024-42093",
"url": "https://bugzilla.suse.com/1228680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42093"
},
{
"cve": "CVE-2024-42095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250_omap: Implementation of Errata i2310\n\nAs per Errata i2310[0], Erroneous timeout can be triggered,\nif this Erroneous interrupt is not cleared then it may leads\nto storm of interrupts, therefore apply Errata i2310 solution.\n\n[0] https://www.ti.com/lit/pdf/sprz536 page 23",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42095",
"url": "https://www.suse.com/security/cve/CVE-2024-42095"
},
{
"category": "external",
"summary": "SUSE Bug 1228446 for CVE-2024-42095",
"url": "https://bugzilla.suse.com/1228446"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42095"
},
{
"cve": "CVE-2024-42096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86: stop playing stack games in profile_pc()\n\nThe \u0027profile_pc()\u0027 function is used for timer-based profiling, which\nisn\u0027t really all that relevant any more to begin with, but it also ends\nup making assumptions based on the stack layout that aren\u0027t necessarily\nvalid.\n\nBasically, the code tries to account the time spent in spinlocks to the\ncaller rather than the spinlock, and while I support that as a concept,\nit\u0027s not worth the code complexity or the KASAN warnings when no serious\nprofiling is done using timers anyway these days.\n\nAnd the code really does depend on stack layout that is only true in the\nsimplest of cases. We\u0027ve lost the comment at some point (I think when\nthe 32-bit and 64-bit code was unified), but it used to say:\n\n\tAssume the lock function has either no stack frame or a copy\n\tof eflags from PUSHF.\n\nwhich explains why it just blindly loads a word or two straight off the\nstack pointer and then takes a minimal look at the values to just check\nif they might be eflags or the return pc:\n\n\tEflags always has bits 22 and up cleared unlike kernel addresses\n\nbut that basic stack layout assumption assumes that there isn\u0027t any lock\ndebugging etc going on that would complicate the code and cause a stack\nframe.\n\nIt causes KASAN unhappiness reported for years by syzkaller [1] and\nothers [2].\n\nWith no real practical reason for this any more, just remove the code.\n\nJust for historical interest, here\u0027s some background commits relating to\nthis code from 2006:\n\n 0cb91a229364 (\"i386: Account spinlocks to the caller during profiling for !FP kernels\")\n 31679f38d886 (\"Simplify profile_pc on x86-64\")\n\nand a code unification from 2009:\n\n ef4512882dbe (\"x86: time_32/64.c unify profile_pc\")\n\nbut the basics of this thing actually goes back to before the git tree.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42096",
"url": "https://www.suse.com/security/cve/CVE-2024-42096"
},
{
"category": "external",
"summary": "SUSE Bug 1228633 for CVE-2024-42096",
"url": "https://bugzilla.suse.com/1228633"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42096"
},
{
"cve": "CVE-2024-42097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42097"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: emux: improve patch ioctl data validation\n\nIn load_data(), make the validation of and skipping over the main info\nblock match that in load_guspatch().\n\nIn load_guspatch(), add checking that the specified patch length matches\nthe actually supplied data, like load_data() already did.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42097",
"url": "https://www.suse.com/security/cve/CVE-2024-42097"
},
{
"category": "external",
"summary": "SUSE Bug 1228766 for CVE-2024-42097",
"url": "https://bugzilla.suse.com/1228766"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42097"
},
{
"cve": "CVE-2024-42098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42098"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ecdh - explicitly zeroize private_key\n\nprivate_key is overwritten with the key parameter passed in by the\ncaller (if present), or alternatively a newly generated private key.\nHowever, it is possible that the caller provides a key (or the newly\ngenerated key) which is shorter than the previous key. In that\nscenario, some key material from the previous key would not be\noverwritten. The easiest solution is to explicitly zeroize the entire\nprivate_key array first.\n\nNote that this patch slightly changes the behavior of this function:\npreviously, if the ecc_gen_privkey failed, the old private_key would\nremain. Now, the private_key is always zeroized. This behavior is\nconsistent with the case where params.key is set and ecc_is_key_valid\nfails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42098",
"url": "https://www.suse.com/security/cve/CVE-2024-42098"
},
{
"category": "external",
"summary": "SUSE Bug 1228779 for CVE-2024-42098",
"url": "https://bugzilla.suse.com/1228779"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42098"
},
{
"cve": "CVE-2024-42101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42101"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix null pointer dereference in nouveau_connector_get_modes\n\nIn nouveau_connector_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a possible NULL pointer\ndereference on failure of drm_mode_duplicate(). Add a check to avoid npd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42101",
"url": "https://www.suse.com/security/cve/CVE-2024-42101"
},
{
"category": "external",
"summary": "SUSE Bug 1228495 for CVE-2024-42101",
"url": "https://bugzilla.suse.com/1228495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42101"
},
{
"cve": "CVE-2024-42104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42104"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: add missing check for inode numbers on directory entries\n\nSyzbot reported that mounting and unmounting a specific pattern of\ncorrupted nilfs2 filesystem images causes a use-after-free of metadata\nfile inodes, which triggers a kernel bug in lru_add_fn().\n\nAs Jan Kara pointed out, this is because the link count of a metadata file\ngets corrupted to 0, and nilfs_evict_inode(), which is called from iput(),\ntries to delete that inode (ifile inode in this case).\n\nThe inconsistency occurs because directories containing the inode numbers\nof these metadata files that should not be visible in the namespace are\nread without checking.\n\nFix this issue by treating the inode numbers of these internal files as\nerrors in the sanity check helper when reading directory folios/pages.\n\nAlso thanks to Hillf Danton and Matthew Wilcox for their initial mm-layer\nanalysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42104",
"url": "https://www.suse.com/security/cve/CVE-2024-42104"
},
{
"category": "external",
"summary": "SUSE Bug 1228654 for CVE-2024-42104",
"url": "https://bugzilla.suse.com/1228654"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42104"
},
{
"cve": "CVE-2024-42105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42105"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix inode number range checks\n\nPatch series \"nilfs2: fix potential issues related to reserved inodes\".\n\nThis series fixes one use-after-free issue reported by syzbot, caused by\nnilfs2\u0027s internal inode being exposed in the namespace on a corrupted\nfilesystem, and a couple of flaws that cause problems if the starting\nnumber of non-reserved inodes written in the on-disk super block is\nintentionally (or corruptly) changed from its default value. \n\n\nThis patch (of 3):\n\nIn the current implementation of nilfs2, \"nilfs-\u003ens_first_ino\", which\ngives the first non-reserved inode number, is read from the superblock,\nbut its lower limit is not checked.\n\nAs a result, if a number that overlaps with the inode number range of\nreserved inodes such as the root directory or metadata files is set in the\nsuper block parameter, the inode number test macros (NILFS_MDT_INODE and\nNILFS_VALID_INODE) will not function properly.\n\nIn addition, these test macros use left bit-shift calculations using with\nthe inode number as the shift count via the BIT macro, but the result of a\nshift calculation that exceeds the bit width of an integer is undefined in\nthe C specification, so if \"ns_first_ino\" is set to a large value other\nthan the default value NILFS_USER_INO (=11), the macros may potentially\nmalfunction depending on the environment.\n\nFix these issues by checking the lower bound of \"nilfs-\u003ens_first_ino\" and\nby preventing bit shifts equal to or greater than the NILFS_USER_INO\nconstant in the inode number test macros.\n\nAlso, change the type of \"ns_first_ino\" from signed integer to unsigned\ninteger to avoid the need for type casting in comparisons such as the\nlower bound check introduced this time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42105",
"url": "https://www.suse.com/security/cve/CVE-2024-42105"
},
{
"category": "external",
"summary": "SUSE Bug 1228665 for CVE-2024-42105",
"url": "https://bugzilla.suse.com/1228665"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42105"
},
{
"cve": "CVE-2024-42106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42106"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ninet_diag: Initialize pad field in struct inet_diag_req_v2\n\nKMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw\nsockets uses the pad field in struct inet_diag_req_v2 for the\nunderlying protocol. This field corresponds to the sdiag_raw_protocol\nfield in struct inet_diag_req_raw.\n\ninet_diag_get_exact_compat() converts inet_diag_req to\ninet_diag_req_v2, but leaves the pad field uninitialized. So the issue\noccurs when raw_lookup() accesses the sdiag_raw_protocol field.\n\nFix this by initializing the pad field in\ninet_diag_get_exact_compat(). Also, do the same fix in\ninet_diag_dump_compat() to avoid the similar issue in the future.\n\n[1]\nBUG: KMSAN: uninit-value in raw_lookup net/ipv4/raw_diag.c:49 [inline]\nBUG: KMSAN: uninit-value in raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71\n raw_lookup net/ipv4/raw_diag.c:49 [inline]\n raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71\n raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99\n inet_diag_cmd_exact+0x7d9/0x980\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]\n inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x332/0x3d0 net/socket.c:745\n ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639\n __sys_sendmsg net/socket.c:2668 [inline]\n __do_sys_sendmsg net/socket.c:2677 [inline]\n __se_sys_sendmsg net/socket.c:2675 [inline]\n __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675\n x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was stored to memory at:\n raw_sock_get+0x650/0x800 net/ipv4/raw_diag.c:71\n raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99\n inet_diag_cmd_exact+0x7d9/0x980\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]\n inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x332/0x3d0 net/socket.c:745\n ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639\n __sys_sendmsg net/socket.c:2668 [inline]\n __do_sys_sendmsg net/socket.c:2677 [inline]\n __se_sys_sendmsg net/socket.c:2675 [inline]\n __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675\n x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable req.i created at:\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1396 [inline]\n inet_diag_rcv_msg_compat+0x2a6/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n\nCPU: 1 PID: 8888 Comm: syz-executor.6 Not tainted 6.10.0-rc4-00217-g35bb670d65fc #32\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42106",
"url": "https://www.suse.com/security/cve/CVE-2024-42106"
},
{
"category": "external",
"summary": "SUSE Bug 1228493 for CVE-2024-42106",
"url": "https://bugzilla.suse.com/1228493"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42106"
},
{
"cve": "CVE-2024-42107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42107"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don\u0027t process extts if PTP is disabled\n\nThe ice_ptp_extts_event() function can race with ice_ptp_release() and\nresult in a NULL pointer dereference which leads to a kernel panic.\n\nPanic occurs because the ice_ptp_extts_event() function calls\nptp_clock_event() with a NULL pointer. The ice driver has already\nreleased the PTP clock by the time the interrupt for the next external\ntimestamp event occurs.\n\nTo fix this, modify the ice_ptp_extts_event() function to check the\nPTP state and bail early if PTP is not ready.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42107",
"url": "https://www.suse.com/security/cve/CVE-2024-42107"
},
{
"category": "external",
"summary": "SUSE Bug 1228494 for CVE-2024-42107",
"url": "https://bugzilla.suse.com/1228494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42107"
},
{
"cve": "CVE-2024-42109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42109"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: unconditionally flush pending work before notifier\n\nsyzbot reports:\n\nKASAN: slab-uaf in nft_ctx_update include/net/netfilter/nf_tables.h:1831\nKASAN: slab-uaf in nft_commit_release net/netfilter/nf_tables_api.c:9530\nKASAN: slab-uaf int nf_tables_trans_destroy_work+0x152b/0x1750 net/netfilter/nf_tables_api.c:9597\nRead of size 2 at addr ffff88802b0051c4 by task kworker/1:1/45\n[..]\nWorkqueue: events nf_tables_trans_destroy_work\nCall Trace:\n nft_ctx_update include/net/netfilter/nf_tables.h:1831 [inline]\n nft_commit_release net/netfilter/nf_tables_api.c:9530 [inline]\n nf_tables_trans_destroy_work+0x152b/0x1750 net/netfilter/nf_tables_api.c:9597\n\nProblem is that the notifier does a conditional flush, but its possible\nthat the table-to-be-removed is still referenced by transactions being\nprocessed by the worker, so we need to flush unconditionally.\n\nWe could make the flush_work depend on whether we found a table to delete\nin nf-next to avoid the flush for most cases.\n\nAFAICS this problem is only exposed in nf-next, with\ncommit e169285f8c56 (\"netfilter: nf_tables: do not store nft_ctx in transaction objects\"),\nwith this commit applied there is an unconditional fetch of\ntable-\u003efamily which is whats triggering the above splat.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42109",
"url": "https://www.suse.com/security/cve/CVE-2024-42109"
},
{
"category": "external",
"summary": "SUSE Bug 1228505 for CVE-2024-42109",
"url": "https://bugzilla.suse.com/1228505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42109"
},
{
"cve": "CVE-2024-42110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()\n\nThe following is emitted when using idxd (DSA) dmanegine as the data\nmover for ntb_transport that ntb_netdev uses.\n\n[74412.546922] BUG: using smp_processor_id() in preemptible [00000000] code: irq/52-idxd-por/14526\n[74412.556784] caller is netif_rx_internal+0x42/0x130\n[74412.562282] CPU: 6 PID: 14526 Comm: irq/52-idxd-por Not tainted 6.9.5 #5\n[74412.569870] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.E9I.1752.P05.2402080856 02/08/2024\n[74412.581699] Call Trace:\n[74412.584514] \u003cTASK\u003e\n[74412.586933] dump_stack_lvl+0x55/0x70\n[74412.591129] check_preemption_disabled+0xc8/0xf0\n[74412.596374] netif_rx_internal+0x42/0x130\n[74412.600957] __netif_rx+0x20/0xd0\n[74412.604743] ntb_netdev_rx_handler+0x66/0x150 [ntb_netdev]\n[74412.610985] ntb_complete_rxc+0xed/0x140 [ntb_transport]\n[74412.617010] ntb_rx_copy_callback+0x53/0x80 [ntb_transport]\n[74412.623332] idxd_dma_complete_txd+0xe3/0x160 [idxd]\n[74412.628963] idxd_wq_thread+0x1a6/0x2b0 [idxd]\n[74412.634046] irq_thread_fn+0x21/0x60\n[74412.638134] ? irq_thread+0xa8/0x290\n[74412.642218] irq_thread+0x1a0/0x290\n[74412.646212] ? __pfx_irq_thread_fn+0x10/0x10\n[74412.651071] ? __pfx_irq_thread_dtor+0x10/0x10\n[74412.656117] ? __pfx_irq_thread+0x10/0x10\n[74412.660686] kthread+0x100/0x130\n[74412.664384] ? __pfx_kthread+0x10/0x10\n[74412.668639] ret_from_fork+0x31/0x50\n[74412.672716] ? __pfx_kthread+0x10/0x10\n[74412.676978] ret_from_fork_asm+0x1a/0x30\n[74412.681457] \u003c/TASK\u003e\n\nThe cause is due to the idxd driver interrupt completion handler uses\nthreaded interrupt and the threaded handler is not hard or soft interrupt\ncontext. However __netif_rx() can only be called from interrupt context.\nChange the call to netif_rx() in order to allow completion via normal\ncontext for dmaengine drivers that utilize threaded irq handling.\n\nWhile the following commit changed from netif_rx() to __netif_rx(),\nbaebdf48c360 (\"net: dev: Makes sure netif_rx() can be invoked in any context.\"),\nthe change should\u0027ve been a noop instead. However, the code precedes this\nfix should\u0027ve been using netif_rx_ni() or netif_rx_any_context().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42110",
"url": "https://www.suse.com/security/cve/CVE-2024-42110"
},
{
"category": "external",
"summary": "SUSE Bug 1228501 for CVE-2024-42110",
"url": "https://bugzilla.suse.com/1228501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42110"
},
{
"cve": "CVE-2024-42113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42113"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: txgbe: initialize num_q_vectors for MSI/INTx interrupts\n\nWhen using MSI/INTx interrupts, wx-\u003enum_q_vectors is uninitialized.\nThus there will be kernel panic in wx_alloc_q_vectors() to allocate\nqueue vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42113",
"url": "https://www.suse.com/security/cve/CVE-2024-42113"
},
{
"category": "external",
"summary": "SUSE Bug 1228568 for CVE-2024-42113",
"url": "https://bugzilla.suse.com/1228568"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42113"
},
{
"cve": "CVE-2024-42114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42114"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values\n\nsyzbot is able to trigger softlockups, setting NL80211_ATTR_TXQ_QUANTUM\nto 2^31.\n\nWe had a similar issue in sch_fq, fixed with commit\nd9e15a273306 (\"pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM\")\n\nwatchdog: BUG: soft lockup - CPU#1 stuck for 26s! [kworker/1:0:24]\nModules linked in:\nirq event stamp: 131135\n hardirqs last enabled at (131134): [\u003cffff80008ae8778c\u003e] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:85 [inline]\n hardirqs last enabled at (131134): [\u003cffff80008ae8778c\u003e] exit_to_kernel_mode+0xdc/0x10c arch/arm64/kernel/entry-common.c:95\n hardirqs last disabled at (131135): [\u003cffff80008ae85378\u003e] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\n hardirqs last disabled at (131135): [\u003cffff80008ae85378\u003e] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\n softirqs last enabled at (125892): [\u003cffff80008907e82c\u003e] neigh_hh_init net/core/neighbour.c:1538 [inline]\n softirqs last enabled at (125892): [\u003cffff80008907e82c\u003e] neigh_resolve_output+0x268/0x658 net/core/neighbour.c:1553\n softirqs last disabled at (125896): [\u003cffff80008904166c\u003e] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19\nCPU: 1 PID: 24 Comm: kworker/1:0 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nWorkqueue: mld mld_ifc_work\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __list_del include/linux/list.h:195 [inline]\n pc : __list_del_entry include/linux/list.h:218 [inline]\n pc : list_move_tail include/linux/list.h:310 [inline]\n pc : fq_tin_dequeue include/net/fq_impl.h:112 [inline]\n pc : ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854\n lr : __list_del_entry include/linux/list.h:218 [inline]\n lr : list_move_tail include/linux/list.h:310 [inline]\n lr : fq_tin_dequeue include/net/fq_impl.h:112 [inline]\n lr : ieee80211_tx_dequeue+0x67c/0x3b4c net/mac80211/tx.c:3854\nsp : ffff800093d36700\nx29: ffff800093d36a60 x28: ffff800093d36960 x27: dfff800000000000\nx26: ffff0000d800ad50 x25: ffff0000d800abe0 x24: ffff0000d800abf0\nx23: ffff0000e0032468 x22: ffff0000e00324d4 x21: ffff0000d800abf0\nx20: ffff0000d800abf8 x19: ffff0000d800abf0 x18: ffff800093d363c0\nx17: 000000000000d476 x16: ffff8000805519dc x15: ffff7000127a6cc8\nx14: 1ffff000127a6cc8 x13: 0000000000000004 x12: ffffffffffffffff\nx11: ffff7000127a6cc8 x10: 0000000000ff0100 x9 : 0000000000000000\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffff80009287aa08 x4 : 0000000000000008 x3 : ffff80008034c7fc\nx2 : ffff0000e0032468 x1 : 00000000da0e46b8 x0 : ffff0000e0032470\nCall trace:\n __list_del include/linux/list.h:195 [inline]\n __list_del_entry include/linux/list.h:218 [inline]\n list_move_tail include/linux/list.h:310 [inline]\n fq_tin_dequeue include/net/fq_impl.h:112 [inline]\n ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854\n wake_tx_push_queue net/mac80211/util.c:294 [inline]\n ieee80211_handle_wake_tx_queue+0x118/0x274 net/mac80211/util.c:315\n drv_wake_tx_queue net/mac80211/driver-ops.h:1350 [inline]\n schedule_and_wake_txq net/mac80211/driver-ops.h:1357 [inline]\n ieee80211_queue_skb+0x18e8/0x2244 net/mac80211/tx.c:1664\n ieee80211_tx+0x260/0x400 net/mac80211/tx.c:1966\n ieee80211_xmit+0x278/0x354 net/mac80211/tx.c:2062\n __ieee80211_subif_start_xmit+0xab8/0x122c net/mac80211/tx.c:4338\n ieee80211_subif_start_xmit+0xe0/0x438 net/mac80211/tx.c:4532\n __netdev_start_xmit include/linux/netdevice.h:4903 [inline]\n netdev_start_xmit include/linux/netdevice.h:4917 [inline]\n xmit_one net/core/dev.c:3531 [inline]\n dev_hard_start_xmit+0x27c/0x938 net/core/dev.c:3547\n __dev_queue_xmit+0x1678/0x33fc net/core/dev.c:4341\n dev_queue_xmit include/linux/netdevice.h:3091 [inline]\n neigh_resolve_output+0x558/0x658 net/core/neighbour.c:1563\n neigh_output include/net/neighbour.h:542 [inline]\n ip6_fini\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42114",
"url": "https://www.suse.com/security/cve/CVE-2024-42114"
},
{
"category": "external",
"summary": "SUSE Bug 1228564 for CVE-2024-42114",
"url": "https://bugzilla.suse.com/1228564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42114"
},
{
"cve": "CVE-2024-42115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: Fix potential illegal address access in jffs2_free_inode\n\nDuring the stress testing of the jffs2 file system,the following\nabnormal printouts were found:\n[ 2430.649000] Unable to handle kernel paging request at virtual address 0069696969696948\n[ 2430.649622] Mem abort info:\n[ 2430.649829] ESR = 0x96000004\n[ 2430.650115] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 2430.650564] SET = 0, FnV = 0\n[ 2430.650795] EA = 0, S1PTW = 0\n[ 2430.651032] FSC = 0x04: level 0 translation fault\n[ 2430.651446] Data abort info:\n[ 2430.651683] ISV = 0, ISS = 0x00000004\n[ 2430.652001] CM = 0, WnR = 0\n[ 2430.652558] [0069696969696948] address between user and kernel address ranges\n[ 2430.653265] Internal error: Oops: 96000004 [#1] PREEMPT SMP\n[ 2430.654512] CPU: 2 PID: 20919 Comm: cat Not tainted 5.15.25-g512f31242bf6 #33\n[ 2430.655008] Hardware name: linux,dummy-virt (DT)\n[ 2430.655517] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 2430.656142] pc : kfree+0x78/0x348\n[ 2430.656630] lr : jffs2_free_inode+0x24/0x48\n[ 2430.657051] sp : ffff800009eebd10\n[ 2430.657355] x29: ffff800009eebd10 x28: 0000000000000001 x27: 0000000000000000\n[ 2430.658327] x26: ffff000038f09d80 x25: 0080000000000000 x24: ffff800009d38000\n[ 2430.658919] x23: 5a5a5a5a5a5a5a5a x22: ffff000038f09d80 x21: ffff8000084f0d14\n[ 2430.659434] x20: ffff0000bf9a6ac0 x19: 0169696969696940 x18: 0000000000000000\n[ 2430.659969] x17: ffff8000b6506000 x16: ffff800009eec000 x15: 0000000000004000\n[ 2430.660637] x14: 0000000000000000 x13: 00000001000820a1 x12: 00000000000d1b19\n[ 2430.661345] x11: 0004000800000000 x10: 0000000000000001 x9 : ffff8000084f0d14\n[ 2430.662025] x8 : ffff0000bf9a6b40 x7 : ffff0000bf9a6b48 x6 : 0000000003470302\n[ 2430.662695] x5 : ffff00002e41dcc0 x4 : ffff0000bf9aa3b0 x3 : 0000000003470342\n[ 2430.663486] x2 : 0000000000000000 x1 : ffff8000084f0d14 x0 : fffffc0000000000\n[ 2430.664217] Call trace:\n[ 2430.664528] kfree+0x78/0x348\n[ 2430.664855] jffs2_free_inode+0x24/0x48\n[ 2430.665233] i_callback+0x24/0x50\n[ 2430.665528] rcu_do_batch+0x1ac/0x448\n[ 2430.665892] rcu_core+0x28c/0x3c8\n[ 2430.666151] rcu_core_si+0x18/0x28\n[ 2430.666473] __do_softirq+0x138/0x3cc\n[ 2430.666781] irq_exit+0xf0/0x110\n[ 2430.667065] handle_domain_irq+0x6c/0x98\n[ 2430.667447] gic_handle_irq+0xac/0xe8\n[ 2430.667739] call_on_irq_stack+0x28/0x54\nThe parameter passed to kfree was 5a5a5a5a, which corresponds to the target field of\nthe jffs_inode_info structure. It was found that all variables in the jffs_inode_info\nstructure were 5a5a5a5a, except for the first member sem. It is suspected that these\nvariables are not initialized because they were set to 5a5a5a5a during memory testing,\nwhich is meant to detect uninitialized memory.The sem variable is initialized in the\nfunction jffs2_i_init_once, while other members are initialized in\nthe function jffs2_init_inode_info.\n\nThe function jffs2_init_inode_info is called after iget_locked,\nbut in the iget_locked function, the destroy_inode process is triggered,\nwhich releases the inode and consequently, the target member of the inode\nis not initialized.In concurrent high pressure scenarios, iget_locked\nmay enter the destroy_inode branch as described in the code.\n\nSince the destroy_inode functionality of jffs2 only releases the target,\nthe fix method is to set target to NULL in jffs2_i_init_once.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42115",
"url": "https://www.suse.com/security/cve/CVE-2024-42115"
},
{
"category": "external",
"summary": "SUSE Bug 1228656 for CVE-2024-42115",
"url": "https://bugzilla.suse.com/1228656"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42115"
},
{
"cve": "CVE-2024-42117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42117"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: ASSERT when failing to find index by plane/stream id\n\n[WHY]\nfind_disp_cfg_idx_by_plane_id and find_disp_cfg_idx_by_stream_id returns\nan array index and they return -1 when not found; however, -1 is not a\nvalid index number.\n\n[HOW]\nWhen this happens, call ASSERT(), and return a positive number (which is\nfewer than callers\u0027 array size) instead.\n\nThis fixes 4 OVERRUN and 2 NEGATIVE_RETURNS issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42117",
"url": "https://www.suse.com/security/cve/CVE-2024-42117"
},
{
"category": "external",
"summary": "SUSE Bug 1228582 for CVE-2024-42117",
"url": "https://bugzilla.suse.com/1228582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "low"
}
],
"title": "CVE-2024-42117"
},
{
"cve": "CVE-2024-42119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42119"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip finding free audio for unknown engine_id\n\n[WHY]\nENGINE_ID_UNKNOWN = -1 and can not be used as an array index. Plus, it\nalso means it is uninitialized and does not need free audio.\n\n[HOW]\nSkip and return NULL.\n\nThis fixes 2 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42119",
"url": "https://www.suse.com/security/cve/CVE-2024-42119"
},
{
"category": "external",
"summary": "SUSE Bug 1228584 for CVE-2024-42119",
"url": "https://bugzilla.suse.com/1228584"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42119"
},
{
"cve": "CVE-2024-42120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42120"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check pipe offset before setting vblank\n\npipe_ctx has a size of MAX_PIPES so checking its index before accessing\nthe array.\n\nThis fixes an OVERRUN issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42120",
"url": "https://www.suse.com/security/cve/CVE-2024-42120"
},
{
"category": "external",
"summary": "SUSE Bug 1228588 for CVE-2024-42120",
"url": "https://bugzilla.suse.com/1228588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42120"
},
{
"cve": "CVE-2024-42121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42121"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check index msg_id before read or write\n\n[WHAT]\nmsg_id is used as an array index and it cannot be a negative value, and\ntherefore cannot be equal to MOD_HDCP_MESSAGE_ID_INVALID (-1).\n\n[HOW]\nCheck whether msg_id is valid before reading and setting.\n\nThis fixes 4 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42121",
"url": "https://www.suse.com/security/cve/CVE-2024-42121"
},
{
"category": "external",
"summary": "SUSE Bug 1228590 for CVE-2024-42121",
"url": "https://bugzilla.suse.com/1228590"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42121"
},
{
"cve": "CVE-2024-42122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42122"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL pointer check for kzalloc\n\n[Why \u0026 How]\nCheck return pointer of kzalloc before using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42122",
"url": "https://www.suse.com/security/cve/CVE-2024-42122"
},
{
"category": "external",
"summary": "SUSE Bug 1228591 for CVE-2024-42122",
"url": "https://bugzilla.suse.com/1228591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42122"
},
{
"cve": "CVE-2024-42124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Make qedf_execute_tmf() non-preemptible\n\nStop calling smp_processor_id() from preemptible code in\nqedf_execute_tmf90. This results in BUG_ON() when running an RT kernel.\n\n[ 659.343280] BUG: using smp_processor_id() in preemptible [00000000] code: sg_reset/3646\n[ 659.343282] caller is qedf_execute_tmf+0x8b/0x360 [qedf]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42124",
"url": "https://www.suse.com/security/cve/CVE-2024-42124"
},
{
"category": "external",
"summary": "SUSE Bug 1228705 for CVE-2024-42124",
"url": "https://bugzilla.suse.com/1228705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42124"
},
{
"cve": "CVE-2024-42125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband\n\nWe have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz\nsband will be NULL even if it is WiFi 7 chip. So, add NULL handling here\nto avoid crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42125",
"url": "https://www.suse.com/security/cve/CVE-2024-42125"
},
{
"category": "external",
"summary": "SUSE Bug 1228674 for CVE-2024-42125",
"url": "https://bugzilla.suse.com/1228674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42125"
},
{
"cve": "CVE-2024-42126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.\n\nnmi_enter()/nmi_exit() touches per cpu variables which can lead to kernel\ncrash when invoked during real mode interrupt handling (e.g. early HMI/MCE\ninterrupt handler) if percpu allocation comes from vmalloc area.\n\nEarly HMI/MCE handlers are called through DEFINE_INTERRUPT_HANDLER_NMI()\nwrapper which invokes nmi_enter/nmi_exit calls. We don\u0027t see any issue when\npercpu allocation is from the embedded first chunk. However with\nCONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there are chances where percpu\nallocation can come from the vmalloc area.\n\nWith kernel command line \"percpu_alloc=page\" we can force percpu allocation\nto come from vmalloc area and can see kernel crash in machine_check_early:\n\n[ 1.215714] NIP [c000000000e49eb4] rcu_nmi_enter+0x24/0x110\n[ 1.215717] LR [c0000000000461a0] machine_check_early+0xf0/0x2c0\n[ 1.215719] --- interrupt: 200\n[ 1.215720] [c000000fffd73180] [0000000000000000] 0x0 (unreliable)\n[ 1.215722] [c000000fffd731b0] [0000000000000000] 0x0\n[ 1.215724] [c000000fffd73210] [c000000000008364] machine_check_early_common+0x134/0x1f8\n\nFix this by avoiding use of nmi_enter()/nmi_exit() in real mode if percpu\nfirst chunk is not embedded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42126",
"url": "https://www.suse.com/security/cve/CVE-2024-42126"
},
{
"category": "external",
"summary": "SUSE Bug 1228718 for CVE-2024-42126",
"url": "https://bugzilla.suse.com/1228718"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42126"
},
{
"cve": "CVE-2024-42127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42127"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/lima: fix shared irq handling on driver remove\n\nlima uses a shared interrupt, so the interrupt handlers must be prepared\nto be called at any time. At driver removal time, the clocks are\ndisabled early and the interrupts stay registered until the very end of\nthe remove process due to the devm usage.\nThis is potentially a bug as the interrupts access device registers\nwhich assumes clocks are enabled. A crash can be triggered by removing\nthe driver in a kernel with CONFIG_DEBUG_SHIRQ enabled.\nThis patch frees the interrupts at each lima device finishing callback\nso that the handlers are already unregistered by the time we fully\ndisable clocks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42127",
"url": "https://www.suse.com/security/cve/CVE-2024-42127"
},
{
"category": "external",
"summary": "SUSE Bug 1228721 for CVE-2024-42127",
"url": "https://bugzilla.suse.com/1228721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42127"
},
{
"cve": "CVE-2024-42130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42130"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc/nci: Add the inconsistency check between the input data length and count\n\nwrite$nci(r0, \u0026(0x7f0000000740)=ANY=[@ANYBLOB=\"610501\"], 0xf)\n\nSyzbot constructed a write() call with a data length of 3 bytes but a count value\nof 15, which passed too little data to meet the basic requirements of the function\nnci_rf_intf_activated_ntf_packet().\n\nTherefore, increasing the comparison between data length and count value to avoid\nproblems caused by inconsistent data length and count.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42130",
"url": "https://www.suse.com/security/cve/CVE-2024-42130"
},
{
"category": "external",
"summary": "SUSE Bug 1228687 for CVE-2024-42130",
"url": "https://bugzilla.suse.com/1228687"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42130"
},
{
"cve": "CVE-2024-42131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42131"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: avoid overflows in dirty throttling logic\n\nThe dirty throttling logic is interspersed with assumptions that dirty\nlimits in PAGE_SIZE units fit into 32-bit (so that various multiplications\nfit into 64-bits). If limits end up being larger, we will hit overflows,\npossible divisions by 0 etc. Fix these problems by never allowing so\nlarge dirty limits as they have dubious practical value anyway. For\ndirty_bytes / dirty_background_bytes interfaces we can just refuse to set\nso large limits. For dirty_ratio / dirty_background_ratio it isn\u0027t so\nsimple as the dirty limit is computed from the amount of available memory\nwhich can change due to memory hotplug etc. So when converting dirty\nlimits from ratios to numbers of pages, we just don\u0027t allow the result to\nexceed UINT_MAX.\n\nThis is root-only triggerable problem which occurs when the operator\nsets dirty limits to \u003e16 TB.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42131",
"url": "https://www.suse.com/security/cve/CVE-2024-42131"
},
{
"category": "external",
"summary": "SUSE Bug 1228650 for CVE-2024-42131",
"url": "https://bugzilla.suse.com/1228650"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42131"
},
{
"cve": "CVE-2024-42132",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42132"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX\n\nSyzbot hit warning in hci_conn_del() caused by freeing handle that was\nnot allocated using ida allocator.\n\nThis is caused by handle bigger than HCI_CONN_HANDLE_MAX passed by\nhci_le_big_sync_established_evt(), which makes code think it\u0027s unset\nconnection.\n\nAdd same check for handle upper bound as in hci_conn_set_handle() to\nprevent warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42132",
"url": "https://www.suse.com/security/cve/CVE-2024-42132"
},
{
"category": "external",
"summary": "SUSE Bug 1228492 for CVE-2024-42132",
"url": "https://bugzilla.suse.com/1228492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42132"
},
{
"cve": "CVE-2024-42133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42133"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Ignore too large handle values in BIG\n\nhci_le_big_sync_established_evt is necessary to filter out cases where the\nhandle value is belonging to ida id range, otherwise ida will be erroneously\nreleased in hci_conn_cleanup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42133",
"url": "https://www.suse.com/security/cve/CVE-2024-42133"
},
{
"category": "external",
"summary": "SUSE Bug 1228511 for CVE-2024-42133",
"url": "https://bugzilla.suse.com/1228511"
},
{
"category": "external",
"summary": "SUSE Bug 1231419 for CVE-2024-42133",
"url": "https://bugzilla.suse.com/1231419"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-42133"
},
{
"cve": "CVE-2024-42136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42136"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncdrom: rearrange last_media_change check to avoid unintentional overflow\n\nWhen running syzkaller with the newly reintroduced signed integer wrap\nsanitizer we encounter this splat:\n\n[ 366.015950] UBSAN: signed-integer-overflow in ../drivers/cdrom/cdrom.c:2361:33\n[ 366.021089] -9223372036854775808 - 346321 cannot be represented in type \u0027__s64\u0027 (aka \u0027long long\u0027)\n[ 366.025894] program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO\n[ 366.027502] CPU: 5 PID: 28472 Comm: syz-executor.7 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1\n[ 366.027512] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 366.027518] Call Trace:\n[ 366.027523] \u003cTASK\u003e\n[ 366.027533] dump_stack_lvl+0x93/0xd0\n[ 366.027899] handle_overflow+0x171/0x1b0\n[ 366.038787] ata1.00: invalid multi_count 32 ignored\n[ 366.043924] cdrom_ioctl+0x2c3f/0x2d10\n[ 366.063932] ? __pm_runtime_resume+0xe6/0x130\n[ 366.071923] sr_block_ioctl+0x15d/0x1d0\n[ 366.074624] ? __pfx_sr_block_ioctl+0x10/0x10\n[ 366.077642] blkdev_ioctl+0x419/0x500\n[ 366.080231] ? __pfx_blkdev_ioctl+0x10/0x10\n...\n\nHistorically, the signed integer overflow sanitizer did not work in the\nkernel due to its interaction with `-fwrapv` but this has since been\nchanged [1] in the newest version of Clang. It was re-enabled in the\nkernel with Commit 557f8c582a9ba8ab (\"ubsan: Reintroduce signed overflow\nsanitizer\").\n\nLet\u0027s rearrange the check to not perform any arithmetic, thus not\ntripping the sanitizer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42136",
"url": "https://www.suse.com/security/cve/CVE-2024-42136"
},
{
"category": "external",
"summary": "SUSE Bug 1228758 for CVE-2024-42136",
"url": "https://bugzilla.suse.com/1228758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "low"
}
],
"title": "CVE-2024-42136"
},
{
"cve": "CVE-2024-42137",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42137"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot\n\nCommit 272970be3dab (\"Bluetooth: hci_qca: Fix driver shutdown on closed\nserdev\") will cause below regression issue:\n\nBT can\u0027t be enabled after below steps:\ncold boot -\u003e enable BT -\u003e disable BT -\u003e warm reboot -\u003e BT enable failure\nif property enable-gpios is not configured within DT|ACPI for QCA6390.\n\nThe commit is to fix a use-after-free issue within qca_serdev_shutdown()\nby adding condition to avoid the serdev is flushed or wrote after closed\nbut also introduces this regression issue regarding above steps since the\nVSC is not sent to reset controller during warm reboot.\n\nFixed by sending the VSC to reset controller within qca_serdev_shutdown()\nonce BT was ever enabled, and the use-after-free issue is also fixed by\nthis change since the serdev is still opened before it is flushed or wrote.\n\nVerified by the reported machine Dell XPS 13 9310 laptop over below two\nkernel commits:\ncommit e00fc2700a3f (\"Bluetooth: btusb: Fix triggering coredump\nimplementation for QCA\") of bluetooth-next tree.\ncommit b23d98d46d28 (\"Bluetooth: btusb: Fix triggering coredump\nimplementation for QCA\") of linus mainline tree.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42137",
"url": "https://www.suse.com/security/cve/CVE-2024-42137"
},
{
"category": "external",
"summary": "SUSE Bug 1228563 for CVE-2024-42137",
"url": "https://bugzilla.suse.com/1228563"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42137"
},
{
"cve": "CVE-2024-42138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42138"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file\n\nIn case of invalid INI file mlxsw_linecard_types_init() deallocates memory\nbut doesn\u0027t reset pointer to NULL and returns 0. In case of any error\noccurred after mlxsw_linecard_types_init() call, mlxsw_linecards_init()\ncalls mlxsw_linecard_types_fini() which performs memory deallocation again.\n\nAdd pointer reset to NULL.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42138",
"url": "https://www.suse.com/security/cve/CVE-2024-42138"
},
{
"category": "external",
"summary": "SUSE Bug 1228500 for CVE-2024-42138",
"url": "https://bugzilla.suse.com/1228500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42138"
},
{
"cve": "CVE-2024-42139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42139"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper extts handling\n\nExtts events are disabled and enabled by the application ts2phc.\nHowever, in case where the driver is removed when the application is\nrunning, a specific extts event remains enabled and can cause a kernel\ncrash.\nAs a side effect, when the driver is reloaded and application is started\nagain, remaining extts event for the channel from a previous run will\nkeep firing and the message \"extts on unexpected channel\" might be\nprinted to the user.\n\nTo avoid that, extts events shall be disabled when PTP is released.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42139",
"url": "https://www.suse.com/security/cve/CVE-2024-42139"
},
{
"category": "external",
"summary": "SUSE Bug 1228503 for CVE-2024-42139",
"url": "https://bugzilla.suse.com/1228503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42139"
},
{
"cve": "CVE-2024-42141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42141"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Check socket flag instead of hcon\n\nThis fixes the following Smatch static checker warning:\n\nnet/bluetooth/iso.c:1364 iso_sock_recvmsg()\nerror: we previously assumed \u0027pi-\u003econn-\u003ehcon\u0027 could be null (line 1359)\n\nnet/bluetooth/iso.c\n1347 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg,\n1348 size_t len, int flags)\n1349 {\n1350 struct sock *sk = sock-\u003esk;\n1351 struct iso_pinfo *pi = iso_pi(sk);\n1352\n1353 BT_DBG(\"sk %p\", sk);\n1354\n1355 if (test_and_clear_bit(BT_SK_DEFER_SETUP,\n \u0026bt_sk(sk)-\u003eflags)) {\n1356 lock_sock(sk);\n1357 switch (sk-\u003esk_state) {\n1358 case BT_CONNECT2:\n1359 if (pi-\u003econn-\u003ehcon \u0026\u0026\n ^^^^^^^^^^^^^^ If -\u003ehcon is NULL\n\n1360 test_bit(HCI_CONN_PA_SYNC,\n \u0026pi-\u003econn-\u003ehcon-\u003eflags)) {\n1361 iso_conn_big_sync(sk);\n1362 sk-\u003esk_state = BT_LISTEN;\n1363 } else {\n--\u003e 1364 iso_conn_defer_accept(pi-\u003econn-\u003ehcon);\n ^^^^^^^^^^^^^^\n then we\u0027re toast\n\n1365 sk-\u003esk_state = BT_CONFIG;\n1366 }\n1367 release_sock(sk);\n1368 return 0;\n1369 case BT_CONNECTED:\n1370 if (test_bit(BT_SK_PA_SYNC,",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42141",
"url": "https://www.suse.com/security/cve/CVE-2024-42141"
},
{
"category": "external",
"summary": "SUSE Bug 1228502 for CVE-2024-42141",
"url": "https://bugzilla.suse.com/1228502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42141"
},
{
"cve": "CVE-2024-42142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: E-switch, Create ingress ACL when needed\n\nCurrently, ingress acl is used for three features. It is created only\nwhen vport metadata match and prio tag are enabled. But active-backup\nlag mode also uses it. It is independent of vport metadata match and\nprio tag. And vport metadata match can be disabled using the\nfollowing devlink command:\n\n # devlink dev param set pci/0000:08:00.0 name esw_port_metadata \\\n\tvalue false cmode runtime\n\nIf ingress acl is not created, will hit panic when creating drop rule\nfor active-backup lag mode. If always create it, there will be about\n5% performance degradation.\n\nFix it by creating ingress acl when needed. If esw_port_metadata is\ntrue, ingress acl exists, then create drop rule using existing\ningress acl. If esw_port_metadata is false, create ingress acl and\nthen create drop rule.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42142",
"url": "https://www.suse.com/security/cve/CVE-2024-42142"
},
{
"category": "external",
"summary": "SUSE Bug 1228491 for CVE-2024-42142",
"url": "https://bugzilla.suse.com/1228491"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42142"
},
{
"cve": "CVE-2024-42143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42143"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42143",
"url": "https://www.suse.com/security/cve/CVE-2024-42143"
},
{
"category": "external",
"summary": "SUSE Bug 1228748 for CVE-2024-42143",
"url": "https://bugzilla.suse.com/1228748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42143"
},
{
"cve": "CVE-2024-42144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42144"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data\n\nVerify that lvts_data is not NULL before using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42144",
"url": "https://www.suse.com/security/cve/CVE-2024-42144"
},
{
"category": "external",
"summary": "SUSE Bug 1228666 for CVE-2024-42144",
"url": "https://bugzilla.suse.com/1228666"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42144"
},
{
"cve": "CVE-2024-42145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/core: Implement a limit on UMAD receive List\n\nThe existing behavior of ib_umad, which maintains received MAD\npackets in an unbounded list, poses a risk of uncontrolled growth.\nAs user-space applications extract packets from this list, the rate\nof extraction may not match the rate of incoming packets, leading\nto potential list overflow.\n\nTo address this, we introduce a limit to the size of the list. After\nconsidering typical scenarios, such as OpenSM processing, which can\nhandle approximately 100k packets per second, and the 1-second retry\ntimeout for most packets, we set the list size limit to 200k. Packets\nreceived beyond this limit are dropped, assuming they are likely timed\nout by the time they are handled by user-space.\n\nNotably, packets queued on the receive list due to reasons like\ntimed-out sends are preserved even when the list is full.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42145",
"url": "https://www.suse.com/security/cve/CVE-2024-42145"
},
{
"category": "external",
"summary": "SUSE Bug 1223384 for CVE-2024-42145",
"url": "https://bugzilla.suse.com/1223384"
},
{
"category": "external",
"summary": "SUSE Bug 1228743 for CVE-2024-42145",
"url": "https://bugzilla.suse.com/1228743"
},
{
"category": "external",
"summary": "SUSE Bug 1228744 for CVE-2024-42145",
"url": "https://bugzilla.suse.com/1228744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-42145"
},
{
"cve": "CVE-2024-42147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/debugfs - Fix debugfs uninit process issue\n\nDuring the zip probe process, the debugfs failure does not stop\nthe probe. When debugfs initialization fails, jumping to the\nerror branch will also release regs, in addition to its own\nrollback operation.\n\nAs a result, it may be released repeatedly during the regs\nuninit process. Therefore, the null check needs to be added to\nthe regs uninit process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42147",
"url": "https://www.suse.com/security/cve/CVE-2024-42147"
},
{
"category": "external",
"summary": "SUSE Bug 1228764 for CVE-2024-42147",
"url": "https://bugzilla.suse.com/1228764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42147"
},
{
"cve": "CVE-2024-42148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42148"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnx2x: Fix multiple UBSAN array-index-out-of-bounds\n\nFix UBSAN warnings that occur when using a system with 32 physical\ncpu cores or more, or when the user defines a number of Ethernet\nqueues greater than or equal to FP_SB_MAX_E1x using the num_queues\nmodule parameter.\n\nCurrently there is a read/write out of bounds that occurs on the array\n\"struct stats_query_entry query\" present inside the \"bnx2x_fw_stats_req\"\nstruct in \"drivers/net/ethernet/broadcom/bnx2x/bnx2x.h\".\nLooking at the definition of the \"struct stats_query_entry query\" array:\n\nstruct stats_query_entry query[FP_SB_MAX_E1x+\n BNX2X_FIRST_QUEUE_QUERY_IDX];\n\nFP_SB_MAX_E1x is defined as the maximum number of fast path interrupts and\nhas a value of 16, while BNX2X_FIRST_QUEUE_QUERY_IDX has a value of 3\nmeaning the array has a total size of 19.\nSince accesses to \"struct stats_query_entry query\" are offset-ted by\nBNX2X_FIRST_QUEUE_QUERY_IDX, that means that the total number of Ethernet\nqueues should not exceed FP_SB_MAX_E1x (16). However one of these queues\nis reserved for FCOE and thus the number of Ethernet queues should be set\nto [FP_SB_MAX_E1x -1] (15) if FCOE is enabled or [FP_SB_MAX_E1x] (16) if\nit is not.\n\nThis is also described in a comment in the source code in\ndrivers/net/ethernet/broadcom/bnx2x/bnx2x.h just above the Macro definition\nof FP_SB_MAX_E1x. Below is the part of this explanation that it important\nfor this patch\n\n/*\n * The total number of L2 queues, MSIX vectors and HW contexts (CIDs) is\n * control by the number of fast-path status blocks supported by the\n * device (HW/FW). Each fast-path status block (FP-SB) aka non-default\n * status block represents an independent interrupts context that can\n * serve a regular L2 networking queue. However special L2 queues such\n * as the FCoE queue do not require a FP-SB and other components like\n * the CNIC may consume FP-SB reducing the number of possible L2 queues\n *\n * If the maximum number of FP-SB available is X then:\n * a. If CNIC is supported it consumes 1 FP-SB thus the max number of\n * regular L2 queues is Y=X-1\n * b. In MF mode the actual number of L2 queues is Y= (X-1/MF_factor)\n * c. If the FCoE L2 queue is supported the actual number of L2 queues\n * is Y+1\n * d. The number of irqs (MSIX vectors) is either Y+1 (one extra for\n * slow-path interrupts) or Y+2 if CNIC is supported (one additional\n * FP interrupt context for the CNIC).\n * e. The number of HW context (CID count) is always X or X+1 if FCoE\n * L2 queue is supported. The cid for the FCoE L2 queue is always X.\n */\n\nHowever this driver also supports NICs that use the E2 controller which can\nhandle more queues due to having more FP-SB represented by FP_SB_MAX_E2.\nLooking at the commits when the E2 support was added, it was originally\nusing the E1x parameters: commit f2e0899f0f27 (\"bnx2x: Add 57712 support\").\nBack then FP_SB_MAX_E2 was set to 16 the same as E1x. However the driver\nwas later updated to take full advantage of the E2 instead of having it be\nlimited to the capabilities of the E1x. But as far as we can tell, the\narray \"stats_query_entry query\" was still limited to using the FP-SB\navailable to the E1x cards as part of an oversignt when the driver was\nupdated to take full advantage of the E2, and now with the driver being\naware of the greater queue size supported by E2 NICs, it causes the UBSAN\nwarnings seen in the stack traces below.\n\nThis patch increases the size of the \"stats_query_entry query\" array by\nreplacing FP_SB_MAX_E1x with FP_SB_MAX_E2 to be large enough to handle\nboth types of NICs.\n\nStack traces:\n\nUBSAN: array-index-out-of-bounds in\n drivers/net/ethernet/broadcom/bnx2x/bnx2x_stats.c:1529:11\nindex 20 is out of range for type \u0027stats_query_entry [19]\u0027\nCPU: 12 PID: 858 Comm: systemd-network Not tainted 6.9.0-060900rc7-generic\n\t #202405052133\nHardware name: HP ProLiant DL360 Gen9/ProLiant DL360 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42148",
"url": "https://www.suse.com/security/cve/CVE-2024-42148"
},
{
"category": "external",
"summary": "SUSE Bug 1228487 for CVE-2024-42148",
"url": "https://bugzilla.suse.com/1228487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42148"
},
{
"cve": "CVE-2024-42152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42152"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: fix a possible leak when destroy a ctrl during qp establishment\n\nIn nvmet_sq_destroy we capture sq-\u003ectrl early and if it is non-NULL we\nknow that a ctrl was allocated (in the admin connect request handler)\nand we need to release pending AERs, clear ctrl-\u003esqs and sq-\u003ectrl\n(for nvme-loop primarily), and drop the final reference on the ctrl.\n\nHowever, a small window is possible where nvmet_sq_destroy starts (as\na result of the client giving up and disconnecting) concurrently with\nthe nvme admin connect cmd (which may be in an early stage). But *before*\nkill_and_confirm of sq-\u003eref (i.e. the admin connect managed to get an sq\nlive reference). In this case, sq-\u003ectrl was allocated however after it was\ncaptured in a local variable in nvmet_sq_destroy.\nThis prevented the final reference drop on the ctrl.\n\nSolve this by re-capturing the sq-\u003ectrl after all inflight request has\ncompleted, where for sure sq-\u003ectrl reference is final, and move forward\nbased on that.\n\nThis issue was observed in an environment with many hosts connecting\nmultiple ctrls simoutanuosly, creating a delay in allocating a ctrl\nleading up to this race window.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42152",
"url": "https://www.suse.com/security/cve/CVE-2024-42152"
},
{
"category": "external",
"summary": "SUSE Bug 1228724 for CVE-2024-42152",
"url": "https://bugzilla.suse.com/1228724"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42152"
},
{
"cve": "CVE-2024-42153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42153"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr\n\nWhen del_timer_sync() is called in an interrupt context it throws a warning\nbecause of potential deadlock. The timer is used only to exit from\nwait_for_completion() after a timeout so replacing the call with\nwait_for_completion_timeout() allows to remove the problematic timer and\nits related functions altogether.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42153",
"url": "https://www.suse.com/security/cve/CVE-2024-42153"
},
{
"category": "external",
"summary": "SUSE Bug 1228510 for CVE-2024-42153",
"url": "https://bugzilla.suse.com/1228510"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42153"
},
{
"cve": "CVE-2024-42155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42155"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe copies of protected- and secure-keys\n\nAlthough the clear-key of neither protected- nor secure-keys is\naccessible, this key material should only be visible to the calling\nprocess. So wipe all copies of protected- or secure-keys from stack,\neven in case of an error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42155",
"url": "https://www.suse.com/security/cve/CVE-2024-42155"
},
{
"category": "external",
"summary": "SUSE Bug 1228733 for CVE-2024-42155",
"url": "https://bugzilla.suse.com/1228733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42155"
},
{
"cve": "CVE-2024-42156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42156"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe copies of clear-key structures on failure\n\nWipe all sensitive data from stack for all IOCTLs, which convert a\nclear-key into a protected- or secure-key.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42156",
"url": "https://www.suse.com/security/cve/CVE-2024-42156"
},
{
"category": "external",
"summary": "SUSE Bug 1228722 for CVE-2024-42156",
"url": "https://bugzilla.suse.com/1228722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42156"
},
{
"cve": "CVE-2024-42157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42157"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe sensitive data on failure\n\nWipe sensitive data from stack also if the copy_to_user() fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42157",
"url": "https://www.suse.com/security/cve/CVE-2024-42157"
},
{
"category": "external",
"summary": "SUSE Bug 1228727 for CVE-2024-42157",
"url": "https://bugzilla.suse.com/1228727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42157"
},
{
"cve": "CVE-2024-42158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42158"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Use kfree_sensitive() to fix Coccinelle warnings\n\nReplace memzero_explicit() and kfree() with kfree_sensitive() to fix\nwarnings reported by Coccinelle:\n\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506)\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643)\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42158",
"url": "https://www.suse.com/security/cve/CVE-2024-42158"
},
{
"category": "external",
"summary": "SUSE Bug 1228720 for CVE-2024-42158",
"url": "https://bugzilla.suse.com/1228720"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42158"
},
{
"cve": "CVE-2024-42159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Sanitise num_phys\n\nInformation is stored in mr_sas_port-\u003ephy_mask, values larger then size of\nthis field shouldn\u0027t be allowed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42159",
"url": "https://www.suse.com/security/cve/CVE-2024-42159"
},
{
"category": "external",
"summary": "SUSE Bug 1228754 for CVE-2024-42159",
"url": "https://bugzilla.suse.com/1228754"
},
{
"category": "external",
"summary": "SUSE Bug 1228755 for CVE-2024-42159",
"url": "https://bugzilla.suse.com/1228755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-42159"
},
{
"cve": "CVE-2024-42161",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42161"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD\n\n[Changes from V1:\n - Use a default branch in the switch statement to initialize `val\u0027.]\n\nGCC warns that `val\u0027 may be used uninitialized in the\nBPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as:\n\n\t[...]\n\tunsigned long long val;\t\t\t\t\t\t \\\n\t[...]\t\t\t\t\t\t\t\t \\\n\tswitch (__CORE_RELO(s, field, BYTE_SIZE)) {\t\t\t \\\n\tcase 1: val = *(const unsigned char *)p; break;\t\t\t \\\n\tcase 2: val = *(const unsigned short *)p; break;\t\t \\\n\tcase 4: val = *(const unsigned int *)p; break;\t\t\t \\\n\tcase 8: val = *(const unsigned long long *)p; break;\t\t \\\n } \t\t\t\t\t\t\t \\\n\t[...]\n\tval;\t\t\t\t\t\t\t\t \\\n\t}\t\t\t\t\t\t\t\t \\\n\nThis patch adds a default entry in the switch statement that sets\n`val\u0027 to zero in order to avoid the warning, and random values to be\nused in case __builtin_preserve_field_info returns unexpected values\nfor BPF_FIELD_BYTE_SIZE.\n\nTested in bpf-next master.\nNo regressions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42161",
"url": "https://www.suse.com/security/cve/CVE-2024-42161"
},
{
"category": "external",
"summary": "SUSE Bug 1228756 for CVE-2024-42161",
"url": "https://bugzilla.suse.com/1228756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42161"
},
{
"cve": "CVE-2024-42162",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42162"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Account for stopped queues when reading NIC stats\n\nWe now account for the fact that the NIC might send us stats for a\nsubset of queues. Without this change, gve_get_ethtool_stats might make\nan invalid access on the priv-\u003estats_report-\u003estats array.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42162",
"url": "https://www.suse.com/security/cve/CVE-2024-42162"
},
{
"category": "external",
"summary": "SUSE Bug 1228706 for CVE-2024-42162",
"url": "https://bugzilla.suse.com/1228706"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42162"
},
{
"cve": "CVE-2024-42223",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42223"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: tda10048: Fix integer overflow\n\nstate-\u003extal_hz can be up to 16M, so it can overflow a 32 bit integer\nwhen multiplied by pll_mfactor.\n\nCreate a new 64 bit variable to hold the calculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42223",
"url": "https://www.suse.com/security/cve/CVE-2024-42223"
},
{
"category": "external",
"summary": "SUSE Bug 1228726 for CVE-2024-42223",
"url": "https://bugzilla.suse.com/1228726"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42223"
},
{
"cve": "CVE-2024-42224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42224"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Correct check for empty list\n\nSince commit a3c53be55c95 (\"net: dsa: mv88e6xxx: Support multiple MDIO\nbusses\") mv88e6xxx_default_mdio_bus() has checked that the\nreturn value of list_first_entry() is non-NULL.\n\nThis appears to be intended to guard against the list chip-\u003emdios being\nempty. However, it is not the correct check as the implementation of\nlist_first_entry is not designed to return NULL for empty lists.\n\nInstead, use list_first_entry_or_null() which does return NULL if the\nlist is empty.\n\nFlagged by Smatch.\nCompile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42224",
"url": "https://www.suse.com/security/cve/CVE-2024-42224"
},
{
"category": "external",
"summary": "SUSE Bug 1228723 for CVE-2024-42224",
"url": "https://bugzilla.suse.com/1228723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42224"
},
{
"cve": "CVE-2024-42225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42225"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: replace skb_put with skb_put_zero\n\nAvoid potentially reusing uninitialized data",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42225",
"url": "https://www.suse.com/security/cve/CVE-2024-42225"
},
{
"category": "external",
"summary": "SUSE Bug 1228710 for CVE-2024-42225",
"url": "https://bugzilla.suse.com/1228710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42225"
},
{
"cve": "CVE-2024-42226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42226"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42226",
"url": "https://www.suse.com/security/cve/CVE-2024-42226"
},
{
"category": "external",
"summary": "SUSE Bug 1228709 for CVE-2024-42226",
"url": "https://bugzilla.suse.com/1228709"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42226"
},
{
"cve": "CVE-2024-42227",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42227"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix overlapping copy within dml_core_mode_programming\n\n[WHY]\n\u0026mode_lib-\u003emp.Watermark and \u0026locals-\u003eWatermark are\nthe same address. memcpy may lead to unexpected behavior.\n\n[HOW]\nmemmove should be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42227",
"url": "https://www.suse.com/security/cve/CVE-2024-42227"
},
{
"category": "external",
"summary": "SUSE Bug 1228707 for CVE-2024-42227",
"url": "https://bugzilla.suse.com/1228707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42227"
},
{
"cve": "CVE-2024-42228",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42228"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc\n\nInitialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.\nV2: To really improve the handling we would actually\n need to have a separate value of 0xffffffff.(Christian)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42228",
"url": "https://www.suse.com/security/cve/CVE-2024-42228"
},
{
"category": "external",
"summary": "SUSE Bug 1228667 for CVE-2024-42228",
"url": "https://bugzilla.suse.com/1228667"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42228"
},
{
"cve": "CVE-2024-42229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42229"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: aead,cipher - zeroize key buffer after use\n\nI.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding\ncryptographic information should be zeroized once they are no longer\nneeded. Accomplish this by using kfree_sensitive for buffers that\npreviously held the private key.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42229",
"url": "https://www.suse.com/security/cve/CVE-2024-42229"
},
{
"category": "external",
"summary": "SUSE Bug 1228708 for CVE-2024-42229",
"url": "https://bugzilla.suse.com/1228708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42229"
},
{
"cve": "CVE-2024-42230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42230"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Fix scv instruction crash with kexec\n\nkexec on pseries disables AIL (reloc_on_exc), required for scv\ninstruction support, before other CPUs have been shut down. This means\nthey can execute scv instructions after AIL is disabled, which causes an\ninterrupt at an unexpected entry location that crashes the kernel.\n\nChange the kexec sequence to disable AIL after other CPUs have been\nbrought down.\n\nAs a refresher, the real-mode scv interrupt vector is 0x17000, and the\nfixed-location head code probably couldn\u0027t easily deal with implementing\nsuch high addresses so it was just decided not to support that interrupt\nat all.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42230",
"url": "https://www.suse.com/security/cve/CVE-2024-42230"
},
{
"category": "external",
"summary": "SUSE Bug 1228489 for CVE-2024-42230",
"url": "https://bugzilla.suse.com/1228489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42230"
},
{
"cve": "CVE-2024-42232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42232"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix race between delayed_work() and ceph_monc_stop()\n\nThe way the delayed work is handled in ceph_monc_stop() is prone to\nraces with mon_fault() and possibly also finish_hunting(). Both of\nthese can requeue the delayed work which wouldn\u0027t be canceled by any of\nthe following code in case that happens after cancel_delayed_work_sync()\nruns -- __close_session() doesn\u0027t mess with the delayed work in order\nto avoid interfering with the hunting interval logic. This part was\nmissed in commit b5d91704f53e (\"libceph: behave in mon_fault() if\ncur_mon \u003c 0\") and use-after-free can still ensue on monc and objects\nthat hang off of it, with monc-\u003eauth and monc-\u003emonmap being\nparticularly susceptible to quickly being reused.\n\nTo fix this:\n\n- clear monc-\u003ecur_mon and monc-\u003ehunting as part of closing the session\n in ceph_monc_stop()\n- bail from delayed_work() if monc-\u003ecur_mon is cleared, similar to how\n it\u0027s done in mon_fault() and finish_hunting() (based on monc-\u003ehunting)\n- call cancel_delayed_work_sync() after the session is closed",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42232",
"url": "https://www.suse.com/security/cve/CVE-2024-42232"
},
{
"category": "external",
"summary": "SUSE Bug 1228959 for CVE-2024-42232",
"url": "https://bugzilla.suse.com/1228959"
},
{
"category": "external",
"summary": "SUSE Bug 1229458 for CVE-2024-42232",
"url": "https://bugzilla.suse.com/1229458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-42232"
},
{
"cve": "CVE-2024-42236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42236"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: configfs: Prevent OOB read/write in usb_string_copy()\n\nUserspace provided string \u0027s\u0027 could trivially have the length zero. Left\nunchecked this will firstly result in an OOB read in the form\n`if (str[0 - 1] == \u0027\\n\u0027) followed closely by an OOB write in the form\n`str[0 - 1] = \u0027\\0\u0027`.\n\nThere is already a validating check to catch strings that are too long.\nLet\u0027s supply an additional check for invalid strings that are too short.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42236",
"url": "https://www.suse.com/security/cve/CVE-2024-42236"
},
{
"category": "external",
"summary": "SUSE Bug 1228964 for CVE-2024-42236",
"url": "https://bugzilla.suse.com/1228964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42236"
},
{
"cve": "CVE-2024-42237",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42237"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Validate payload length before processing block\n\nMove the payload length check in cs_dsp_load() and cs_dsp_coeff_load()\nto be done before the block is processed.\n\nThe check that the length of a block payload does not exceed the number\nof remaining bytes in the firwmware file buffer was being done near the\nend of the loop iteration. However, some code before that check used the\nlength field without validating it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42237",
"url": "https://www.suse.com/security/cve/CVE-2024-42237"
},
{
"category": "external",
"summary": "SUSE Bug 1228992 for CVE-2024-42237",
"url": "https://bugzilla.suse.com/1228992"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42237"
},
{
"cve": "CVE-2024-42238",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42238"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Return error if block header overflows file\n\nReturn an error from cs_dsp_power_up() if a block header is longer\nthan the amount of data left in the file.\n\nThe previous code in cs_dsp_load() and cs_dsp_load_coeff() would loop\nwhile there was enough data left in the file for a valid region. This\nprotected against overrunning the end of the file data, but it didn\u0027t\nabort the file processing with an error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42238",
"url": "https://www.suse.com/security/cve/CVE-2024-42238"
},
{
"category": "external",
"summary": "SUSE Bug 1228991 for CVE-2024-42238",
"url": "https://bugzilla.suse.com/1228991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42238"
},
{
"cve": "CVE-2024-42239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fail bpf_timer_cancel when callback is being cancelled\n\nGiven a schedule:\n\ntimer1 cb\t\t\ttimer2 cb\n\nbpf_timer_cancel(timer2);\tbpf_timer_cancel(timer1);\n\nBoth bpf_timer_cancel calls would wait for the other callback to finish\nexecuting, introducing a lockup.\n\nAdd an atomic_t count named \u0027cancelling\u0027 in bpf_hrtimer. This keeps\ntrack of all in-flight cancellation requests for a given BPF timer.\nWhenever cancelling a BPF timer, we must check if we have outstanding\ncancellation requests, and if so, we must fail the operation with an\nerror (-EDEADLK) since cancellation is synchronous and waits for the\ncallback to finish executing. This implies that we can enter a deadlock\nsituation involving two or more timer callbacks executing in parallel\nand attempting to cancel one another.\n\nNote that we avoid incrementing the cancelling counter for the target\ntimer (the one being cancelled) if bpf_timer_cancel is not invoked from\na callback, to avoid spurious errors. The whole point of detecting\ncur-\u003ecancelling and returning -EDEADLK is to not enter a busy wait loop\n(which may or may not lead to a lockup). This does not apply in case the\ncaller is in a non-callback context, the other side can continue to\ncancel as it sees fit without running into errors.\n\nBackground on prior attempts:\n\nEarlier versions of this patch used a bool \u0027cancelling\u0027 bit and used the\nfollowing pattern under timer-\u003elock to publish cancellation status.\n\nlock(t-\u003elock);\nt-\u003ecancelling = true;\nmb();\nif (cur-\u003ecancelling)\n\treturn -EDEADLK;\nunlock(t-\u003elock);\nhrtimer_cancel(t-\u003etimer);\nt-\u003ecancelling = false;\n\nThe store outside the critical section could overwrite a parallel\nrequests t-\u003ecancelling assignment to true, to ensure the parallely\nexecuting callback observes its cancellation status.\n\nIt would be necessary to clear this cancelling bit once hrtimer_cancel\nis done, but lack of serialization introduced races. Another option was\nexplored where bpf_timer_start would clear the bit when (re)starting the\ntimer under timer-\u003elock. This would ensure serialized access to the\ncancelling bit, but may allow it to be cleared before in-flight\nhrtimer_cancel has finished executing, such that lockups can occur\nagain.\n\nThus, we choose an atomic counter to keep track of all outstanding\ncancellation requests and use it to prevent lockups in case callbacks\nattempt to cancel each other while executing in parallel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42239",
"url": "https://www.suse.com/security/cve/CVE-2024-42239"
},
{
"category": "external",
"summary": "SUSE Bug 1228979 for CVE-2024-42239",
"url": "https://bugzilla.suse.com/1228979"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42239"
},
{
"cve": "CVE-2024-42240",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42240"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/bhi: Avoid warning in #DB handler due to BHI mitigation\n\nWhen BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set\nthen entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls the\nclear_bhb_loop() before the TF flag is cleared. This causes the #DB handler\n(exc_debug_kernel()) to issue a warning because single-step is used outside the\nentry_SYSENTER_compat() function.\n\nTo address this issue, entry_SYSENTER_compat() should use CLEAR_BRANCH_HISTORY\nafter making sure the TF flag is cleared.\n\nThe problem can be reproduced with the following sequence:\n\n $ cat sysenter_step.c\n int main()\n { asm(\"pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter\"); }\n\n $ gcc -o sysenter_step sysenter_step.c\n\n $ ./sysenter_step\n Segmentation fault (core dumped)\n\nThe program is expected to crash, and the #DB handler will issue a warning.\n\nKernel log:\n\n WARNING: CPU: 27 PID: 7000 at arch/x86/kernel/traps.c:1009 exc_debug_kernel+0xd2/0x160\n ...\n RIP: 0010:exc_debug_kernel+0xd2/0x160\n ...\n Call Trace:\n \u003c#DB\u003e\n ? show_regs+0x68/0x80\n ? __warn+0x8c/0x140\n ? exc_debug_kernel+0xd2/0x160\n ? report_bug+0x175/0x1a0\n ? handle_bug+0x44/0x90\n ? exc_invalid_op+0x1c/0x70\n ? asm_exc_invalid_op+0x1f/0x30\n ? exc_debug_kernel+0xd2/0x160\n exc_debug+0x43/0x50\n asm_exc_debug+0x1e/0x40\n RIP: 0010:clear_bhb_loop+0x0/0xb0\n ...\n \u003c/#DB\u003e\n \u003cTASK\u003e\n ? entry_SYSENTER_compat_after_hwframe+0x6e/0x8d\n \u003c/TASK\u003e\n\n [ bp: Massage commit message. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42240",
"url": "https://www.suse.com/security/cve/CVE-2024-42240"
},
{
"category": "external",
"summary": "SUSE Bug 1228966 for CVE-2024-42240",
"url": "https://bugzilla.suse.com/1228966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42240"
},
{
"cve": "CVE-2024-42241",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42241"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/shmem: disable PMD-sized page cache if needed\n\nFor shmem files, it\u0027s possible that PMD-sized page cache can\u0027t be\nsupported by xarray. For example, 512MB page cache on ARM64 when the base\npage size is 64KB can\u0027t be supported by xarray. It leads to errors as the\nfollowing messages indicate when this sort of xarray entry is split.\n\nWARNING: CPU: 34 PID: 7578 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\nModules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 \\\nnft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject \\\nnft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \\\nip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse xfs \\\nlibcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce virtio_net \\\nnet_failover virtio_console virtio_blk failover dimlib virtio_mmio\nCPU: 34 PID: 7578 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9\nHardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\npstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\npc : xas_split_alloc+0xf8/0x128\nlr : split_huge_page_to_list_to_order+0x1c4/0x720\nsp : ffff8000882af5f0\nx29: ffff8000882af5f0 x28: ffff8000882af650 x27: ffff8000882af768\nx26: 0000000000000cc0 x25: 000000000000000d x24: ffff00010625b858\nx23: ffff8000882af650 x22: ffffffdfc0900000 x21: 0000000000000000\nx20: 0000000000000000 x19: ffffffdfc0900000 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000018000000000 x15: 52f8004000000000\nx14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020\nx11: 52f8000000000000 x10: 52f8e1c0ffff6000 x9 : ffffbeb9619a681c\nx8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff00010b02ddb0\nx5 : ffffbeb96395e378 x4 : 0000000000000000 x3 : 0000000000000cc0\nx2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000\nCall trace:\n xas_split_alloc+0xf8/0x128\n split_huge_page_to_list_to_order+0x1c4/0x720\n truncate_inode_partial_folio+0xdc/0x160\n shmem_undo_range+0x2bc/0x6a8\n shmem_fallocate+0x134/0x430\n vfs_fallocate+0x124/0x2e8\n ksys_fallocate+0x4c/0xa0\n __arm64_sys_fallocate+0x24/0x38\n invoke_syscall.constprop.0+0x7c/0xd8\n do_el0_svc+0xb4/0xd0\n el0_svc+0x44/0x1d8\n el0t_64_sync_handler+0x134/0x150\n el0t_64_sync+0x17c/0x180\n\nFix it by disabling PMD-sized page cache when HPAGE_PMD_ORDER is larger\nthan MAX_PAGECACHE_ORDER. As Matthew Wilcox pointed, the page cache in a\nshmem file isn\u0027t represented by a multi-index entry and doesn\u0027t have this\nlimitation when the xarry entry is split until commit 6b24ca4a1a8d (\"mm:\nUse multi-index entries in the page cache\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42241",
"url": "https://www.suse.com/security/cve/CVE-2024-42241"
},
{
"category": "external",
"summary": "SUSE Bug 1228986 for CVE-2024-42241",
"url": "https://bugzilla.suse.com/1228986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42241"
},
{
"cve": "CVE-2024-42244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42244"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: mos7840: fix crash on resume\n\nSince commit c49cfa917025 (\"USB: serial: use generic method if no\nalternative is provided in usb serial layer\"), USB serial core calls the\ngeneric resume implementation when the driver has not provided one.\n\nThis can trigger a crash on resume with mos7840 since support for\nmultiple read URBs was added back in 2011. Specifically, both port read\nURBs are now submitted on resume for open ports, but the context pointer\nof the second URB is left set to the core rather than mos7840 port\nstructure.\n\nFix this by implementing dedicated suspend and resume functions for\nmos7840.\n\nTested with Delock 87414 USB 2.0 to 4x serial adapter.\n\n[ johan: analyse crash and rewrite commit message; set busy flag on\n resume; drop bulk-in check; drop unnecessary usb_kill_urb() ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42244",
"url": "https://www.suse.com/security/cve/CVE-2024-42244"
},
{
"category": "external",
"summary": "SUSE Bug 1228967 for CVE-2024-42244",
"url": "https://bugzilla.suse.com/1228967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42244"
},
{
"cve": "CVE-2024-42245",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42245"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"sched/fair: Make sure to try to detach at least one movable task\"\n\nThis reverts commit b0defa7ae03ecf91b8bfd10ede430cff12fcbd06.\n\nb0defa7ae03ec changed the load balancing logic to ignore env.max_loop if\nall tasks examined to that point were pinned. The goal of the patch was\nto make it more likely to be able to detach a task buried in a long list\nof pinned tasks. However, this has the unfortunate side effect of\ncreating an O(n) iteration in detach_tasks(), as we now must fully\niterate every task on a cpu if all or most are pinned. Since this load\nbalance code is done with rq lock held, and often in softirq context, it\nis very easy to trigger hard lockups. We observed such hard lockups with\na user who affined O(10k) threads to a single cpu.\n\nWhen I discussed this with Vincent he initially suggested that we keep\nthe limit on the number of tasks to detach, but increase the number of\ntasks we can search. However, after some back and forth on the mailing\nlist, he recommended we instead revert the original patch, as it seems\nlikely no one was actually getting hit by the original issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42245",
"url": "https://www.suse.com/security/cve/CVE-2024-42245"
},
{
"category": "external",
"summary": "SUSE Bug 1228978 for CVE-2024-42245",
"url": "https://bugzilla.suse.com/1228978"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42245"
},
{
"cve": "CVE-2024-42246",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42246"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket\n\nWhen using a BPF program on kernel_connect(), the call can return -EPERM. This\ncauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causing\nthe kernel to potentially freeze up.\n\nNeil suggested:\n\n This will propagate -EPERM up into other layers which might not be ready\n to handle it. It might be safer to map EPERM to an error we would be more\n likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.\n\nECONNREFUSED as error seems reasonable. For programs setting a different error\ncan be out of reach (see handling in 4fbac77d2d09) in particular on kernels\nwhich do not have f10d05966196 (\"bpf: Make BPF_PROG_RUN_ARRAY return -err\ninstead of allow boolean\"), thus given that it is better to simply remap for\nconsistent behavior. UDP does handle EPERM in xs_udp_send_request().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42246",
"url": "https://www.suse.com/security/cve/CVE-2024-42246"
},
{
"category": "external",
"summary": "SUSE Bug 1228989 for CVE-2024-42246",
"url": "https://bugzilla.suse.com/1228989"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42246"
},
{
"cve": "CVE-2024-42247",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42247"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: allowedips: avoid unaligned 64-bit memory accesses\n\nOn the parisc platform, the kernel issues kernel warnings because\nswap_endian() tries to load a 128-bit IPv6 address from an unaligned\nmemory location:\n\n Kernel: unaligned access to 0x55f4688c in wg_allowedips_insert_v6+0x2c/0x80 [wireguard] (iir 0xf3010df)\n Kernel: unaligned access to 0x55f46884 in wg_allowedips_insert_v6+0x38/0x80 [wireguard] (iir 0xf2010dc)\n\nAvoid such unaligned memory accesses by instead using the\nget_unaligned_be64() helper macro.\n\n[Jason: replace src[8] in original patch with src+8]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42247",
"url": "https://www.suse.com/security/cve/CVE-2024-42247"
},
{
"category": "external",
"summary": "SUSE Bug 1228988 for CVE-2024-42247",
"url": "https://bugzilla.suse.com/1228988"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42247"
},
{
"cve": "CVE-2024-42250",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42250"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: add missing lock protection when polling\n\nAdd missing lock protection in poll routine when iterating xarray,\notherwise:\n\nEven with RCU read lock held, only the slot of the radix tree is\nensured to be pinned there, while the data structure (e.g. struct\ncachefiles_req) stored in the slot has no such guarantee. The poll\nroutine will iterate the radix tree and dereference cachefiles_req\naccordingly. Thus RCU read lock is not adequate in this case and\nspinlock is needed here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42250",
"url": "https://www.suse.com/security/cve/CVE-2024-42250"
},
{
"category": "external",
"summary": "SUSE Bug 1228977 for CVE-2024-42250",
"url": "https://bugzilla.suse.com/1228977"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42250"
},
{
"cve": "CVE-2024-42253",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42253"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: pca953x: fix pca953x_irq_bus_sync_unlock race\n\nEnsure that `i2c_lock\u0027 is held when setting interrupt latch and mask in\npca953x_irq_bus_sync_unlock() in order to avoid races.\n\nThe other (non-probe) call site pca953x_gpio_set_multiple() ensures the\nlock is held before calling pca953x_write_regs().\n\nThe problem occurred when a request raced against irq_bus_sync_unlock()\napproximately once per thousand reboots on an i.MX8MP based system.\n\n * Normal case\n\n 0-0022: write register AI|3a {03,02,00,00,01} Input latch P0\n 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0\n 0-0022: write register AI|08 {ff,00,00,00,00} Output P3\n 0-0022: write register AI|12 {fc,00,00,00,00} Config P3\n\n * Race case\n\n 0-0022: write register AI|08 {ff,00,00,00,00} Output P3\n 0-0022: write register AI|08 {03,02,00,00,01} *** Wrong register ***\n 0-0022: write register AI|12 {fc,00,00,00,00} Config P3\n 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42253",
"url": "https://www.suse.com/security/cve/CVE-2024-42253"
},
{
"category": "external",
"summary": "SUSE Bug 1229005 for CVE-2024-42253",
"url": "https://bugzilla.suse.com/1229005"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42253"
},
{
"cve": "CVE-2024-42259",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42259"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gem: Fix Virtual Memory mapping boundaries calculation\n\nCalculating the size of the mapped area as the lesser value\nbetween the requested size and the actual size does not consider\nthe partial mapping offset. This can cause page fault access.\n\nFix the calculation of the starting and ending addresses, the\ntotal size is now deduced from the difference between the end and\nstart addresses.\n\nAdditionally, the calculations have been rewritten in a clearer\nand more understandable form.\n\n[Joonas: Add Requires: tag]\nRequires: 60a2066c5005 (\"drm/i915/gem: Adjust vma offset for framebuffer mmap offset\")\n(cherry picked from commit 97b6784753da06d9d40232328efc5c5367e53417)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42259",
"url": "https://www.suse.com/security/cve/CVE-2024-42259"
},
{
"category": "external",
"summary": "SUSE Bug 1229156 for CVE-2024-42259",
"url": "https://bugzilla.suse.com/1229156"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42259"
},
{
"cve": "CVE-2024-42268",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42268"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix missing lock on sync reset reload\n\nOn sync reset reload work, when remote host updates devlink on reload\nactions performed on that host, it misses taking devlink lock before\ncalling devlink_remote_reload_actions_performed() which results in\ntriggering lock assert like the following:\n\nWARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50\n...\n CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S W 6.10.0-rc2+ #116\n Hardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015\n Workqueue: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core]\n RIP: 0010:devl_assert_locked+0x3e/0x50\n...\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0xa4/0x210\n ? devl_assert_locked+0x3e/0x50\n ? report_bug+0x160/0x280\n ? handle_bug+0x3f/0x80\n ? exc_invalid_op+0x17/0x40\n ? asm_exc_invalid_op+0x1a/0x20\n ? devl_assert_locked+0x3e/0x50\n devlink_notify+0x88/0x2b0\n ? mlx5_attach_device+0x20c/0x230 [mlx5_core]\n ? __pfx_devlink_notify+0x10/0x10\n ? process_one_work+0x4b6/0xbb0\n process_one_work+0x4b6/0xbb0\n[...]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42268",
"url": "https://www.suse.com/security/cve/CVE-2024-42268"
},
{
"category": "external",
"summary": "SUSE Bug 1229391 for CVE-2024-42268",
"url": "https://bugzilla.suse.com/1229391"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42268"
},
{
"cve": "CVE-2024-42269",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42269"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().\n\nip6table_nat_table_init() accesses net-\u003egen-\u003eptr[ip6table_nat_net_ops.id],\nbut the function is exposed to user space before the entry is allocated\nvia register_pernet_subsys().\n\nLet\u0027s call register_pernet_subsys() before xt_register_template().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42269",
"url": "https://www.suse.com/security/cve/CVE-2024-42269"
},
{
"category": "external",
"summary": "SUSE Bug 1229402 for CVE-2024-42269",
"url": "https://bugzilla.suse.com/1229402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42269"
},
{
"cve": "CVE-2024-42270",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42270"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().\n\nWe had a report that iptables-restore sometimes triggered null-ptr-deref\nat boot time. [0]\n\nThe problem is that iptable_nat_table_init() is exposed to user space\nbefore the kernel fully initialises netns.\n\nIn the small race window, a user could call iptable_nat_table_init()\nthat accesses net_generic(net, iptable_nat_net_id), which is available\nonly after registering iptable_nat_net_ops.\n\nLet\u0027s call register_pernet_subsys() before xt_register_template().\n\n[0]:\nbpfilter: Loaded bpfilter_umh pid 11702\nStarted bpfilter\nBUG: kernel NULL pointer dereference, address: 0000000000000013\n PF: supervisor write access in kernel mode\n PF: error_code(0x0002) - not-present page\nPGD 0 P4D 0\nPREEMPT SMP NOPTI\nCPU: 2 PID: 11879 Comm: iptables-restor Not tainted 6.1.92-99.174.amzn2023.x86_64 #1\nHardware name: Amazon EC2 c6i.4xlarge/, BIOS 1.0 10/16/2017\nRIP: 0010:iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\nCode: 10 4c 89 f6 48 89 ef e8 0b 19 bb ff 41 89 c4 85 c0 75 38 41 83 c7 01 49 83 c6 28 41 83 ff 04 75 dc 48 8b 44 24 08 48 8b 0c 24 \u003c48\u003e 89 08 4c 89 ef e8 a2 3b a2 cf 48 83 c4 10 44 89 e0 5b 5d 41 5c\nRSP: 0018:ffffbef902843cd0 EFLAGS: 00010246\nRAX: 0000000000000013 RBX: ffff9f4b052caa20 RCX: ffff9f4b20988d80\nRDX: 0000000000000000 RSI: 0000000000000064 RDI: ffffffffc04201c0\nRBP: ffff9f4b29394000 R08: ffff9f4b07f77258 R09: ffff9f4b07f77240\nR10: 0000000000000000 R11: ffff9f4b09635388 R12: 0000000000000000\nR13: ffff9f4b1a3c6c00 R14: ffff9f4b20988e20 R15: 0000000000000004\nFS: 00007f6284340000(0000) GS:ffff9f51fe280000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000013 CR3: 00000001d10a6005 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? xt_find_table_lock (net/netfilter/x_tables.c:1259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? page_fault_oops (arch/x86/mm/fault.c:727)\n ? exc_page_fault (./arch/x86/include/asm/irqflags.h:40 ./arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1470 arch/x86/mm/fault.c:1518)\n ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570)\n ? iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\n xt_find_table_lock (net/netfilter/x_tables.c:1259)\n xt_request_find_table_lock (net/netfilter/x_tables.c:1287)\n get_info (net/ipv4/netfilter/ip_tables.c:965)\n ? security_capable (security/security.c:809 (discriminator 13))\n ? ns_capable (kernel/capability.c:376 kernel/capability.c:397)\n ? do_ipt_get_ctl (net/ipv4/netfilter/ip_tables.c:1656)\n ? bpfilter_send_req (net/bpfilter/bpfilter_kern.c:52) bpfilter\n nf_getsockopt (net/netfilter/nf_sockopt.c:116)\n ip_getsockopt (net/ipv4/ip_sockglue.c:1827)\n __sys_getsockopt (net/socket.c:2327)\n __x64_sys_getsockopt (net/socket.c:2342 net/socket.c:2339 net/socket.c:2339)\n do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:81)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:121)\nRIP: 0033:0x7f62844685ee\nCode: 48 8b 0d 45 28 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 09\nRSP: 002b:00007ffd1f83d638 EFLAGS: 00000246 ORIG_RAX: 0000000000000037\nRAX: ffffffffffffffda RBX: 00007ffd1f83d680 RCX: 00007f62844685ee\nRDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004\nRBP: 0000000000000004 R08: 00007ffd1f83d670 R09: 0000558798ffa2a0\nR10: 00007ffd1f83d680 R11: 0000000000000246 R12: 00007ffd1f83e3b2\nR13: 00007f6284\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42270",
"url": "https://www.suse.com/security/cve/CVE-2024-42270"
},
{
"category": "external",
"summary": "SUSE Bug 1229404 for CVE-2024-42270",
"url": "https://bugzilla.suse.com/1229404"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42270"
},
{
"cve": "CVE-2024-42271",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42271"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/iucv: fix use after free in iucv_sock_close()\n\niucv_sever_path() is called from process context and from bh context.\niucv-\u003epath is used as indicator whether somebody else is taking care of\nsevering the path (or it is already removed / never existed).\nThis needs to be done with atomic compare and swap, otherwise there is a\nsmall window where iucv_sock_close() will try to work with a path that has\nalready been severed and freed by iucv_callback_connrej() called by\niucv_tasklet_fn().\n\nExample:\n[452744.123844] Call Trace:\n[452744.123845] ([\u003c0000001e87f03880\u003e] 0x1e87f03880)\n[452744.123966] [\u003c00000000d593001e\u003e] iucv_path_sever+0x96/0x138\n[452744.124330] [\u003c000003ff801ddbca\u003e] iucv_sever_path+0xc2/0xd0 [af_iucv]\n[452744.124336] [\u003c000003ff801e01b6\u003e] iucv_sock_close+0xa6/0x310 [af_iucv]\n[452744.124341] [\u003c000003ff801e08cc\u003e] iucv_sock_release+0x3c/0xd0 [af_iucv]\n[452744.124345] [\u003c00000000d574794e\u003e] __sock_release+0x5e/0xe8\n[452744.124815] [\u003c00000000d5747a0c\u003e] sock_close+0x34/0x48\n[452744.124820] [\u003c00000000d5421642\u003e] __fput+0xba/0x268\n[452744.124826] [\u003c00000000d51b382c\u003e] task_work_run+0xbc/0xf0\n[452744.124832] [\u003c00000000d5145710\u003e] do_notify_resume+0x88/0x90\n[452744.124841] [\u003c00000000d5978096\u003e] system_call+0xe2/0x2c8\n[452744.125319] Last Breaking-Event-Address:\n[452744.125321] [\u003c00000000d5930018\u003e] iucv_path_sever+0x90/0x138\n[452744.125324]\n[452744.125325] Kernel panic - not syncing: Fatal exception in interrupt\n\nNote that bh_lock_sock() is not serializing the tasklet context against\nprocess context, because the check for sock_owned_by_user() and\ncorresponding handling is missing.\n\nIdeas for a future clean-up patch:\nA) Correct usage of bh_lock_sock() in tasklet context, as described in\nRe-enqueue, if needed. This may require adding return values to the\ntasklet functions and thus changes to all users of iucv.\n\nB) Change iucv tasklet into worker and use only lock_sock() in af_iucv.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42271",
"url": "https://www.suse.com/security/cve/CVE-2024-42271"
},
{
"category": "external",
"summary": "SUSE Bug 1229400 for CVE-2024-42271",
"url": "https://bugzilla.suse.com/1229400"
},
{
"category": "external",
"summary": "SUSE Bug 1229401 for CVE-2024-42271",
"url": "https://bugzilla.suse.com/1229401"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-42271"
},
{
"cve": "CVE-2024-42274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"ALSA: firewire-lib: operate for period elapse event in process context\"\n\nCommit 7ba5ca32fe6e (\"ALSA: firewire-lib: operate for period elapse event\nin process context\") removed the process context workqueue from\namdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove\nits overhead.\n\nWith RME Fireface 800, this lead to a regression since\nKernels 5.14.0, causing an AB/BA deadlock competition for the\nsubstream lock with eventual system freeze under ALSA operation:\n\nthread 0:\n * (lock A) acquire substream lock by\n\tsnd_pcm_stream_lock_irq() in\n\tsnd_pcm_status64()\n * (lock B) wait for tasklet to finish by calling\n \ttasklet_unlock_spin_wait() in\n\ttasklet_disable_in_atomic() in\n\tohci_flush_iso_completions() of ohci.c\n\nthread 1:\n * (lock B) enter tasklet\n * (lock A) attempt to acquire substream lock,\n \twaiting for it to be released:\n\tsnd_pcm_stream_lock_irqsave() in\n \tsnd_pcm_period_elapsed() in\n\tupdate_pcm_pointers() in\n\tprocess_ctx_payloads() in\n\tprocess_rx_packets() of amdtp-stream.c\n\n? tasklet_unlock_spin_wait\n \u003c/NMI\u003e\n \u003cTASK\u003e\nohci_flush_iso_completions firewire_ohci\namdtp_domain_stream_pcm_pointer snd_firewire_lib\nsnd_pcm_update_hw_ptr0 snd_pcm\nsnd_pcm_status64 snd_pcm\n\n? native_queued_spin_lock_slowpath\n \u003c/NMI\u003e\n \u003cIRQ\u003e\n_raw_spin_lock_irqsave\nsnd_pcm_period_elapsed snd_pcm\nprocess_rx_packets snd_firewire_lib\nirq_target_callback snd_firewire_lib\nhandle_it_packet firewire_ohci\ncontext_tasklet firewire_ohci\n\nRestore the process context work queue to prevent deadlock\nAB/BA deadlock competition for ALSA substream lock of\nsnd_pcm_stream_lock_irq() in snd_pcm_status64()\nand snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed().\n\nrevert commit 7ba5ca32fe6e (\"ALSA: firewire-lib: operate for period\nelapse event in process context\")\n\nReplace inline description to prevent future deadlock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42274",
"url": "https://www.suse.com/security/cve/CVE-2024-42274"
},
{
"category": "external",
"summary": "SUSE Bug 1229417 for CVE-2024-42274",
"url": "https://bugzilla.suse.com/1229417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42274"
},
{
"cve": "CVE-2024-42276",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42276"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: add missing condition check for existence of mapped data\n\nnvme_map_data() is called when request has physical segments, hence\nthe nvme_unmap_data() should have same condition to avoid dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42276",
"url": "https://www.suse.com/security/cve/CVE-2024-42276"
},
{
"category": "external",
"summary": "SUSE Bug 1229410 for CVE-2024-42276",
"url": "https://bugzilla.suse.com/1229410"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42276"
},
{
"cve": "CVE-2024-42277",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42277"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: sprd: Avoid NULL deref in sprd_iommu_hw_en\n\nIn sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()\ndom-\u003esdev is equal to NULL, which leads to null dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42277",
"url": "https://www.suse.com/security/cve/CVE-2024-42277"
},
{
"category": "external",
"summary": "SUSE Bug 1229409 for CVE-2024-42277",
"url": "https://bugzilla.suse.com/1229409"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42277"
},
{
"cve": "CVE-2024-42278",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42278"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: TAS2781: Fix tasdev_load_calibrated_data()\n\nThis function has a reversed if statement so it\u0027s either a no-op or it\nleads to a NULL dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42278",
"url": "https://www.suse.com/security/cve/CVE-2024-42278"
},
{
"category": "external",
"summary": "SUSE Bug 1229403 for CVE-2024-42278",
"url": "https://bugzilla.suse.com/1229403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42278"
},
{
"cve": "CVE-2024-42279",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42279"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer\n\nWhile transmitting with rx_len == 0, the RX FIFO is not going to be\nemptied in the interrupt handler. A subsequent transfer could then\nread crap from the previous transfer out of the RX FIFO into the\nstart RX buffer. The core provides a register that will empty the RX and\nTX FIFOs, so do that before each transfer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42279",
"url": "https://www.suse.com/security/cve/CVE-2024-42279"
},
{
"category": "external",
"summary": "SUSE Bug 1229390 for CVE-2024-42279",
"url": "https://bugzilla.suse.com/1229390"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42279"
},
{
"cve": "CVE-2024-42280",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42280"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: Fix a use after free in hfcmulti_tx()\n\nDon\u0027t dereference *sp after calling dev_kfree_skb(*sp).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42280",
"url": "https://www.suse.com/security/cve/CVE-2024-42280"
},
{
"category": "external",
"summary": "SUSE Bug 1229388 for CVE-2024-42280",
"url": "https://bugzilla.suse.com/1229388"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42280"
},
{
"cve": "CVE-2024-42281",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42281"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a segment issue when downgrading gso_size\n\nLinearize the skb when downgrading gso_size because it may trigger a\nBUG_ON() later when the skb is segmented as described in [1,2].",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42281",
"url": "https://www.suse.com/security/cve/CVE-2024-42281"
},
{
"category": "external",
"summary": "SUSE Bug 1229386 for CVE-2024-42281",
"url": "https://bugzilla.suse.com/1229386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42281"
},
{
"cve": "CVE-2024-42283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42283"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: Initialize all fields in dumped nexthops\n\nstruct nexthop_grp contains two reserved fields that are not initialized by\nnla_put_nh_group(), and carry garbage. This can be observed e.g. with\nstrace (edited for clarity):\n\n # ip nexthop add id 1 dev lo\n # ip nexthop add id 101 group 1\n # strace -e recvmsg ip nexthop get id 101\n ...\n recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},\n [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52\n\nThe fields are reserved and therefore not currently used. But as they are, they\nleak kernel memory, and the fact they are not just zero complicates repurposing\nof the fields for new ends. Initialize the full structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42283",
"url": "https://www.suse.com/security/cve/CVE-2024-42283"
},
{
"category": "external",
"summary": "SUSE Bug 1229383 for CVE-2024-42283",
"url": "https://bugzilla.suse.com/1229383"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42283"
},
{
"cve": "CVE-2024-42284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Return non-zero value from tipc_udp_addr2str() on error\n\ntipc_udp_addr2str() should return non-zero value if the UDP media\naddress is invalid. Otherwise, a buffer overflow access can occur in\ntipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP\nmedia address.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42284",
"url": "https://www.suse.com/security/cve/CVE-2024-42284"
},
{
"category": "external",
"summary": "SUSE Bug 1229382 for CVE-2024-42284",
"url": "https://bugzilla.suse.com/1229382"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42284"
},
{
"cve": "CVE-2024-42285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix a use-after-free related to destroying CM IDs\n\niw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with\nan existing struct iw_cm_id (cm_id) as follows:\n\n conn_id-\u003ecm_id.iw = cm_id;\n cm_id-\u003econtext = conn_id;\n cm_id-\u003ecm_handler = cma_iw_handler;\n\nrdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make\nsure that cm_work_handler() does not trigger a use-after-free by only\nfreeing of the struct rdma_id_private after all pending work has finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42285",
"url": "https://www.suse.com/security/cve/CVE-2024-42285"
},
{
"category": "external",
"summary": "SUSE Bug 1229381 for CVE-2024-42285",
"url": "https://bugzilla.suse.com/1229381"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42285"
},
{
"cve": "CVE-2024-42286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42286"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: validate nvme_local_port correctly\n\nThe driver load failed with error message,\n\nqla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef\n\nand with a kernel crash,\n\n\tBUG: unable to handle kernel NULL pointer dereference at 0000000000000070\n\tWorkqueue: events_unbound qla_register_fcport_fn [qla2xxx]\n\tRIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc]\n\tRSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282\n\tRAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000\n\tRDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000\n\tRBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030\n\tR10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4\n\tR13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8\n\tFS: 0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000\n\tCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\tCR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0\n\tCall Trace:\n\tqla_nvme_register_remote+0xeb/0x1f0 [qla2xxx]\n\t? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx]\n\tqla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx]\n\tqla_register_fcport_fn+0x54/0xc0 [qla2xxx]\n\nExit the qla_nvme_register_remote() function when qla_nvme_register_hba()\nfails and correctly validate nvme_local_port.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42286",
"url": "https://www.suse.com/security/cve/CVE-2024-42286"
},
{
"category": "external",
"summary": "SUSE Bug 1229395 for CVE-2024-42286",
"url": "https://bugzilla.suse.com/1229395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42286"
},
{
"cve": "CVE-2024-42287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42287"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Complete command early within lock\n\nA crash was observed while performing NPIV and FW reset,\n\n BUG: kernel NULL pointer dereference, address: 000000000000001c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 1 PREEMPT_RT SMP NOPTI\n RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002\n RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0\n RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034\n R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000\n R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000\n FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x16f/0x4a0\n ? do_user_addr_fault+0x174/0x7f0\n ? exc_page_fault+0x69/0x1a0\n ? asm_exc_page_fault+0x22/0x30\n ? dma_direct_unmap_sg+0x51/0x1e0\n ? preempt_count_sub+0x96/0xe0\n qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx]\n qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx]\n __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx]\n\nThe command completion was done early while aborting the commands in driver\nunload path but outside lock to avoid the WARN_ON condition of performing\ndma_free_attr within the lock. However this caused race condition while\ncommand completion via multiple paths causing system crash.\n\nHence complete the command early in unload path but within the lock to\navoid race condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42287",
"url": "https://www.suse.com/security/cve/CVE-2024-42287"
},
{
"category": "external",
"summary": "SUSE Bug 1229392 for CVE-2024-42287",
"url": "https://bugzilla.suse.com/1229392"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42287"
},
{
"cve": "CVE-2024-42288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42288"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix for possible memory corruption\n\nInit Control Block is dereferenced incorrectly. Correctly dereference ICB",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42288",
"url": "https://www.suse.com/security/cve/CVE-2024-42288"
},
{
"category": "external",
"summary": "SUSE Bug 1229398 for CVE-2024-42288",
"url": "https://bugzilla.suse.com/1229398"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42288"
},
{
"cve": "CVE-2024-42289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42289"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: During vport delete send async logout explicitly\n\nDuring vport delete, it is observed that during unload we hit a crash\nbecause of stale entries in outstanding command array. For all these stale\nI/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but\nI/Os could not complete while vport delete is in process of deleting.\n\n BUG: kernel NULL pointer dereference, address: 000000000000001c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n Workqueue: qla2xxx_wq qla_do_work [qla2xxx]\n RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001\n RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0\n RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8\n R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000\n R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0\n Call Trace:\n \u003cTASK\u003e\n qla2xxx_qpair_sp_free_dma+0x417/0x4e0\n ? qla2xxx_qpair_sp_compl+0x10d/0x1a0\n ? qla2x00_status_entry+0x768/0x2830\n ? newidle_balance+0x2f0/0x430\n ? dequeue_entity+0x100/0x3c0\n ? qla24xx_process_response_queue+0x6a1/0x19e0\n ? __schedule+0x2d5/0x1140\n ? qla_do_work+0x47/0x60\n ? process_one_work+0x267/0x440\n ? process_one_work+0x440/0x440\n ? worker_thread+0x2d/0x3d0\n ? process_one_work+0x440/0x440\n ? kthread+0x156/0x180\n ? set_kthread_struct+0x50/0x50\n ? ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\nSend out async logout explicitly for all the ports during vport delete.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42289",
"url": "https://www.suse.com/security/cve/CVE-2024-42289"
},
{
"category": "external",
"summary": "SUSE Bug 1229399 for CVE-2024-42289",
"url": "https://bugzilla.suse.com/1229399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42289"
},
{
"cve": "CVE-2024-42290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/imx-irqsteer: Handle runtime power management correctly\n\nThe power domain is automatically activated from clk_prepare(). However, on\ncertain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes\nsleeping functions, which triggers the \u0027scheduling while atomic\u0027 bug in the\ncontext switch path during device probing:\n\n BUG: scheduling while atomic: kworker/u13:1/48/0x00000002\n Call trace:\n __schedule_bug+0x54/0x6c\n __schedule+0x7f0/0xa94\n schedule+0x5c/0xc4\n schedule_preempt_disabled+0x24/0x40\n __mutex_lock.constprop.0+0x2c0/0x540\n __mutex_lock_slowpath+0x14/0x20\n mutex_lock+0x48/0x54\n clk_prepare_lock+0x44/0xa0\n clk_prepare+0x20/0x44\n imx_irqsteer_resume+0x28/0xe0\n pm_generic_runtime_resume+0x2c/0x44\n __genpd_runtime_resume+0x30/0x80\n genpd_runtime_resume+0xc8/0x2c0\n __rpm_callback+0x48/0x1d8\n rpm_callback+0x6c/0x78\n rpm_resume+0x490/0x6b4\n __pm_runtime_resume+0x50/0x94\n irq_chip_pm_get+0x2c/0xa0\n __irq_do_set_handler+0x178/0x24c\n irq_set_chained_handler_and_data+0x60/0xa4\n mxc_gpio_probe+0x160/0x4b0\n\nCure this by implementing the irq_bus_lock/sync_unlock() interrupt chip\ncallbacks and handle power management in them as they are invoked from\nnon-atomic context.\n\n[ tglx: Rewrote change log, added Fixes tag ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42290",
"url": "https://www.suse.com/security/cve/CVE-2024-42290"
},
{
"category": "external",
"summary": "SUSE Bug 1229379 for CVE-2024-42290",
"url": "https://bugzilla.suse.com/1229379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42290"
},
{
"cve": "CVE-2024-42291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42291"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add a per-VF limit on number of FDIR filters\n\nWhile the iavf driver adds a s/w limit (128) on the number of FDIR\nfilters that the VF can request, a malicious VF driver can request more\nthan that and exhaust the resources for other VFs.\n\nAdd a similar limit in ice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42291",
"url": "https://www.suse.com/security/cve/CVE-2024-42291"
},
{
"category": "external",
"summary": "SUSE Bug 1229374 for CVE-2024-42291",
"url": "https://bugzilla.suse.com/1229374"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42291"
},
{
"cve": "CVE-2024-42292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkobject_uevent: Fix OOB access within zap_modalias_env()\n\nzap_modalias_env() wrongly calculates size of memory block to move, so\nwill cause OOB memory access issue if variable MODALIAS is not the last\none within its @env parameter, fixed by correcting size to memmove.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42292",
"url": "https://www.suse.com/security/cve/CVE-2024-42292"
},
{
"category": "external",
"summary": "SUSE Bug 1229373 for CVE-2024-42292",
"url": "https://bugzilla.suse.com/1229373"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42292"
},
{
"cve": "CVE-2024-42295",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42295"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: handle inconsistent state in nilfs_btnode_create_block()\n\nSyzbot reported that a buffer state inconsistency was detected in\nnilfs_btnode_create_block(), triggering a kernel bug.\n\nIt is not appropriate to treat this inconsistency as a bug; it can occur\nif the argument block address (the buffer index of the newly created\nblock) is a virtual block number and has been reallocated due to\ncorruption of the bitmap used to manage its allocation state.\n\nSo, modify nilfs_btnode_create_block() and its callers to treat it as a\npossible filesystem error, rather than triggering a kernel bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42295",
"url": "https://www.suse.com/security/cve/CVE-2024-42295"
},
{
"category": "external",
"summary": "SUSE Bug 1229370 for CVE-2024-42295",
"url": "https://bugzilla.suse.com/1229370"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42295"
},
{
"cve": "CVE-2024-42298",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42298"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked.\n\nFix this lack and check the returned value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42298",
"url": "https://www.suse.com/security/cve/CVE-2024-42298"
},
{
"category": "external",
"summary": "SUSE Bug 1229369 for CVE-2024-42298",
"url": "https://bugzilla.suse.com/1229369"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42298"
},
{
"cve": "CVE-2024-42301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42301"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndev/parport: fix the array out-of-bounds risk\n\nFixed array out-of-bounds issues caused by sprintf\nby replacing it with snprintf for safer data copying,\nensuring the destination buffer is not overflowed.\n\nBelow is the stack trace I encountered during the actual issue:\n\n[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:\nKernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport]\n[ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:\nQThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2\n[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp\n[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun\nPGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024\n[ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace:\n[ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0\n[ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20\n[ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c\n[ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc\n[ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38\n[ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42301",
"url": "https://www.suse.com/security/cve/CVE-2024-42301"
},
{
"category": "external",
"summary": "SUSE Bug 1229407 for CVE-2024-42301",
"url": "https://bugzilla.suse.com/1229407"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42301"
},
{
"cve": "CVE-2024-42302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/DPC: Fix use-after-free on concurrent DPC and hot-removal\n\nKeith reports a use-after-free when a DPC event occurs concurrently to\nhot-removal of the same portion of the hierarchy:\n\nThe dpc_handler() awaits readiness of the secondary bus below the\nDownstream Port where the DPC event occurred. To do so, it polls the\nconfig space of the first child device on the secondary bus. If that\nchild device is concurrently removed, accesses to its struct pci_dev\ncause the kernel to oops.\n\nThat\u0027s because pci_bridge_wait_for_secondary_bus() neglects to hold a\nreference on the child device. Before v6.3, the function was only\ncalled on resume from system sleep or on runtime resume. Holding a\nreference wasn\u0027t necessary back then because the pciehp IRQ thread\ncould never run concurrently. (On resume from system sleep, IRQs are\nnot enabled until after the resume_noirq phase. And runtime resume is\nalways awaited before a PCI device is removed.)\n\nHowever starting with v6.3, pci_bridge_wait_for_secondary_bus() is also\ncalled on a DPC event. Commit 53b54ad074de (\"PCI/DPC: Await readiness\nof secondary bus after reset\"), which introduced that, failed to\nappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a\nreference on the child device because dpc_handler() and pciehp may\nindeed run concurrently. The commit was backported to v5.10+ stable\nkernels, so that\u0027s the oldest one affected.\n\nAdd the missing reference acquisition.\n\nAbridged stack trace:\n\n BUG: unable to handle page fault for address: 00000000091400c0\n CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0\n RIP: pci_bus_read_config_dword+0x17/0x50\n pci_dev_wait()\n pci_bridge_wait_for_secondary_bus()\n dpc_reset_link()\n pcie_do_recovery()\n dpc_handler()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42302",
"url": "https://www.suse.com/security/cve/CVE-2024-42302"
},
{
"category": "external",
"summary": "SUSE Bug 1229366 for CVE-2024-42302",
"url": "https://bugzilla.suse.com/1229366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42302"
},
{
"cve": "CVE-2024-42303",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42303"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-pxp: Fix ERR_PTR dereference in pxp_probe()\n\ndevm_regmap_init_mmio() can fail, add a check and bail out in case of\nerror.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42303",
"url": "https://www.suse.com/security/cve/CVE-2024-42303"
},
{
"category": "external",
"summary": "SUSE Bug 1229365 for CVE-2024-42303",
"url": "https://bugzilla.suse.com/1229365"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42303"
},
{
"cve": "CVE-2024-42308",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42308"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42308",
"url": "https://www.suse.com/security/cve/CVE-2024-42308"
},
{
"category": "external",
"summary": "SUSE Bug 1229411 for CVE-2024-42308",
"url": "https://bugzilla.suse.com/1229411"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42308"
},
{
"cve": "CVE-2024-42309",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42309"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes\n\nIn psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42309",
"url": "https://www.suse.com/security/cve/CVE-2024-42309"
},
{
"category": "external",
"summary": "SUSE Bug 1229359 for CVE-2024-42309",
"url": "https://bugzilla.suse.com/1229359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42309"
},
{
"cve": "CVE-2024-42310",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42310"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes\n\nIn cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate(). Add a check to avoid npd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42310",
"url": "https://www.suse.com/security/cve/CVE-2024-42310"
},
{
"category": "external",
"summary": "SUSE Bug 1229358 for CVE-2024-42310",
"url": "https://bugzilla.suse.com/1229358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42310"
},
{
"cve": "CVE-2024-42311",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42311"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()\n\nSyzbot reports uninitialized value access issue as below:\n\nloop0: detected capacity change from 0 to 64\n=====================================================\nBUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n d_revalidate fs/namei.c:862 [inline]\n lookup_fast+0x89e/0x8e0 fs/namei.c:1649\n walk_component fs/namei.c:2001 [inline]\n link_path_walk+0x817/0x1480 fs/namei.c:2332\n path_lookupat+0xd9/0x6f0 fs/namei.c:2485\n filename_lookup+0x22e/0x740 fs/namei.c:2515\n user_path_at_empty+0x8b/0x390 fs/namei.c:2924\n user_path_at include/linux/namei.h:57 [inline]\n do_mount fs/namespace.c:3689 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x66b/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nBUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\nBUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\n hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271\n hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39\n filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426\n do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553\n do_read_cache_page mm/filemap.c:3595 [inline]\n read_cache_page+0xfb/0x2f0 mm/filemap.c:3604\n read_mapping_page include/linux/pagemap.h:755 [inline]\n hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78\n hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204\n hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406\n mount_bdev+0x628/0x920 fs/super.c:1359\n hfs_mount+0xcd/0xe0 fs/hfs/super.c:456\n legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610\n vfs_get_tree+0xdc/0x5d0 fs/super.c:1489\n do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145\n path_mount+0xf98/0x26a0 fs/namespace.c:3475\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674\n __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nUninit was created at:\n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2190 [inline]\n allocate_slab mm/slub.c:2354 [inline]\n new_slab+0x2d7/0x1400 mm/slub.c:2407\n ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540\n __slab_alloc mm/slub.c:3625 [inline]\n __slab_alloc_node mm/slub.c:3678 [inline]\n slab_alloc_node mm/slub.c:3850 [inline]\n kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3018 [inline]\n hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165\n alloc_inode+0x83/0x440 fs/inode.c:260\n new_inode_pseudo fs/inode.c:1005 [inline]\n new_inode+0x38/0x4f0 fs/inode.c:1031\n hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186\n hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228\n vfs_mkdir+0x49a/0x700 fs/namei.c:4126\n do_mkdirat+0x529/0x810 fs/namei.c:4149\n __do_sys_mkdirat fs/namei.c:4164 [inline]\n __se_sys_mkdirat fs/namei.c:4162 [inline]\n __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nIt missed to initialize .tz_secondswest, .cached_start and .cached_blocks\nfields in struct hfs_inode_info after hfs_alloc_inode(), fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42311",
"url": "https://www.suse.com/security/cve/CVE-2024-42311"
},
{
"category": "external",
"summary": "SUSE Bug 1229413 for CVE-2024-42311",
"url": "https://bugzilla.suse.com/1229413"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42311"
},
{
"cve": "CVE-2024-42312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42312"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: always initialize i_uid/i_gid\n\nAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()\ncan safely skip setting them.\n\nCommit 5ec27ec735ba (\"fs/proc/proc_sysctl.c: fix the default values of\ni_uid/i_gid on /proc/sys inodes.\") added defaults for i_uid/i_gid when\nset_ownership() was not implemented. It also missed adjusting\nnet_ctl_set_ownership() to use the same default values in case the\ncomputation of a better value failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42312",
"url": "https://www.suse.com/security/cve/CVE-2024-42312"
},
{
"category": "external",
"summary": "SUSE Bug 1229357 for CVE-2024-42312",
"url": "https://bugzilla.suse.com/1229357"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42312"
},
{
"cve": "CVE-2024-42313",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42313"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free in vdec_close\n\nThere appears to be a possible use after free with vdec_close().\nThe firmware will add buffer release work to the work queue through\nHFI callbacks as a normal part of decoding. Randomly closing the\ndecoder device from userspace during normal decoding can incur\na read after free for inst.\n\nFix it by cancelling the work in vdec_close.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42313",
"url": "https://www.suse.com/security/cve/CVE-2024-42313"
},
{
"category": "external",
"summary": "SUSE Bug 1229356 for CVE-2024-42313",
"url": "https://bugzilla.suse.com/1229356"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42313"
},
{
"cve": "CVE-2024-42314",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42314"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix extent map use-after-free when adding pages to compressed bio\n\nAt add_ra_bio_pages() we are accessing the extent map to calculate\n\u0027add_size\u0027 after we dropped our reference on the extent map, resulting\nin a use-after-free. Fix this by computing \u0027add_size\u0027 before dropping our\nextent map reference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42314",
"url": "https://www.suse.com/security/cve/CVE-2024-42314"
},
{
"category": "external",
"summary": "SUSE Bug 1229355 for CVE-2024-42314",
"url": "https://bugzilla.suse.com/1229355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42314"
},
{
"cve": "CVE-2024-42315",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42315"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix potential deadlock on __exfat_get_dentry_set\n\nWhen accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array\nis allocated in __exfat_get_entry_set. The problem is that the bh-array is\nallocated with GFP_KERNEL. It does not make sense. In the following cases,\na deadlock for sbi-\u003es_lock between the two processes may occur.\n\n CPU0 CPU1\n ---- ----\n kswapd\n balance_pgdat\n lock(fs_reclaim)\n exfat_iterate\n lock(\u0026sbi-\u003es_lock)\n exfat_readdir\n exfat_get_uniname_from_ext_entry\n exfat_get_dentry_set\n __exfat_get_dentry_set\n kmalloc_array\n ...\n lock(fs_reclaim)\n ...\n evict\n exfat_evict_inode\n lock(\u0026sbi-\u003es_lock)\n\nTo fix this, let\u0027s allocate bh-array with GFP_NOFS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42315",
"url": "https://www.suse.com/security/cve/CVE-2024-42315"
},
{
"category": "external",
"summary": "SUSE Bug 1229354 for CVE-2024-42315",
"url": "https://bugzilla.suse.com/1229354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42315"
},
{
"cve": "CVE-2024-42316",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42316"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mglru: fix div-by-zero in vmpressure_calc_level()\n\nevict_folios() uses a second pass to reclaim folios that have gone through\npage writeback and become clean before it finishes the first pass, since\nfolio_rotate_reclaimable() cannot handle those folios due to the\nisolation.\n\nThe second pass tries to avoid potential double counting by deducting\nscan_control-\u003enr_scanned. However, this can result in underflow of\nnr_scanned, under a condition where shrink_folio_list() does not increment\nnr_scanned, i.e., when folio_trylock() fails.\n\nThe underflow can cause the divisor, i.e., scale=scanned+reclaimed in\nvmpressure_calc_level(), to become zero, resulting in the following crash:\n\n [exception RIP: vmpressure_work_fn+101]\n process_one_work at ffffffffa3313f2b\n\nSince scan_control-\u003enr_scanned has no established semantics, the potential\ndouble counting has minimal risks. Therefore, fix the problem by not\ndeducting scan_control-\u003enr_scanned in evict_folios().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42316",
"url": "https://www.suse.com/security/cve/CVE-2024-42316"
},
{
"category": "external",
"summary": "SUSE Bug 1229353 for CVE-2024-42316",
"url": "https://bugzilla.suse.com/1229353"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42316"
},
{
"cve": "CVE-2024-42318",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42318"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Don\u0027t lose track of restrictions on cred_transfer\n\nWhen a process\u0027 cred struct is replaced, this _almost_ always invokes\nthe cred_prepare LSM hook; but in one special case (when\nKEYCTL_SESSION_TO_PARENT updates the parent\u0027s credentials), the\ncred_transfer LSM hook is used instead. Landlock only implements the\ncred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes\nall information on Landlock restrictions to be lost.\n\nThis basically means that a process with the ability to use the fork()\nand keyctl() syscalls can get rid of all Landlock restrictions on\nitself.\n\nFix it by adding a cred_transfer hook that does the same thing as the\nexisting cred_prepare hook. (Implemented by having hook_cred_prepare()\ncall hook_cred_transfer() so that the two functions are less likely to\naccidentally diverge in the future.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42318",
"url": "https://www.suse.com/security/cve/CVE-2024-42318"
},
{
"category": "external",
"summary": "SUSE Bug 1229351 for CVE-2024-42318",
"url": "https://bugzilla.suse.com/1229351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42318"
},
{
"cve": "CVE-2024-42319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42319"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()\n\nWhen mtk-cmdq unbinds, a WARN_ON message with condition\npm_runtime_get_sync() \u003c 0 occurs.\n\nAccording to the call tracei below:\n cmdq_mbox_shutdown\n mbox_free_channel\n mbox_controller_unregister\n __devm_mbox_controller_unregister\n ...\n\nThe root cause can be deduced to be calling pm_runtime_get_sync() after\ncalling pm_runtime_disable() as observed below:\n1. CMDQ driver uses devm_mbox_controller_register() in cmdq_probe()\n to bind the cmdq device to the mbox_controller, so\n devm_mbox_controller_unregister() will automatically unregister\n the device bound to the mailbox controller when the device-managed\n resource is removed. That means devm_mbox_controller_unregister()\n and cmdq_mbox_shoutdown() will be called after cmdq_remove().\n2. CMDQ driver also uses devm_pm_runtime_enable() in cmdq_probe() after\n devm_mbox_controller_register(), so that devm_pm_runtime_disable()\n will be called after cmdq_remove(), but before\n devm_mbox_controller_unregister().\n\nTo fix this problem, cmdq_probe() needs to move\ndevm_mbox_controller_register() after devm_pm_runtime_enable() to make\ndevm_pm_runtime_disable() be called after\ndevm_mbox_controller_unregister().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42319",
"url": "https://www.suse.com/security/cve/CVE-2024-42319"
},
{
"category": "external",
"summary": "SUSE Bug 1229350 for CVE-2024-42319",
"url": "https://bugzilla.suse.com/1229350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42319"
},
{
"cve": "CVE-2024-42320",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42320"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error checks in dasd_copy_pair_store()\n\ndasd_add_busid() can return an error via ERR_PTR() if an allocation\nfails. However, two callsites in dasd_copy_pair_store() do not check\nthe result, potentially resulting in a NULL pointer dereference. Fix\nthis by checking the result with IS_ERR() and returning the error up\nthe stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42320",
"url": "https://www.suse.com/security/cve/CVE-2024-42320"
},
{
"category": "external",
"summary": "SUSE Bug 1229349 for CVE-2024-42320",
"url": "https://bugzilla.suse.com/1229349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42320"
},
{
"cve": "CVE-2024-42322",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42322"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: properly dereference pe in ip_vs_add_service\n\nUse pe directly to resolve sparse warning:\n\n net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42322",
"url": "https://www.suse.com/security/cve/CVE-2024-42322"
},
{
"category": "external",
"summary": "SUSE Bug 1229347 for CVE-2024-42322",
"url": "https://bugzilla.suse.com/1229347"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42322"
},
{
"cve": "CVE-2024-43816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43816"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages\n\nOn big endian architectures, it is possible to run into a memory out of\nbounds pointer dereference when FCP targets are zoned.\n\nIn lpfc_prep_embed_io, the memcpy(ptr, fcp_cmnd, sgl-\u003esge_len) is\nreferencing a little endian formatted sgl-\u003esge_len value. So, the memcpy\ncan cause big endian systems to crash.\n\nRedefine the *sgl ptr as a struct sli4_sge_le to make it clear that we are\nreferring to a little endian formatted data structure. And, update the\nroutine with proper le32_to_cpu macro usages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43816",
"url": "https://www.suse.com/security/cve/CVE-2024-43816"
},
{
"category": "external",
"summary": "SUSE Bug 1229318 for CVE-2024-43816",
"url": "https://bugzilla.suse.com/1229318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43816"
},
{
"cve": "CVE-2024-43817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43817"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: missing check virtio\n\nTwo missing check in virtio_net_hdr_to_skb() allowed syzbot\nto crash kernels again\n\n1. After the skb_segment function the buffer may become non-linear\n(nr_frags != 0), but since the SKBTX_SHARED_FRAG flag is not set anywhere\nthe __skb_linearize function will not be executed, then the buffer will\nremain non-linear. Then the condition (offset \u003e= skb_headlen(skb))\nbecomes true, which causes WARN_ON_ONCE in skb_checksum_help.\n\n2. The struct sk_buff and struct virtio_net_hdr members must be\nmathematically related.\n(gso_size) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) may be 0 if division is without remainder.\n\noffset+2 (4191) \u003e skb_headlen() (1116)\nWARNING: CPU: 1 PID: 5084 at net/core/dev.c:3303 skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nModules linked in:\nCPU: 1 PID: 5084 Comm: syz-executor336 Not tainted 6.7.0-rc3-syzkaller-00014-gdf60cee26a2e #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nRIP: 0010:skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nCode: 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 52 01 00 00 44 89 e2 2b 53 74 4c 89 ee 48 c7 c7 40 57 e9 8b e8 af 8f dd f8 90 \u003c0f\u003e 0b 90 90 e9 87 fe ff ff e8 40 0f 6e f9 e9 4b fa ff ff 48 89 ef\nRSP: 0018:ffffc90003a9f338 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888025125780 RCX: ffffffff814db209\nRDX: ffff888015393b80 RSI: ffffffff814db216 RDI: 0000000000000001\nRBP: ffff8880251257f4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 000000000000045c\nR13: 000000000000105f R14: ffff8880251257f0 R15: 000000000000105d\nFS: 0000555555c24380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000002000f000 CR3: 0000000023151000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ip_do_fragment+0xa1b/0x18b0 net/ipv4/ip_output.c:777\n ip_fragment.constprop.0+0x161/0x230 net/ipv4/ip_output.c:584\n ip_finish_output_gso net/ipv4/ip_output.c:286 [inline]\n __ip_finish_output net/ipv4/ip_output.c:308 [inline]\n __ip_finish_output+0x49c/0x650 net/ipv4/ip_output.c:295\n ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip_output+0x13b/0x2a0 net/ipv4/ip_output.c:433\n dst_output include/net/dst.h:451 [inline]\n ip_local_out+0xaf/0x1a0 net/ipv4/ip_output.c:129\n iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82\n ipip6_tunnel_xmit net/ipv6/sit.c:1034 [inline]\n sit_tunnel_xmit+0xed2/0x28f0 net/ipv6/sit.c:1076\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3545 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3561\n __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4346\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n packet_xmit+0x257/0x380 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x24ca/0x5240 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0xd5/0x180 net/socket.c:745\n __sys_sendto+0x255/0x340 net/socket.c:2190\n __do_sys_sendto net/socket.c:2202 [inline]\n __se_sys_sendto net/socket.c:2198 [inline]\n __x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43817",
"url": "https://www.suse.com/security/cve/CVE-2024-43817"
},
{
"category": "external",
"summary": "SUSE Bug 1229312 for CVE-2024-43817",
"url": "https://bugzilla.suse.com/1229312"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43817"
},
{
"cve": "CVE-2024-43818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: Adjust error handling in case of absent codec device\n\nacpi_get_first_physical_node() can return NULL in several cases (no such\ndevice, ACPI table error, reference count drop to 0, etc).\nExisting check just emit error message, but doesn\u0027t perform return.\nThen this NULL pointer is passed to devm_acpi_dev_add_driver_gpios()\nwhere it is dereferenced.\n\nAdjust this error handling by adding error code return.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43818",
"url": "https://www.suse.com/security/cve/CVE-2024-43818"
},
{
"category": "external",
"summary": "SUSE Bug 1229296 for CVE-2024-43818",
"url": "https://bugzilla.suse.com/1229296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43818"
},
{
"cve": "CVE-2024-43819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkvm: s390: Reject memory region operations for ucontrol VMs\n\nThis change rejects the KVM_SET_USER_MEMORY_REGION and\nKVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM.\nThis is necessary since ucontrol VMs have kvm-\u003earch.gmap set to 0 and\nwould thus result in a null pointer dereference further in.\nMemory management needs to be performed in userspace and using the\nioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP.\n\nAlso improve s390 specific documentation for KVM_SET_USER_MEMORY_REGION\nand KVM_SET_USER_MEMORY_REGION2.\n\n[frankja@linux.ibm.com: commit message spelling fix, subject prefix fix]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43819",
"url": "https://www.suse.com/security/cve/CVE-2024-43819"
},
{
"category": "external",
"summary": "SUSE Bug 1229290 for CVE-2024-43819",
"url": "https://bugzilla.suse.com/1229290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43819"
},
{
"cve": "CVE-2024-43821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix a possible null pointer dereference\n\nIn function lpfc_xcvr_data_show, the memory allocation with kmalloc might\nfail, thereby making rdp_context a null pointer. In the following context\nand functions that use this pointer, there are dereferencing operations,\nleading to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null,\nuse scnprintf to notify the user and return len.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43821",
"url": "https://www.suse.com/security/cve/CVE-2024-43821"
},
{
"category": "external",
"summary": "SUSE Bug 1229315 for CVE-2024-43821",
"url": "https://bugzilla.suse.com/1229315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43821"
},
{
"cve": "CVE-2024-43823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()\n\nIf IORESOURCE_MEM is not provided in Device Tree due to\nany error, resource_list_first_type() will return NULL and\npci_parse_request_of_pci_ranges() will just emit a warning.\n\nThis will cause a NULL pointer dereference. Fix this bug by adding NULL\nreturn check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43823",
"url": "https://www.suse.com/security/cve/CVE-2024-43823"
},
{
"category": "external",
"summary": "SUSE Bug 1229303 for CVE-2024-43823",
"url": "https://bugzilla.suse.com/1229303"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43823"
},
{
"cve": "CVE-2024-43824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43824"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Make use of cached \u0027epc_features\u0027 in pci_epf_test_core_init()\n\nInstead of getting the epc_features from pci_epc_get_features() API, use\nthe cached pci_epf_test::epc_features value to avoid the NULL check. Since\nthe NULL check is already performed in pci_epf_test_bind(), having one more\ncheck in pci_epf_test_core_init() is redundant and it is not possible to\nhit the NULL pointer dereference.\n\nAlso with commit a01e7214bef9 (\"PCI: endpoint: Remove \"core_init_notifier\"\nflag\"), \u0027epc_features\u0027 got dereferenced without the NULL check, leading to\nthe following false positive Smatch warning:\n\n drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed \u0027epc_features\u0027 could be null (see line 747)\n\nThus, remove the redundant NULL check and also use the epc_features::\n{msix_capable/msi_capable} flags directly to avoid local variables.\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43824",
"url": "https://www.suse.com/security/cve/CVE-2024-43824"
},
{
"category": "external",
"summary": "SUSE Bug 1229320 for CVE-2024-43824",
"url": "https://bugzilla.suse.com/1229320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43824"
},
{
"cve": "CVE-2024-43825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43825"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: Fix the sorting functionality in iio_gts_build_avail_time_table\n\nThe sorting in iio_gts_build_avail_time_table is not working as intended.\nIt could result in an out-of-bounds access when the time is zero.\n\nHere are more details:\n\n1. When the gts-\u003eitime_table[i].time_us is zero, e.g., the time\nsequence is `3, 0, 1`, the inner for-loop will not terminate and do\nout-of-bound writes. This is because once `times[j] \u003e new`, the value\n`new` will be added in the current position and the `times[j]` will be\nmoved to `j+1` position, which makes the if-condition always hold.\nMeanwhile, idx will be added one, making the loop keep running without\ntermination and out-of-bound write.\n2. If none of the gts-\u003eitime_table[i].time_us is zero, the elements\nwill just be copied without being sorted as described in the comment\n\"Sort times from all tables to one and remove duplicates\".\n\nFor more details, please refer to\nhttps://lore.kernel.org/all/6dd0d822-046c-4dd2-9532-79d7ab96ec05@gmail.com.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43825",
"url": "https://www.suse.com/security/cve/CVE-2024-43825"
},
{
"category": "external",
"summary": "SUSE Bug 1229298 for CVE-2024-43825",
"url": "https://bugzilla.suse.com/1229298"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43825"
},
{
"cve": "CVE-2024-43826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: pass explicit offset/count to trace events\n\nnfs_folio_length is unsafe to use without having the folio locked and a\ncheck for a NULL -\u003ef_mapping that protects against truncations and can\nlead to kernel crashes. E.g. when running xfstests generic/065 with\nall nfs trace points enabled.\n\nFollow the model of the XFS trace points and pass in an expl\u0456cit offset\nand length. This has the additional benefit that these values can\nbe more accurate as some of the users touch partial folio ranges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43826",
"url": "https://www.suse.com/security/cve/CVE-2024-43826"
},
{
"category": "external",
"summary": "SUSE Bug 1229294 for CVE-2024-43826",
"url": "https://bugzilla.suse.com/1229294"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43826"
},
{
"cve": "CVE-2024-43829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43829"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/qxl: Add check for drm_cvt_mode\n\nAdd check for the return value of drm_cvt_mode() and return the error if\nit fails in order to avoid NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43829",
"url": "https://www.suse.com/security/cve/CVE-2024-43829"
},
{
"category": "external",
"summary": "SUSE Bug 1229341 for CVE-2024-43829",
"url": "https://bugzilla.suse.com/1229341"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43829"
},
{
"cve": "CVE-2024-43830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nleds: trigger: Unregister sysfs attributes before calling deactivate()\n\nTriggers which have trigger specific sysfs attributes typically store\nrelated data in trigger-data allocated by the activate() callback and\nfreed by the deactivate() callback.\n\nCalling device_remove_groups() after calling deactivate() leaves a window\nwhere the sysfs attributes show/store functions could be called after\ndeactivation and then operate on the just freed trigger-data.\n\nMove the device_remove_groups() call to before deactivate() to close\nthis race window.\n\nThis also makes the deactivation path properly do things in reverse order\nof the activation path which calls the activate() callback before calling\ndevice_add_groups().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43830",
"url": "https://www.suse.com/security/cve/CVE-2024-43830"
},
{
"category": "external",
"summary": "SUSE Bug 1229305 for CVE-2024-43830",
"url": "https://bugzilla.suse.com/1229305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43830"
},
{
"cve": "CVE-2024-43831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Handle invalid decoder vsi\n\nHandle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi\nis valid for future use.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43831",
"url": "https://www.suse.com/security/cve/CVE-2024-43831"
},
{
"category": "external",
"summary": "SUSE Bug 1229309 for CVE-2024-43831",
"url": "https://bugzilla.suse.com/1229309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43831"
},
{
"cve": "CVE-2024-43833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43833"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Fix NULL pointer dereference in adding ancillary links\n\nIn v4l2_async_create_ancillary_links(), ancillary links are created for\nlens and flash sub-devices. These are sub-device to sub-device links and\nif the async notifier is related to a V4L2 device, the source sub-device\nof the ancillary link is NULL, leading to a NULL pointer dereference.\nCheck the notifier\u0027s sd field is non-NULL in\nv4l2_async_create_ancillary_links().\n\n[Sakari Ailus: Reword the subject and commit messages slightly.]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43833",
"url": "https://www.suse.com/security/cve/CVE-2024-43833"
},
{
"category": "external",
"summary": "SUSE Bug 1229299 for CVE-2024-43833",
"url": "https://bugzilla.suse.com/1229299"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43833"
},
{
"cve": "CVE-2024-43834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: fix invalid wait context of page_pool_destroy()\n\nIf the driver uses a page pool, it creates a page pool with\npage_pool_create().\nThe reference count of page pool is 1 as default.\nA page pool will be destroyed only when a reference count reaches 0.\npage_pool_destroy() is used to destroy page pool, it decreases a\nreference count.\nWhen a page pool is destroyed, -\u003edisconnect() is called, which is\nmem_allocator_disconnect().\nThis function internally acquires mutex_lock().\n\nIf the driver uses XDP, it registers a memory model with\nxdp_rxq_info_reg_mem_model().\nThe xdp_rxq_info_reg_mem_model() internally increases a page pool\nreference count if a memory model is a page pool.\nNow the reference count is 2.\n\nTo destroy a page pool, the driver should call both page_pool_destroy()\nand xdp_unreg_mem_model().\nThe xdp_unreg_mem_model() internally calls page_pool_destroy().\nOnly page_pool_destroy() decreases a reference count.\n\nIf a driver calls page_pool_destroy() then xdp_unreg_mem_model(), we\nwill face an invalid wait context warning.\nBecause xdp_unreg_mem_model() calls page_pool_destroy() with\nrcu_read_lock().\nThe page_pool_destroy() internally acquires mutex_lock().\n\nSplat looks like:\n=============================\n[ BUG: Invalid wait context ]\n6.10.0-rc6+ #4 Tainted: G W\n-----------------------------\nethtool/1806 is trying to lock:\nffffffff90387b90 (mem_id_lock){+.+.}-{4:4}, at: mem_allocator_disconnect+0x73/0x150\nother info that might help us debug this:\ncontext-{5:5}\n3 locks held by ethtool/1806:\nstack backtrace:\nCPU: 0 PID: 1806 Comm: ethtool Tainted: G W 6.10.0-rc6+ #4 f916f41f172891c800f2fed\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x7e/0xc0\n__lock_acquire+0x1681/0x4de0\n? _printk+0x64/0xe0\n? __pfx_mark_lock.part.0+0x10/0x10\n? __pfx___lock_acquire+0x10/0x10\nlock_acquire+0x1b3/0x580\n? mem_allocator_disconnect+0x73/0x150\n? __wake_up_klogd.part.0+0x16/0xc0\n? __pfx_lock_acquire+0x10/0x10\n? dump_stack_lvl+0x91/0xc0\n__mutex_lock+0x15c/0x1690\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_prb_read_valid+0x10/0x10\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_llist_add_batch+0x10/0x10\n? console_unlock+0x193/0x1b0\n? lockdep_hardirqs_on+0xbe/0x140\n? __pfx___mutex_lock+0x10/0x10\n? tick_nohz_tick_stopped+0x16/0x90\n? __irq_work_queue_local+0x1e5/0x330\n? irq_work_queue+0x39/0x50\n? __wake_up_klogd.part.0+0x79/0xc0\n? mem_allocator_disconnect+0x73/0x150\nmem_allocator_disconnect+0x73/0x150\n? __pfx_mem_allocator_disconnect+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? rcu_is_watching+0x11/0xb0\npage_pool_release+0x36e/0x6d0\npage_pool_destroy+0xd7/0x440\nxdp_unreg_mem_model+0x1a7/0x2a0\n? __pfx_xdp_unreg_mem_model+0x10/0x10\n? kfree+0x125/0x370\n? bnxt_free_ring.isra.0+0x2eb/0x500\n? bnxt_free_mem+0x5ac/0x2500\nxdp_rxq_info_unreg+0x4a/0xd0\nbnxt_free_mem+0x1356/0x2500\nbnxt_close_nic+0xf0/0x3b0\n? __pfx_bnxt_close_nic+0x10/0x10\n? ethnl_parse_bit+0x2c6/0x6d0\n? __pfx___nla_validate_parse+0x10/0x10\n? __pfx_ethnl_parse_bit+0x10/0x10\nbnxt_set_features+0x2a8/0x3e0\n__netdev_update_features+0x4dc/0x1370\n? ethnl_parse_bitset+0x4ff/0x750\n? __pfx_ethnl_parse_bitset+0x10/0x10\n? __pfx___netdev_update_features+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? _raw_spin_unlock_irqrestore+0x42/0x70\n? __pm_runtime_resume+0x7d/0x110\nethnl_set_features+0x32d/0xa20\n\nTo fix this problem, it uses rhashtable_lookup_fast() instead of\nrhashtable_lookup() with rcu_read_lock().\nUsing xa without rcu_read_lock() here is safe.\nxa is freed by __xdp_mem_allocator_rcu_free() and this is called by\ncall_rcu() of mem_xa_remove().\nThe mem_xa_remove() is called by page_pool_destroy() if a reference\ncount reaches 0.\nThe xa is already protected by the reference count mechanism well in the\ncontrol plane.\nSo removing rcu_read_lock() for page_pool_destroy() is safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43834",
"url": "https://www.suse.com/security/cve/CVE-2024-43834"
},
{
"category": "external",
"summary": "SUSE Bug 1229314 for CVE-2024-43834",
"url": "https://bugzilla.suse.com/1229314"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43834"
},
{
"cve": "CVE-2024-43837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43837"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT\n\nWhen loading a EXT program without specifying `attr-\u003eattach_prog_fd`,\nthe `prog-\u003eaux-\u003edst_prog` will be null. At this time, calling\nresolve_prog_type() anywhere will result in a null pointer dereference.\n\nExample stack trace:\n\n[ 8.107863] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n[ 8.108262] Mem abort info:\n[ 8.108384] ESR = 0x0000000096000004\n[ 8.108547] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 8.108722] SET = 0, FnV = 0\n[ 8.108827] EA = 0, S1PTW = 0\n[ 8.108939] FSC = 0x04: level 0 translation fault\n[ 8.109102] Data abort info:\n[ 8.109203] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 8.109399] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 8.109614] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 8.109836] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101354000\n[ 8.110011] [0000000000000004] pgd=0000000000000000, p4d=0000000000000000\n[ 8.112624] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 8.112783] Modules linked in:\n[ 8.113120] CPU: 0 PID: 99 Comm: may_access_dire Not tainted 6.10.0-rc3-next-20240613-dirty #1\n[ 8.113230] Hardware name: linux,dummy-virt (DT)\n[ 8.113390] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 8.113429] pc : may_access_direct_pkt_data+0x24/0xa0\n[ 8.113746] lr : add_subprog_and_kfunc+0x634/0x8e8\n[ 8.113798] sp : ffff80008283b9f0\n[ 8.113813] x29: ffff80008283b9f0 x28: ffff800082795048 x27: 0000000000000001\n[ 8.113881] x26: ffff0000c0bb2600 x25: 0000000000000000 x24: 0000000000000000\n[ 8.113897] x23: ffff0000c1134000 x22: 000000000001864f x21: ffff0000c1138000\n[ 8.113912] x20: 0000000000000001 x19: ffff0000c12b8000 x18: ffffffffffffffff\n[ 8.113929] x17: 0000000000000000 x16: 0000000000000000 x15: 0720072007200720\n[ 8.113944] x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720\n[ 8.113958] x11: 0720072007200720 x10: 0000000000f9fca4 x9 : ffff80008021f4e4\n[ 8.113991] x8 : 0101010101010101 x7 : 746f72705f6d656d x6 : 000000001e0e0f5f\n[ 8.114006] x5 : 000000000001864f x4 : ffff0000c12b8000 x3 : 000000000000001c\n[ 8.114020] x2 : 0000000000000002 x1 : 0000000000000000 x0 : 0000000000000000\n[ 8.114126] Call trace:\n[ 8.114159] may_access_direct_pkt_data+0x24/0xa0\n[ 8.114202] bpf_check+0x3bc/0x28c0\n[ 8.114214] bpf_prog_load+0x658/0xa58\n[ 8.114227] __sys_bpf+0xc50/0x2250\n[ 8.114240] __arm64_sys_bpf+0x28/0x40\n[ 8.114254] invoke_syscall.constprop.0+0x54/0xf0\n[ 8.114273] do_el0_svc+0x4c/0xd8\n[ 8.114289] el0_svc+0x3c/0x140\n[ 8.114305] el0t_64_sync_handler+0x134/0x150\n[ 8.114331] el0t_64_sync+0x168/0x170\n[ 8.114477] Code: 7100707f 54000081 f9401c00 f9403800 (b9400403)\n[ 8.118672] ---[ end trace 0000000000000000 ]---\n\nOne way to fix it is by forcing `attach_prog_fd` non-empty when\nbpf_prog_load(). But this will lead to `libbpf_probe_bpf_prog_type`\nAPI broken which use verifier log to probe prog type and will log\nnothing if we reject invalid EXT prog before bpf_check().\n\nAnother way is by adding null check in resolve_prog_type().\n\nThe issue was introduced by commit 4a9c7bbe2ed4 (\"bpf: Resolve to\nprog-\u003eaux-\u003edst_prog-\u003etype only for BPF_PROG_TYPE_EXT\") which wanted\nto correct type resolution for BPF_PROG_TYPE_TRACING programs. Before\nthat, the type resolution of BPF_PROG_TYPE_EXT prog actually follows\nthe logic below:\n\n prog-\u003eaux-\u003edst_prog ? prog-\u003eaux-\u003edst_prog-\u003etype : prog-\u003etype;\n\nIt implies that when EXT program is not yet attached to `dst_prog`,\nthe prog type should be EXT itself. This code worked fine in the past.\nSo just keep using it.\n\nFix this by returning `prog-\u003etype` for BPF_PROG_TYPE_EXT if `dst_prog`\nis not present in resolve_prog_type().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43837",
"url": "https://www.suse.com/security/cve/CVE-2024-43837"
},
{
"category": "external",
"summary": "SUSE Bug 1229297 for CVE-2024-43837",
"url": "https://bugzilla.suse.com/1229297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43837"
},
{
"cve": "CVE-2024-43839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43839"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: adjust \u0027name\u0027 buf size of bna_tcb and bna_ccb structures\n\nTo have enough space to write all possible sprintf() args. Currently\n\u0027name\u0027 size is 16, but the first \u0027%s\u0027 specifier may already need at\nleast 16 characters, since \u0027bnad-\u003enetdev-\u003ename\u0027 is used there.\n\nFor \u0027%d\u0027 specifiers, assume that they require:\n * 1 char for \u0027tx_id + tx_info-\u003etcb[i]-\u003eid\u0027 sum, BNAD_MAX_TXQ_PER_TX is 8\n * 2 chars for \u0027rx_id + rx_info-\u003erx_ctrl[i].ccb-\u003eid\u0027, BNAD_MAX_RXP_PER_RX\n is 16\n\nAnd replace sprintf with snprintf.\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43839",
"url": "https://www.suse.com/security/cve/CVE-2024-43839"
},
{
"category": "external",
"summary": "SUSE Bug 1229301 for CVE-2024-43839",
"url": "https://bugzilla.suse.com/1229301"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43839"
},
{
"cve": "CVE-2024-43840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43840"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG\n\nWhen BPF_TRAMP_F_CALL_ORIG is set, the trampoline calls\n__bpf_tramp_enter() and __bpf_tramp_exit() functions, passing them\nthe struct bpf_tramp_image *im pointer as an argument in R0.\n\nThe trampoline generation code uses emit_addr_mov_i64() to emit\ninstructions for moving the bpf_tramp_image address into R0, but\nemit_addr_mov_i64() assumes the address to be in the vmalloc() space\nand uses only 48 bits. Because bpf_tramp_image is allocated using\nkzalloc(), its address can use more than 48-bits, in this case the\ntrampoline will pass an invalid address to __bpf_tramp_enter/exit()\ncausing a kernel crash.\n\nFix this by using emit_a64_mov_i64() in place of emit_addr_mov_i64()\nas it can work with addresses that are greater than 48-bits.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43840",
"url": "https://www.suse.com/security/cve/CVE-2024-43840"
},
{
"category": "external",
"summary": "SUSE Bug 1229344 for CVE-2024-43840",
"url": "https://bugzilla.suse.com/1229344"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43840"
},
{
"cve": "CVE-2024-43841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43841"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: virt_wifi: avoid reporting connection success with wrong SSID\n\nWhen user issues a connection with a different SSID than the one\nvirt_wifi has advertised, the __cfg80211_connect_result() will\ntrigger the warning: WARN_ON(bss_not_found).\n\nThe issue is because the connection code in virt_wifi does not\ncheck the SSID from user space (it only checks the BSSID), and\nvirt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS\neven if the SSID is different from the one virt_wifi has advertised.\nEventually cfg80211 won\u0027t be able to find the cfg80211_bss and generate\nthe warning.\n\nFixed it by checking the SSID (from user space) in the connection code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43841",
"url": "https://www.suse.com/security/cve/CVE-2024-43841"
},
{
"category": "external",
"summary": "SUSE Bug 1229304 for CVE-2024-43841",
"url": "https://bugzilla.suse.com/1229304"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43841"
},
{
"cve": "CVE-2024-43842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43842"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()\n\nIn rtw89_sta_info_get_iter() \u0027status-\u003ehe_gi\u0027 is compared to array size.\nBut then \u0027rate-\u003ehe_gi\u0027 is used as array index instead of \u0027status-\u003ehe_gi\u0027.\nThis can lead to go beyond array boundaries in case of \u0027rate-\u003ehe_gi\u0027 is\nnot equal to \u0027status-\u003ehe_gi\u0027 and is bigger than array size. Looks like\n\"copy-paste\" mistake.\n\nFix this mistake by replacing \u0027rate-\u003ehe_gi\u0027 with \u0027status-\u003ehe_gi\u0027.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43842",
"url": "https://www.suse.com/security/cve/CVE-2024-43842"
},
{
"category": "external",
"summary": "SUSE Bug 1229317 for CVE-2024-43842",
"url": "https://bugzilla.suse.com/1229317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43842"
},
{
"cve": "CVE-2024-43846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib: objagg: Fix general protection fault\n\nThe library supports aggregation of objects into other objects only if\nthe parent object does not have a parent itself. That is, nesting is not\nsupported.\n\nAggregation happens in two cases: Without and with hints, where hints\nare a pre-computed recommendation on how to aggregate the provided\nobjects.\n\nNesting is not possible in the first case due to a check that prevents\nit, but in the second case there is no check because the assumption is\nthat nesting cannot happen when creating objects based on hints. The\nviolation of this assumption leads to various warnings and eventually to\na general protection fault [1].\n\nBefore fixing the root cause, error out when nesting happens and warn.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G W 6.9.0-rc6-custom-gd9b4f1cca7fb #7\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80\n[...]\nCall Trace:\n \u003cTASK\u003e\n mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43846",
"url": "https://www.suse.com/security/cve/CVE-2024-43846"
},
{
"category": "external",
"summary": "SUSE Bug 1229360 for CVE-2024-43846",
"url": "https://bugzilla.suse.com/1229360"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43846"
},
{
"cve": "CVE-2024-43847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43847"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix invalid memory access while processing fragmented packets\n\nThe monitor ring and the reo reinject ring share the same ring mask index.\nWhen the driver receives an interrupt for the reo reinject ring, the\nmonitor ring is also processed, leading to invalid memory access. Since\nmonitor support is not yet enabled in ath12k, the ring mask for the monitor\nring should be removed.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43847",
"url": "https://www.suse.com/security/cve/CVE-2024-43847"
},
{
"category": "external",
"summary": "SUSE Bug 1229291 for CVE-2024-43847",
"url": "https://bugzilla.suse.com/1229291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43847"
},
{
"cve": "CVE-2024-43849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43849"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: protect locator_addr with the main mutex\n\nIf the service locator server is restarted fast enough, the PDR can\nrewrite locator_addr fields concurrently. Protect them by placing\nmodification of those fields under the main pdr-\u003elock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43849",
"url": "https://www.suse.com/security/cve/CVE-2024-43849"
},
{
"category": "external",
"summary": "SUSE Bug 1229307 for CVE-2024-43849",
"url": "https://bugzilla.suse.com/1229307"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43849"
},
{
"cve": "CVE-2024-43850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove\n\nThe following warning is seen during bwmon_remove due to refcount\nimbalance, fix this by releasing the OPPs after use.\n\nLogs:\nWARNING: at drivers/opp/core.c:1640 _opp_table_kref_release+0x150/0x158\nHardware name: Qualcomm Technologies, Inc. X1E80100 CRD (DT)\n...\nCall trace:\n_opp_table_kref_release+0x150/0x158\ndev_pm_opp_remove_table+0x100/0x1b4\ndevm_pm_opp_of_table_release+0x10/0x1c\ndevm_action_release+0x14/0x20\ndevres_release_all+0xa4/0x104\ndevice_unbind_cleanup+0x18/0x60\ndevice_release_driver_internal+0x1ec/0x228\ndriver_detach+0x50/0x98\nbus_remove_driver+0x6c/0xbc\ndriver_unregister+0x30/0x60\nplatform_driver_unregister+0x14/0x20\nbwmon_driver_exit+0x18/0x524 [icc_bwmon]\n__arm64_sys_delete_module+0x184/0x264\ninvoke_syscall+0x48/0x118\nel0_svc_common.constprop.0+0xc8/0xe8\ndo_el0_svc+0x20/0x2c\nel0_svc+0x34/0xdc\nel0t_64_sync_handler+0x13c/0x158\nel0t_64_sync+0x190/0x194\n--[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43850",
"url": "https://www.suse.com/security/cve/CVE-2024-43850"
},
{
"category": "external",
"summary": "SUSE Bug 1229316 for CVE-2024-43850",
"url": "https://bugzilla.suse.com/1229316"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43850"
},
{
"cve": "CVE-2024-43851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: xilinx: rename cpu_number1 to dummy_cpu_number\n\nThe per cpu variable cpu_number1 is passed to xlnx_event_handler as\nargument \"dev_id\", but it is not used in this function. So drop the\ninitialization of this variable and rename it to dummy_cpu_number.\nThis patch is to fix the following call trace when the kernel option\nCONFIG_DEBUG_ATOMIC_SLEEP is enabled:\n\nBUG: sleeping function called from invalid context at include/linux/sched/mm.h:274\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper/0\n preempt_count: 1, expected: 0\n CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.1.0 #53\n Hardware name: Xilinx Versal vmk180 Eval board rev1.1 (QSPI) (DT)\n Call trace:\n dump_backtrace+0xd0/0xe0\n show_stack+0x18/0x40\n dump_stack_lvl+0x7c/0xa0\n dump_stack+0x18/0x34\n __might_resched+0x10c/0x140\n __might_sleep+0x4c/0xa0\n __kmem_cache_alloc_node+0xf4/0x168\n kmalloc_trace+0x28/0x38\n __request_percpu_irq+0x74/0x138\n xlnx_event_manager_probe+0xf8/0x298\n platform_probe+0x68/0xd8",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43851",
"url": "https://www.suse.com/security/cve/CVE-2024-43851"
},
{
"category": "external",
"summary": "SUSE Bug 1229313 for CVE-2024-43851",
"url": "https://bugzilla.suse.com/1229313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43851"
},
{
"cve": "CVE-2024-43853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43853"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: Prevent UAF in proc_cpuset_show()\n\nAn UAF can happen when /proc/cpuset is read as reported in [1].\n\nThis can be reproduced by the following methods:\n1.add an mdelay(1000) before acquiring the cgroup_lock In the\n cgroup_path_ns function.\n2.$cat /proc/\u003cpid\u003e/cpuset repeatly.\n3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/\n$umount /sys/fs/cgroup/cpuset/ repeatly.\n\nThe race that cause this bug can be shown as below:\n\n(umount)\t\t|\t(cat /proc/\u003cpid\u003e/cpuset)\ncss_release\t\t|\tproc_cpuset_show\ncss_release_work_fn\t|\tcss = task_get_css(tsk, cpuset_cgrp_id);\ncss_free_rwork_fn\t|\tcgroup_path_ns(css-\u003ecgroup, ...);\ncgroup_destroy_root\t|\tmutex_lock(\u0026cgroup_mutex);\nrebind_subsystems\t|\ncgroup_free_root \t|\n\t\t\t|\t// cgrp was freed, UAF\n\t\t\t|\tcgroup_path_ns_locked(cgrp,..);\n\nWhen the cpuset is initialized, the root node top_cpuset.css.cgrp\nwill point to \u0026cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will\nallocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated\n\u0026cgroup_root.cgrp. When the umount operation is executed,\ntop_cpuset.css.cgrp will be rebound to \u0026cgrp_dfl_root.cgrp.\n\nThe problem is that when rebinding to cgrp_dfl_root, there are cases\nwhere the cgroup_root allocated by setting up the root for cgroup v1\nis cached. This could lead to a Use-After-Free (UAF) if it is\nsubsequently freed. The descendant cgroups of cgroup v1 can only be\nfreed after the css is released. However, the css of the root will never\nbe released, yet the cgroup_root should be freed when it is unmounted.\nThis means that obtaining a reference to the css of the root does\nnot guarantee that css.cgrp-\u003eroot will not be freed.\n\nFix this problem by using rcu_read_lock in proc_cpuset_show().\nAs cgroup_root is kfree_rcu after commit d23b5c577715\n(\"cgroup: Make operations on the cgroup root_list RCU safe\"),\ncss-\u003ecgroup won\u0027t be freed during the critical section.\nTo call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to\nreplace task_get_css with task_css.\n\n[1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43853",
"url": "https://www.suse.com/security/cve/CVE-2024-43853"
},
{
"category": "external",
"summary": "SUSE Bug 1229292 for CVE-2024-43853",
"url": "https://bugzilla.suse.com/1229292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43853"
},
{
"cve": "CVE-2024-43854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43854"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: initialize integrity buffer to zero before writing it to media\n\nMetadata added by bio_integrity_prep is using plain kmalloc, which leads\nto random kernel memory being written media. For PI metadata this is\nlimited to the app tag that isn\u0027t used by kernel generated metadata,\nbut for non-PI metadata the entire buffer leaks kernel memory.\n\nFix this by adding the __GFP_ZERO flag to allocations for writes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43854",
"url": "https://www.suse.com/security/cve/CVE-2024-43854"
},
{
"category": "external",
"summary": "SUSE Bug 1229345 for CVE-2024-43854",
"url": "https://bugzilla.suse.com/1229345"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43854"
},
{
"cve": "CVE-2024-43855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix deadlock between mddev_suspend and flush bio\n\nDeadlock occurs when mddev is being suspended while some flush bio is in\nprogress. It is a complex issue.\n\nT1. the first flush is at the ending stage, it clears \u0027mddev-\u003eflush_bio\u0027\n and tries to submit data, but is blocked because mddev is suspended\n by T4.\nT2. the second flush sets \u0027mddev-\u003eflush_bio\u0027, and attempts to queue\n md_submit_flush_data(), which is already running (T1) and won\u0027t\n execute again if on the same CPU as T1.\nT3. the third flush inc active_io and tries to flush, but is blocked because\n \u0027mddev-\u003eflush_bio\u0027 is not NULL (set by T2).\nT4. mddev_suspend() is called and waits for active_io dec to 0 which is inc\n by T3.\n\n T1\t\tT2\t\tT3\t\tT4\n (flush 1)\t(flush 2)\t(third 3)\t(suspend)\n md_submit_flush_data\n mddev-\u003eflush_bio = NULL;\n .\n .\t \tmd_flush_request\n .\t \t mddev-\u003eflush_bio = bio\n .\t \t queue submit_flushes\n .\t\t .\n .\t\t .\t\tmd_handle_request\n .\t\t .\t\t active_io + 1\n .\t\t .\t\t md_flush_request\n .\t\t .\t\t wait !mddev-\u003eflush_bio\n .\t\t .\n .\t\t .\t\t\t\tmddev_suspend\n .\t\t .\t\t\t\t wait !active_io\n .\t\t .\n .\t\t submit_flushes\n .\t\t queue_work md_submit_flush_data\n .\t\t //md_submit_flush_data is already running (T1)\n .\n md_handle_request\n wait resume\n\nThe root issue is non-atomic inc/dec of active_io during flush process.\nactive_io is dec before md_submit_flush_data is queued, and inc soon\nafter md_submit_flush_data() run.\n md_flush_request\n active_io + 1\n submit_flushes\n active_io - 1\n md_submit_flush_data\n md_handle_request\n active_io + 1\n make_request\n active_io - 1\n\nIf active_io is dec after md_handle_request() instead of within\nsubmit_flushes(), make_request() can be called directly intead of\nmd_handle_request() in md_submit_flush_data(), and active_io will\nonly inc and dec once in the whole flush process. Deadlock will be\nfixed.\n\nAdditionally, the only difference between fixing the issue and before is\nthat there is no return error handling of make_request(). But after\nprevious patch cleaned md_write_start(), make_requst() only return error\nin raid5_make_request() by dm-raid, see commit 41425f96d7aa (\"dm-raid456,\nmd/raid456: fix a deadlock for dm-raid456 while io concurrent with\nreshape)\". Since dm always splits data and flush operation into two\nseparate io, io size of flush submitted by dm always is 0, make_request()\nwill not be called in md_submit_flush_data(). To prevent future\nmodifications from introducing issues, add WARN_ON to ensure\nmake_request() no error is returned in this context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43855",
"url": "https://www.suse.com/security/cve/CVE-2024-43855"
},
{
"category": "external",
"summary": "SUSE Bug 1229342 for CVE-2024-43855",
"url": "https://bugzilla.suse.com/1229342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43855"
},
{
"cve": "CVE-2024-43856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n kokonut //net/encryption\n http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43856",
"url": "https://www.suse.com/security/cve/CVE-2024-43856"
},
{
"category": "external",
"summary": "SUSE Bug 1229346 for CVE-2024-43856",
"url": "https://bugzilla.suse.com/1229346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43856"
},
{
"cve": "CVE-2024-43858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix array-index-out-of-bounds in diFree",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43858",
"url": "https://www.suse.com/security/cve/CVE-2024-43858"
},
{
"category": "external",
"summary": "SUSE Bug 1229414 for CVE-2024-43858",
"url": "https://bugzilla.suse.com/1229414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43858"
},
{
"cve": "CVE-2024-43860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43860"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_rproc: Skip over memory region when node value is NULL\n\nIn imx_rproc_addr_init() \"nph = of_count_phandle_with_args()\" just counts\nnumber of phandles. But phandles may be empty. So of_parse_phandle() in\nthe parsing loop (0 \u003c a \u003c nph) may return NULL which is later dereferenced.\nAdjust this issue by adding NULL-return check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[Fixed title to fit within the prescribed 70-75 charcters]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43860",
"url": "https://www.suse.com/security/cve/CVE-2024-43860"
},
{
"category": "external",
"summary": "SUSE Bug 1229319 for CVE-2024-43860",
"url": "https://bugzilla.suse.com/1229319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43860"
},
{
"cve": "CVE-2024-43861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: fix memory leak for not ip packets\n\nFree the unused skb when not ip packets arrive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43861",
"url": "https://www.suse.com/security/cve/CVE-2024-43861"
},
{
"category": "external",
"summary": "SUSE Bug 1229500 for CVE-2024-43861",
"url": "https://bugzilla.suse.com/1229500"
},
{
"category": "external",
"summary": "SUSE Bug 1229553 for CVE-2024-43861",
"url": "https://bugzilla.suse.com/1229553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-43861"
},
{
"cve": "CVE-2024-43863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix a deadlock in dma buf fence polling\n\nIntroduce a version of the fence ops that on release doesn\u0027t remove\nthe fence from the pending list, and thus doesn\u0027t require a lock to\nfix poll-\u003efence wait-\u003efence unref deadlocks.\n\nvmwgfx overwrites the wait callback to iterate over the list of all\nfences and update their status, to do that it holds a lock to prevent\nthe list modifcations from other threads. The fence destroy callback\nboth deletes the fence and removes it from the list of pending\nfences, for which it holds a lock.\n\ndma buf polling cb unrefs a fence after it\u0027s been signaled: so the poll\ncalls the wait, which signals the fences, which are being destroyed.\nThe destruction tries to acquire the lock on the pending fences list\nwhich it can never get because it\u0027s held by the wait from which it\nwas called.\n\nOld bug, but not a lot of userspace apps were using dma-buf polling\ninterfaces. Fix those, in particular this fixes KDE stalls/deadlock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43863",
"url": "https://www.suse.com/security/cve/CVE-2024-43863"
},
{
"category": "external",
"summary": "SUSE Bug 1229497 for CVE-2024-43863",
"url": "https://bugzilla.suse.com/1229497"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43863"
},
{
"cve": "CVE-2024-43864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix CT entry update leaks of modify header context\n\nThe cited commit allocates a new modify header to replace the old\none when updating CT entry. But if failed to allocate a new one, eg.\nexceed the max number firmware can support, modify header will be\nan error pointer that will trigger a panic when deallocating it. And\nthe old modify header point is copied to old attr. When the old\nattr is freed, the old modify header is lost.\n\nFix it by restoring the old attr to attr when failed to allocate a\nnew modify header context. So when the CT entry is freed, the right\nmodify header context will be freed. And the panic of accessing\nerror pointer is also fixed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43864",
"url": "https://www.suse.com/security/cve/CVE-2024-43864"
},
{
"category": "external",
"summary": "SUSE Bug 1229496 for CVE-2024-43864",
"url": "https://bugzilla.suse.com/1229496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43864"
},
{
"cve": "CVE-2024-43866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Always drain health in shutdown callback\n\nThere is no point in recovery during device shutdown. if health\nwork started need to wait for it to avoid races and NULL pointer\naccess.\n\nHence, drain health WQ on shutdown callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43866",
"url": "https://www.suse.com/security/cve/CVE-2024-43866"
},
{
"category": "external",
"summary": "SUSE Bug 1229495 for CVE-2024-43866",
"url": "https://bugzilla.suse.com/1229495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43866"
},
{
"cve": "CVE-2024-43867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43867"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: prime: fix refcount underflow\n\nCalling nouveau_bo_ref() on a nouveau_bo without initializing it (and\nhence the backing ttm_bo) leads to a refcount underflow.\n\nInstead of calling nouveau_bo_ref() in the unwind path of\ndrm_gem_object_init(), clean things up manually.\n\n(cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43867",
"url": "https://www.suse.com/security/cve/CVE-2024-43867"
},
{
"category": "external",
"summary": "SUSE Bug 1229493 for CVE-2024-43867",
"url": "https://bugzilla.suse.com/1229493"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43867"
},
{
"cve": "CVE-2024-43871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevres: Fix memory leakage caused by driver API devm_free_percpu()\n\nIt will cause memory leakage when use driver API devm_free_percpu()\nto free memory allocated by devm_alloc_percpu(), fixed by using\ndevres_release() instead of devres_destroy() within devm_free_percpu().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43871",
"url": "https://www.suse.com/security/cve/CVE-2024-43871"
},
{
"category": "external",
"summary": "SUSE Bug 1229490 for CVE-2024-43871",
"url": "https://bugzilla.suse.com/1229490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43871"
},
{
"cve": "CVE-2024-43872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43872"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup under heavy CEQE load\n\nCEQEs are handled in interrupt handler currently. This may cause the\nCPU core staying in interrupt context too long and lead to soft lockup\nunder heavy load.\n\nHandle CEQEs in BH workqueue and set an upper limit for the number of\nCEQE handled by a single call of work handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43872",
"url": "https://www.suse.com/security/cve/CVE-2024-43872"
},
{
"category": "external",
"summary": "SUSE Bug 1229489 for CVE-2024-43872",
"url": "https://bugzilla.suse.com/1229489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43872"
},
{
"cve": "CVE-2024-43873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost/vsock: always initialize seqpacket_allow\n\nThere are two issues around seqpacket_allow:\n1. seqpacket_allow is not initialized when socket is\n created. Thus if features are never set, it will be\n read uninitialized.\n2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared,\n then seqpacket_allow will not be cleared appropriately\n (existing apps I know about don\u0027t usually do this but\n it\u0027s legal and there\u0027s no way to be sure no one relies\n on this).\n\nTo fix:\n\t- initialize seqpacket_allow after allocation\n\t- set it unconditionally in set_features",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43873",
"url": "https://www.suse.com/security/cve/CVE-2024-43873"
},
{
"category": "external",
"summary": "SUSE Bug 1229488 for CVE-2024-43873",
"url": "https://bugzilla.suse.com/1229488"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43873"
},
{
"cve": "CVE-2024-43874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43874"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked\n\nFix a null pointer dereference induced by DEBUG_TEST_DRIVER_REMOVE.\nReturn from __sev_snp_shutdown_locked() if the psp_device or the\nsev_device structs are not initialized. Without the fix, the driver will\nproduce the following splat:\n\n ccp 0000:55:00.5: enabling device (0000 -\u003e 0002)\n ccp 0000:55:00.5: sev enabled\n ccp 0000:55:00.5: psp enabled\n BUG: kernel NULL pointer dereference, address: 00000000000000f0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI\n CPU: 262 PID: 1 Comm: swapper/0 Not tainted 6.9.0-rc1+ #29\n RIP: 0010:__sev_snp_shutdown_locked+0x2e/0x150\n Code: 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 41 89 f7 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 45 d8 48 8b 05 6a 5a 7f 06 \u003c4c\u003e 8b a0 f0 00 00 00 41 0f b6 9c 24 a2 00 00 00 48 83 fb 02 0f 83\n RSP: 0018:ffffb2ea4014b7b8 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: ffff9e4acd2e0a28 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb2ea4014b808\n RBP: ffffb2ea4014b7e8 R08: 0000000000000106 R09: 000000000003d9c0\n R10: 0000000000000001 R11: ffffffffa39ff070 R12: ffff9e49d40590c8\n R13: 0000000000000000 R14: ffffb2ea4014b808 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff9e58b1e00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000000000f0 CR3: 0000000418a3e001 CR4: 0000000000770ef0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die_body+0x6f/0xb0\n ? __die+0xcc/0xf0\n ? page_fault_oops+0x330/0x3a0\n ? save_trace+0x2a5/0x360\n ? do_user_addr_fault+0x583/0x630\n ? exc_page_fault+0x81/0x120\n ? asm_exc_page_fault+0x2b/0x30\n ? __sev_snp_shutdown_locked+0x2e/0x150\n __sev_firmware_shutdown+0x349/0x5b0\n ? pm_runtime_barrier+0x66/0xe0\n sev_dev_destroy+0x34/0xb0\n psp_dev_destroy+0x27/0x60\n sp_destroy+0x39/0x90\n sp_pci_remove+0x22/0x60\n pci_device_remove+0x4e/0x110\n really_probe+0x271/0x4e0\n __driver_probe_device+0x8f/0x160\n driver_probe_device+0x24/0x120\n __driver_attach+0xc7/0x280\n ? driver_attach+0x30/0x30\n bus_for_each_dev+0x10d/0x130\n driver_attach+0x22/0x30\n bus_add_driver+0x171/0x2b0\n ? unaccepted_memory_init_kdump+0x20/0x20\n driver_register+0x67/0x100\n __pci_register_driver+0x83/0x90\n sp_pci_init+0x22/0x30\n sp_mod_init+0x13/0x30\n do_one_initcall+0xb8/0x290\n ? sched_clock_noinstr+0xd/0x10\n ? local_clock_noinstr+0x3e/0x100\n ? stack_depot_save_flags+0x21e/0x6a0\n ? local_clock+0x1c/0x60\n ? stack_depot_save_flags+0x21e/0x6a0\n ? sched_clock_noinstr+0xd/0x10\n ? local_clock_noinstr+0x3e/0x100\n ? __lock_acquire+0xd90/0xe30\n ? sched_clock_noinstr+0xd/0x10\n ? local_clock_noinstr+0x3e/0x100\n ? __create_object+0x66/0x100\n ? local_clock+0x1c/0x60\n ? __create_object+0x66/0x100\n ? parameq+0x1b/0x90\n ? parse_one+0x6d/0x1d0\n ? parse_args+0xd7/0x1f0\n ? do_initcall_level+0x180/0x180\n do_initcall_level+0xb0/0x180\n do_initcalls+0x60/0xa0\n ? kernel_init+0x1f/0x1d0\n do_basic_setup+0x41/0x50\n kernel_init_freeable+0x1ac/0x230\n ? rest_init+0x1f0/0x1f0\n kernel_init+0x1f/0x1d0\n ? rest_init+0x1f0/0x1f0\n ret_from_fork+0x3d/0x50\n ? rest_init+0x1f0/0x1f0\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n Modules linked in:\n CR2: 00000000000000f0\n ---[ end trace 0000000000000000 ]---\n RIP: 0010:__sev_snp_shutdown_locked+0x2e/0x150\n Code: 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 41 89 f7 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 45 d8 48 8b 05 6a 5a 7f 06 \u003c4c\u003e 8b a0 f0 00 00 00 41 0f b6 9c 24 a2 00 00 00 48 83 fb 02 0f 83\n RSP: 0018:ffffb2ea4014b7b8 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: ffff9e4acd2e0a28 RCX: 0000000000000000\n RDX: 0000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43874",
"url": "https://www.suse.com/security/cve/CVE-2024-43874"
},
{
"category": "external",
"summary": "SUSE Bug 1229487 for CVE-2024-43874",
"url": "https://bugzilla.suse.com/1229487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43874"
},
{
"cve": "CVE-2024-43875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43875"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Clean up error handling in vpci_scan_bus()\n\nSmatch complains about inconsistent NULL checking in vpci_scan_bus():\n\n drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed \u0027vpci_bus\u0027 could be null (see line 1021)\n\nInstead of printing an error message and then crashing we should return\nan error code and clean up.\n\nAlso the NULL check is reversed so it prints an error for success\ninstead of failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43875",
"url": "https://www.suse.com/security/cve/CVE-2024-43875"
},
{
"category": "external",
"summary": "SUSE Bug 1229486 for CVE-2024-43875",
"url": "https://bugzilla.suse.com/1229486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43875"
},
{
"cve": "CVE-2024-43876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()\n\nAvoid large backtrace, it is sufficient to warn the user that there has\nbeen a link problem. Either the link has failed and the system is in need\nof maintenance, or the link continues to work and user has been informed.\nThe message from the warning can be looked up in the sources.\n\nThis makes an actual link issue less verbose.\n\nFirst of all, this controller has a limitation in that the controller\ndriver has to assist the hardware with transition to L1 link state by\nwriting L1IATN to PMCTRL register, the L1 and L0 link state switching\nis not fully automatic on this controller.\n\nIn case of an ASMedia ASM1062 PCIe SATA controller which does not support\nASPM, on entry to suspend or during platform pm_test, the SATA controller\nenters D3hot state and the link enters L1 state. If the SATA controller\nwakes up before rcar_pcie_wakeup() was called and returns to D0, the link\nreturns to L0 before the controller driver even started its transition to\nL1 link state. At this point, the SATA controller did send an PM_ENTER_L1\nDLLP to the PCIe controller and the PCIe controller received it, and the\nPCIe controller did set PMSR PMEL1RX bit.\n\nOnce rcar_pcie_wakeup() is called, if the link is already back in L0 state\nand PMEL1RX bit is set, the controller driver has no way to determine if\nit should perform the link transition to L1 state, or treat the link as if\nit is in L0 state. Currently the driver attempts to perform the transition\nto L1 link state unconditionally, which in this specific case fails with a\nPMSR L1FAEG poll timeout, however the link still works as it is already\nback in L0 state.\n\nReduce this warning verbosity. In case the link is really broken, the\nrcar_pcie_config_access() would fail, otherwise it will succeed and any\nsystem with this controller and ASM1062 can suspend without generating\na backtrace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43876",
"url": "https://www.suse.com/security/cve/CVE-2024-43876"
},
{
"category": "external",
"summary": "SUSE Bug 1229485 for CVE-2024-43876",
"url": "https://bugzilla.suse.com/1229485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43876"
},
{
"cve": "CVE-2024-43877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43877"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: ivtv: Add check for DMA map result\n\nIn case DMA fails, \u0027dma-\u003eSG_length\u0027 is 0. This value is later used to\naccess \u0027dma-\u003eSGarray[dma-\u003eSG_length - 1]\u0027, which will cause out of\nbounds access.\n\nAdd check to return early on invalid value. Adjust warnings accordingly.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43877",
"url": "https://www.suse.com/security/cve/CVE-2024-43877"
},
{
"category": "external",
"summary": "SUSE Bug 1229484 for CVE-2024-43877",
"url": "https://bugzilla.suse.com/1229484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43877"
},
{
"cve": "CVE-2024-43879",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43879"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()\n\nCurrently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in\ncfg80211_calculate_bitrate_he(), leading to below warning:\n\nkernel: invalid HE MCS: bw:6, ru:6\nkernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211]\n\nFix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43879",
"url": "https://www.suse.com/security/cve/CVE-2024-43879"
},
{
"category": "external",
"summary": "SUSE Bug 1229482 for CVE-2024-43879",
"url": "https://bugzilla.suse.com/1229482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43879"
},
{
"cve": "CVE-2024-43880",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43880"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_erp: Fix object nesting warning\n\nACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM\n(A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former can\ncontain more ACLs (i.e., tc filters), but the number of masks in each\nregion (i.e., tc chain) is limited.\n\nIn order to mitigate the effects of the above limitation, the device\nallows filters to share a single mask if their masks only differ in up\nto 8 consecutive bits. For example, dst_ip/25 can be represented using\ndst_ip/24 with a delta of 1 bit. The C-TCAM does not have a limit on the\nnumber of masks being used (and therefore does not support mask\naggregation), but can contain a limited number of filters.\n\nThe driver uses the \"objagg\" library to perform the mask aggregation by\npassing it objects that consist of the filter\u0027s mask and whether the\nfilter is to be inserted into the A-TCAM or the C-TCAM since filters in\ndifferent TCAMs cannot share a mask.\n\nThe set of created objects is dependent on the insertion order of the\nfilters and is not necessarily optimal. Therefore, the driver will\nperiodically ask the library to compute a more optimal set (\"hints\") by\nlooking at all the existing objects.\n\nWhen the library asks the driver whether two objects can be aggregated\nthe driver only compares the provided masks and ignores the A-TCAM /\nC-TCAM indication. This is the right thing to do since the goal is to\nmove as many filters as possible to the A-TCAM. The driver also forbids\ntwo identical masks from being aggregated since this can only happen if\none was intentionally put in the C-TCAM to avoid a conflict in the\nA-TCAM.\n\nThe above can result in the following set of hints:\n\nH1: {mask X, A-TCAM} -\u003e H2: {mask Y, A-TCAM} // X is Y + delta\nH3: {mask Y, C-TCAM} -\u003e H4: {mask Z, A-TCAM} // Y is Z + delta\n\nAfter getting the hints from the library the driver will start migrating\nfilters from one region to another while consulting the computed hints\nand instructing the device to perform a lookup in both regions during\nthe transition.\n\nAssuming a filter with mask X is being migrated into the A-TCAM in the\nnew region, the hints lookup will return H1. Since H2 is the parent of\nH1, the library will try to find the object associated with it and\ncreate it if necessary in which case another hints lookup (recursive)\nwill be performed. This hints lookup for {mask Y, A-TCAM} will either\nreturn H2 or H3 since the driver passes the library an object comparison\nfunction that ignores the A-TCAM / C-TCAM indication.\n\nThis can eventually lead to nested objects which are not supported by\nthe library [1].\n\nFix by removing the object comparison function from both the driver and\nthe library as the driver was the only user. That way the lookup will\nonly return exact matches.\n\nI do not have a reliable reproducer that can reproduce the issue in a\ntimely manner, but before the fix the issue would reproduce in several\nminutes and with the fix it does not reproduce in over an hour.\n\nNote that the current usefulness of the hints is limited because they\ninclude the C-TCAM indication and represent aggregation that cannot\nactually happen. This will be addressed in net-next.\n\n[1]\nWARNING: CPU: 0 PID: 153 at lib/objagg.c:170 objagg_obj_parent_assign+0xb5/0xd0\nModules linked in:\nCPU: 0 PID: 153 Comm: kworker/0:18 Not tainted 6.9.0-rc6-custom-g70fbc2c1c38b #42\nHardware name: Mellanox Technologies Ltd. MSN3700C/VMOD0008, BIOS 5.11 10/10/2018\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:objagg_obj_parent_assign+0xb5/0xd0\n[...]\nCall Trace:\n \u003cTASK\u003e\n __objagg_obj_get+0x2bb/0x580\n objagg_obj_get+0xe/0x80\n mlxsw_sp_acl_erp_mask_get+0xb5/0xf0\n mlxsw_sp_acl_atcam_entry_add+0xe8/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43880",
"url": "https://www.suse.com/security/cve/CVE-2024-43880"
},
{
"category": "external",
"summary": "SUSE Bug 1229481 for CVE-2024-43880",
"url": "https://bugzilla.suse.com/1229481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43880"
},
{
"cve": "CVE-2024-43881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: change DMA direction while mapping reinjected packets\n\nFor fragmented packets, ath12k reassembles each fragment as a normal\npacket and then reinjects it into HW ring. In this case, the DMA\ndirection should be DMA_TO_DEVICE, not DMA_FROM_DEVICE. Otherwise,\nan invalid payload may be reinjected into the HW and\nsubsequently delivered to the host.\n\nGiven that arbitrary memory can be allocated to the skb buffer,\nknowledge about the data contained in the reinjected buffer is lacking.\nConsequently, there\u0027s a risk of private information being leaked.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43881",
"url": "https://www.suse.com/security/cve/CVE-2024-43881"
},
{
"category": "external",
"summary": "SUSE Bug 1229480 for CVE-2024-43881",
"url": "https://bugzilla.suse.com/1229480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43881"
},
{
"cve": "CVE-2024-43882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexec: Fix ToCToU between perm check and set-uid/gid usage\n\nWhen opening a file for exec via do_filp_open(), permission checking is\ndone against the file\u0027s metadata at that moment, and on success, a file\npointer is passed back. Much later in the execve() code path, the file\nmetadata (specifically mode, uid, and gid) is used to determine if/how\nto set the uid and gid. However, those values may have changed since the\npermissions check, meaning the execution may gain unintended privileges.\n\nFor example, if a file could change permissions from executable and not\nset-id:\n\n---------x 1 root root 16048 Aug 7 13:16 target\n\nto set-id and non-executable:\n\n---S------ 1 root root 16048 Aug 7 13:16 target\n\nit is possible to gain root privileges when execution should have been\ndisallowed.\n\nWhile this race condition is rare in real-world scenarios, it has been\nobserved (and proven exploitable) when package managers are updating\nthe setuid bits of installed programs. Such files start with being\nworld-executable but then are adjusted to be group-exec with a set-uid\nbit. For example, \"chmod o-x,u+s target\" makes \"target\" executable only\nby uid \"root\" and gid \"cdrom\", while also becoming setuid-root:\n\n-rwxr-xr-x 1 root cdrom 16048 Aug 7 13:16 target\n\nbecomes:\n\n-rwsr-xr-- 1 root cdrom 16048 Aug 7 13:16 target\n\nBut racing the chmod means users without group \"cdrom\" membership can\nget the permission to execute \"target\" just before the chmod, and when\nthe chmod finishes, the exec reaches brpm_fill_uid(), and performs the\nsetuid to root, violating the expressed authorization of \"only cdrom\ngroup members can setuid to root\".\n\nRe-check that we still have execute permissions in case the metadata\nhas changed. It would be better to keep a copy from the perm-check time,\nbut until we can do that refactoring, the least-bad option is to do a\nfull inode_permission() call (under inode lock). It is understood that\nthis is safe against dead-locks, but hardly optimal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43882",
"url": "https://www.suse.com/security/cve/CVE-2024-43882"
},
{
"category": "external",
"summary": "SUSE Bug 1229503 for CVE-2024-43882",
"url": "https://bugzilla.suse.com/1229503"
},
{
"category": "external",
"summary": "SUSE Bug 1229504 for CVE-2024-43882",
"url": "https://bugzilla.suse.com/1229504"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-43882"
},
{
"cve": "CVE-2024-43883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43883"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: vhci-hcd: Do not drop references before new references are gained\n\nAt a few places the driver carries stale pointers\nto references that can still be used. Make sure that does not happen.\nThis strictly speaking closes ZDI-CAN-22273, though there may be\nsimilar races in the driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43883",
"url": "https://www.suse.com/security/cve/CVE-2024-43883"
},
{
"category": "external",
"summary": "SUSE Bug 1229707 for CVE-2024-43883",
"url": "https://bugzilla.suse.com/1229707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43883"
},
{
"cve": "CVE-2024-43884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Add error handling to pair_device()\n\nhci_conn_params_add() never checks for a NULL value and could lead to a NULL\npointer dereference causing a crash.\n\nFixed by adding error handling in the function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43884",
"url": "https://www.suse.com/security/cve/CVE-2024-43884"
},
{
"category": "external",
"summary": "SUSE Bug 1229739 for CVE-2024-43884",
"url": "https://bugzilla.suse.com/1229739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43884"
},
{
"cve": "CVE-2024-43885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43885"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43885",
"url": "https://www.suse.com/security/cve/CVE-2024-43885"
},
{
"category": "external",
"summary": "SUSE Bug 1229747 for CVE-2024-43885",
"url": "https://bugzilla.suse.com/1229747"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43885"
},
{
"cve": "CVE-2024-43889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Fix possible divide-by-0 panic in padata_mt_helper()\n\nWe are hit with a not easily reproducible divide-by-0 panic in padata.c at\nbootup time.\n\n [ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI\n [ 10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1\n [ 10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021\n [ 10.017908] Workqueue: events_unbound padata_mt_helper\n [ 10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0\n :\n [ 10.017963] Call Trace:\n [ 10.017968] \u003cTASK\u003e\n [ 10.018004] ? padata_mt_helper+0x39/0xb0\n [ 10.018084] process_one_work+0x174/0x330\n [ 10.018093] worker_thread+0x266/0x3a0\n [ 10.018111] kthread+0xcf/0x100\n [ 10.018124] ret_from_fork+0x31/0x50\n [ 10.018138] ret_from_fork_asm+0x1a/0x30\n [ 10.018147] \u003c/TASK\u003e\n\nLooking at the padata_mt_helper() function, the only way a divide-by-0\npanic can happen is when ps-\u003echunk_size is 0. The way that chunk_size is\ninitialized in padata_do_multithreaded(), chunk_size can be 0 when the\nmin_chunk in the passed-in padata_mt_job structure is 0.\n\nFix this divide-by-0 panic by making sure that chunk_size will be at least\n1 no matter what the input parameters are.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43889",
"url": "https://www.suse.com/security/cve/CVE-2024-43889"
},
{
"category": "external",
"summary": "SUSE Bug 1229743 for CVE-2024-43889",
"url": "https://bugzilla.suse.com/1229743"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43889"
},
{
"cve": "CVE-2024-43892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43892"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg: protect concurrent access to mem_cgroup_idr\n\nCommit 73f576c04b94 (\"mm: memcontrol: fix cgroup creation failure after\nmany small jobs\") decoupled the memcg IDs from the CSS ID space to fix the\ncgroup creation failures. It introduced IDR to maintain the memcg ID\nspace. The IDR depends on external synchronization mechanisms for\nmodifications. For the mem_cgroup_idr, the idr_alloc() and idr_replace()\nhappen within css callback and thus are protected through cgroup_mutex\nfrom concurrent modifications. However idr_remove() for mem_cgroup_idr\nwas not protected against concurrency and can be run concurrently for\ndifferent memcgs when they hit their refcnt to zero. Fix that.\n\nWe have been seeing list_lru based kernel crashes at a low frequency in\nour fleet for a long time. These crashes were in different part of\nlist_lru code including list_lru_add(), list_lru_del() and reparenting\ncode. Upon further inspection, it looked like for a given object (dentry\nand inode), the super_block\u0027s list_lru didn\u0027t have list_lru_one for the\nmemcg of that object. The initial suspicions were either the object is\nnot allocated through kmem_cache_alloc_lru() or somehow\nmemcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg but\nreturned success. No evidence were found for these cases.\n\nLooking more deeply, we started seeing situations where valid memcg\u0027s id\nis not present in mem_cgroup_idr and in some cases multiple valid memcgs\nhave same id and mem_cgroup_idr is pointing to one of them. So, the most\nreasonable explanation is that these situations can happen due to race\nbetween multiple idr_remove() calls or race between\nidr_alloc()/idr_replace() and idr_remove(). These races are causing\nmultiple memcgs to acquire the same ID and then offlining of one of them\nwould cleanup list_lrus on the system for all of them. Later access from\nother memcgs to the list_lru cause crashes due to missing list_lru_one.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43892",
"url": "https://www.suse.com/security/cve/CVE-2024-43892"
},
{
"category": "external",
"summary": "SUSE Bug 1229761 for CVE-2024-43892",
"url": "https://bugzilla.suse.com/1229761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43892"
},
{
"cve": "CVE-2024-43893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43893"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: core: check uartclk for zero to avoid divide by zero\n\nCalling ioctl TIOCSSERIAL with an invalid baud_base can\nresult in uartclk being zero, which will result in a\ndivide by zero error in uart_get_divisor(). The check for\nuartclk being zero in uart_set_info() needs to be done\nbefore other settings are made as subsequent calls to\nioctl TIOCSSERIAL for the same port would be impacted if\nthe uartclk check was done where uartclk gets set.\n\nOops: divide error: 0000 PREEMPT SMP KASAN PTI\nRIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580)\nCall Trace:\n \u003cTASK\u003e\nserial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576\n drivers/tty/serial/8250/8250_port.c:2589)\nserial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502\n drivers/tty/serial/8250/8250_port.c:2741)\nserial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862)\nuart_change_line_settings (./include/linux/spinlock.h:376\n ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222)\nuart_port_startup (drivers/tty/serial/serial_core.c:342)\nuart_startup (drivers/tty/serial/serial_core.c:368)\nuart_set_info (drivers/tty/serial/serial_core.c:1034)\nuart_set_info_user (drivers/tty/serial/serial_core.c:1059)\ntty_set_serial (drivers/tty/tty_io.c:2637)\ntty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791)\n__x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907\n fs/ioctl.c:893 fs/ioctl.c:893)\ndo_syscall_64 (arch/x86/entry/common.c:52\n (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nRule: add",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43893",
"url": "https://www.suse.com/security/cve/CVE-2024-43893"
},
{
"category": "external",
"summary": "SUSE Bug 1229759 for CVE-2024-43893",
"url": "https://bugzilla.suse.com/1229759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43893"
},
{
"cve": "CVE-2024-43894",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43894"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: fix null pointer dereference in drm_client_modeset_probe\n\nIn drm_client_modeset_probe(), the return value of drm_mode_duplicate() is\nassigned to modeset-\u003emode, which will lead to a possible NULL pointer\ndereference on failure of drm_mode_duplicate(). Add a check to avoid npd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43894",
"url": "https://www.suse.com/security/cve/CVE-2024-43894"
},
{
"category": "external",
"summary": "SUSE Bug 1229746 for CVE-2024-43894",
"url": "https://bugzilla.suse.com/1229746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43894"
},
{
"cve": "CVE-2024-43895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip Recompute DSC Params if no Stream on Link\n\n[why]\nEncounter NULL pointer dereference uner mst + dsc setup.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2\n Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022\n RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\n Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 \u003c48\u003e 8\u003e\n RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\n RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\n RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\n RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\n R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\n R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\n FS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0\n Call Trace:\n\u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? plist_add+0xbe/0x100\n ? exc_page_fault+0x7c/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n drm_atomic_check_only+0x5c5/0xa40\n drm_mode_atomic_ioctl+0x76e/0xbc0\n\n[how]\ndsc recompute should be skipped if no mode change detected on the new\nrequest. If detected, keep checking whether the stream is already on\ncurrent state or not.\n\n(cherry picked from commit 8151a6c13111b465dbabe07c19f572f7cbd16fef)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43895",
"url": "https://www.suse.com/security/cve/CVE-2024-43895"
},
{
"category": "external",
"summary": "SUSE Bug 1229755 for CVE-2024-43895",
"url": "https://bugzilla.suse.com/1229755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43895"
},
{
"cve": "CVE-2024-43897",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43897"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: drop bad gso csum_start and offset in virtio_net_hdr\n\nTighten csum_start and csum_offset checks in virtio_net_hdr_to_skb\nfor GSO packets.\n\nThe function already checks that a checksum requested with\nVIRTIO_NET_HDR_F_NEEDS_CSUM is in skb linear. But for GSO packets\nthis might not hold for segs after segmentation.\n\nSyzkaller demonstrated to reach this warning in skb_checksum_help\n\n\toffset = skb_checksum_start_offset(skb);\n\tret = -EINVAL;\n\tif (WARN_ON_ONCE(offset \u003e= skb_headlen(skb)))\n\nBy injecting a TSO packet:\n\nWARNING: CPU: 1 PID: 3539 at net/core/dev.c:3284 skb_checksum_help+0x3d0/0x5b0\n ip_do_fragment+0x209/0x1b20 net/ipv4/ip_output.c:774\n ip_finish_output_gso net/ipv4/ip_output.c:279 [inline]\n __ip_finish_output+0x2bd/0x4b0 net/ipv4/ip_output.c:301\n iptunnel_xmit+0x50c/0x930 net/ipv4/ip_tunnel_core.c:82\n ip_tunnel_xmit+0x2296/0x2c70 net/ipv4/ip_tunnel.c:813\n __gre_xmit net/ipv4/ip_gre.c:469 [inline]\n ipgre_xmit+0x759/0xa60 net/ipv4/ip_gre.c:661\n __netdev_start_xmit include/linux/netdevice.h:4850 [inline]\n netdev_start_xmit include/linux/netdevice.h:4864 [inline]\n xmit_one net/core/dev.c:3595 [inline]\n dev_hard_start_xmit+0x261/0x8c0 net/core/dev.c:3611\n __dev_queue_xmit+0x1b97/0x3c90 net/core/dev.c:4261\n packet_snd net/packet/af_packet.c:3073 [inline]\n\nThe geometry of the bad input packet at tcp_gso_segment:\n\n[ 52.003050][ T8403] skb len=12202 headroom=244 headlen=12093 tailroom=0\n[ 52.003050][ T8403] mac=(168,24) mac_len=24 net=(192,52) trans=244\n[ 52.003050][ T8403] shinfo(txflags=0 nr_frags=1 gso(size=1552 type=3 segs=0))\n[ 52.003050][ T8403] csum(0x60000c7 start=199 offset=1536\nip_summed=3 complete_sw=0 valid=0 level=0)\n\nMitigate with stricter input validation.\n\ncsum_offset: for GSO packets, deduce the correct value from gso_type.\nThis is already done for USO. Extend it to TSO. Let UFO be:\nudp[46]_ufo_fragment ignores these fields and always computes the\nchecksum in software.\n\ncsum_start: finding the real offset requires parsing to the transport\nheader. Do not add a parser, use existing segmentation parsing. Thanks\nto SKB_GSO_DODGY, that also catches bad packets that are hw offloaded.\nAgain test both TSO and USO. Do not test UFO for the above reason, and\ndo not test UDP tunnel offload.\n\nGSO packet are almost always CHECKSUM_PARTIAL. USO packets may be\nCHECKSUM_NONE since commit 10154dbded6d6 (\"udp: Allow GSO transmit\nfrom devices with no checksum offload\"), but then still these fields\nare initialized correctly in udp4_hwcsum/udp6_hwcsum_outgoing. So no\nneed to test for ip_summed == CHECKSUM_PARTIAL first.\n\nThis revises an existing fix mentioned in the Fixes tag, which broke\nsmall packets with GSO offload, as detected by kselftests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43897",
"url": "https://www.suse.com/security/cve/CVE-2024-43897"
},
{
"category": "external",
"summary": "SUSE Bug 1229752 for CVE-2024-43897",
"url": "https://bugzilla.suse.com/1229752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43897"
},
{
"cve": "CVE-2024-43899",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43899"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null pointer deref in dcn20_resource.c\n\nFixes a hang thats triggered when MPV is run on a DCN401 dGPU:\n\nmpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all\n\nand then enabling fullscreen playback (double click on the video)\n\nThe following calltrace will be seen:\n\n[ 181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 181.843997] #PF: supervisor instruction fetch in kernel mode\n[ 181.844003] #PF: error_code(0x0010) - not-present page\n[ 181.844009] PGD 0 P4D 0\n[ 181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI\n[ 181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G W OE 6.5.0-41-generic #41~22.04.2-Ubuntu\n[ 181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018\n[ 181.844044] RIP: 0010:0x0\n[ 181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[ 181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246\n[ 181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004\n[ 181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400\n[ 181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c\n[ 181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8\n[ 181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005\n[ 181.844121] FS: 00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000\n[ 181.844128] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0\n[ 181.844141] Call Trace:\n[ 181.844146] \u003cTASK\u003e\n[ 181.844153] ? show_regs+0x6d/0x80\n[ 181.844167] ? __die+0x24/0x80\n[ 181.844179] ? page_fault_oops+0x99/0x1b0\n[ 181.844192] ? do_user_addr_fault+0x31d/0x6b0\n[ 181.844204] ? exc_page_fault+0x83/0x1b0\n[ 181.844216] ? asm_exc_page_fault+0x27/0x30\n[ 181.844237] dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu]\n[ 181.845115] amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu]\n[ 181.845985] amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu]\n[ 181.846848] fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu]\n[ 181.847734] fill_dc_plane_attributes+0x162/0x350 [amdgpu]\n[ 181.848748] dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[ 181.849791] ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[ 181.850840] amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43899",
"url": "https://www.suse.com/security/cve/CVE-2024-43899"
},
{
"category": "external",
"summary": "SUSE Bug 1229754 for CVE-2024-43899",
"url": "https://bugzilla.suse.com/1229754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43899"
},
{
"cve": "CVE-2024-43900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: xc2028: avoid use-after-free in load_firmware_cb()\n\nsyzkaller reported use-after-free in load_firmware_cb() [1].\nThe reason is because the module allocated a struct tuner in tuner_probe(),\nand then the module initialization failed, the struct tuner was released.\nA worker which created during module initialization accesses this struct\ntuner later, it caused use-after-free.\n\nThe process is as follows:\n\ntask-6504 worker_thread\ntuner_probe \u003c= alloc dvb_frontend [2]\n...\nrequest_firmware_nowait \u003c= create a worker\n...\ntuner_remove \u003c= free dvb_frontend\n...\n request_firmware_work_func \u003c= the firmware is ready\n load_firmware_cb \u003c= but now the dvb_frontend has been freed\n\nTo fix the issue, check the dvd_frontend in load_firmware_cb(), if it is\nnull, report a warning and just return.\n\n[1]:\n ==================================================================\n BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0\n Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504\n\n Call trace:\n load_firmware_cb+0x1310/0x17a0\n request_firmware_work_func+0x128/0x220\n process_one_work+0x770/0x1824\n worker_thread+0x488/0xea0\n kthread+0x300/0x430\n ret_from_fork+0x10/0x20\n\n Allocated by task 6504:\n kzalloc\n tuner_probe+0xb0/0x1430\n i2c_device_probe+0x92c/0xaf0\n really_probe+0x678/0xcd0\n driver_probe_device+0x280/0x370\n __device_attach_driver+0x220/0x330\n bus_for_each_drv+0x134/0x1c0\n __device_attach+0x1f4/0x410\n device_initial_probe+0x20/0x30\n bus_probe_device+0x184/0x200\n device_add+0x924/0x12c0\n device_register+0x24/0x30\n i2c_new_device+0x4e0/0xc44\n v4l2_i2c_new_subdev_board+0xbc/0x290\n v4l2_i2c_new_subdev+0xc8/0x104\n em28xx_v4l2_init+0x1dd0/0x3770\n\n Freed by task 6504:\n kfree+0x238/0x4e4\n tuner_remove+0x144/0x1c0\n i2c_device_remove+0xc8/0x290\n __device_release_driver+0x314/0x5fc\n device_release_driver+0x30/0x44\n bus_remove_device+0x244/0x490\n device_del+0x350/0x900\n device_unregister+0x28/0xd0\n i2c_unregister_device+0x174/0x1d0\n v4l2_device_unregister+0x224/0x380\n em28xx_v4l2_init+0x1d90/0x3770\n\n The buggy address belongs to the object at ffff8000d7ca2000\n which belongs to the cache kmalloc-2k of size 2048\n The buggy address is located 776 bytes inside of\n 2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800)\n The buggy address belongs to the page:\n page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0\n flags: 0x7ff800000000100(slab)\n raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000\n raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n \u003effff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ==================================================================\n\n[2]\n Actually, it is allocated for struct tuner, and dvb_frontend is inside.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43900",
"url": "https://www.suse.com/security/cve/CVE-2024-43900"
},
{
"category": "external",
"summary": "SUSE Bug 1229756 for CVE-2024-43900",
"url": "https://bugzilla.suse.com/1229756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43900"
},
{
"cve": "CVE-2024-43902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checker before passing variables\n\nChecks null pointer before passing variables to functions.\n\nThis fixes 3 NULL_RETURNS issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43902",
"url": "https://www.suse.com/security/cve/CVE-2024-43902"
},
{
"category": "external",
"summary": "SUSE Bug 1229767 for CVE-2024-43902",
"url": "https://bugzilla.suse.com/1229767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43902"
},
{
"cve": "CVE-2024-43903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43903"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43903",
"url": "https://www.suse.com/security/cve/CVE-2024-43903"
},
{
"category": "external",
"summary": "SUSE Bug 1229781 for CVE-2024-43903",
"url": "https://bugzilla.suse.com/1229781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43903"
},
{
"cve": "CVE-2024-43905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix the null pointer dereference for vega10_hwmgr\n\nCheck return value and conduct null pointer handling to avoid null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43905",
"url": "https://www.suse.com/security/cve/CVE-2024-43905"
},
{
"category": "external",
"summary": "SUSE Bug 1229784 for CVE-2024-43905",
"url": "https://bugzilla.suse.com/1229784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43905"
},
{
"cve": "CVE-2024-43906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43906"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/admgpu: fix dereferencing null pointer context\n\nWhen user space sets an invalid ta type, the pointer context will be empty.\nSo it need to check the pointer context before using it",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43906",
"url": "https://www.suse.com/security/cve/CVE-2024-43906"
},
{
"category": "external",
"summary": "SUSE Bug 1229785 for CVE-2024-43906",
"url": "https://bugzilla.suse.com/1229785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43906"
},
{
"cve": "CVE-2024-43907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43907"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules\n\nCheck the pointer value to fix potential null pointer\ndereference",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43907",
"url": "https://www.suse.com/security/cve/CVE-2024-43907"
},
{
"category": "external",
"summary": "SUSE Bug 1229787 for CVE-2024-43907",
"url": "https://bugzilla.suse.com/1229787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43907"
},
{
"cve": "CVE-2024-43908",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43908"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the null pointer dereference to ras_manager\n\nCheck ras_manager before using it",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43908",
"url": "https://www.suse.com/security/cve/CVE-2024-43908"
},
{
"category": "external",
"summary": "SUSE Bug 1229788 for CVE-2024-43908",
"url": "https://bugzilla.suse.com/1229788"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43908"
},
{
"cve": "CVE-2024-43909",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43909"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference for smu7\n\noptimize the code to avoid pass a null pointer (hwmgr-\u003ebackend)\nto function smu7_update_edc_leakage_table.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43909",
"url": "https://www.suse.com/security/cve/CVE-2024-43909"
},
{
"category": "external",
"summary": "SUSE Bug 1229789 for CVE-2024-43909",
"url": "https://bugzilla.suse.com/1229789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43909"
},
{
"cve": "CVE-2024-43911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix NULL dereference at band check in starting tx ba session\n\nIn MLD connection, link_data/link_conf are dynamically allocated. They\ndon\u0027t point to vif-\u003ebss_conf. So, there will be no chanreq assigned to\nvif-\u003ebss_conf and then the chan will be NULL. Tweak the code to check\nht_supported/vht_supported/has_he/has_eht on sta deflink.\n\nCrash log (with rtw89 version under MLO development):\n[ 9890.526087] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 9890.526102] #PF: supervisor read access in kernel mode\n[ 9890.526105] #PF: error_code(0x0000) - not-present page\n[ 9890.526109] PGD 0 P4D 0\n[ 9890.526114] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 9890.526119] CPU: 2 PID: 6367 Comm: kworker/u16:2 Kdump: loaded Tainted: G OE 6.9.0 #1\n[ 9890.526123] Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB3WW (2.73 ) 11/28/2018\n[ 9890.526126] Workqueue: phy2 rtw89_core_ba_work [rtw89_core]\n[ 9890.526203] RIP: 0010:ieee80211_start_tx_ba_session (net/mac80211/agg-tx.c:618 (discriminator 1)) mac80211\n[ 9890.526279] Code: f7 e8 d5 93 3e ea 48 83 c4 28 89 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 49 8b 84 24 e0 f1 ff ff 48 8b 80 90 1b 00 00 \u003c83\u003e 38 03 0f 84 37 fe ff ff bb ea ff ff ff eb cc 49 8b 84 24 10 f3\nAll code\n========\n 0:\tf7 e8 \timul %eax\n 2:\td5 \t(bad)\n 3:\t93 \txchg %eax,%ebx\n 4:\t3e ea \tds (bad)\n 6:\t48 83 c4 28 \tadd $0x28,%rsp\n a:\t89 d8 \tmov %ebx,%eax\n c:\t5b \tpop %rbx\n d:\t41 5c \tpop %r12\n f:\t41 5d \tpop %r13\n 11:\t41 5e \tpop %r14\n 13:\t41 5f \tpop %r15\n 15:\t5d \tpop %rbp\n 16:\tc3 \tretq\n 17:\tcc \tint3\n 18:\tcc \tint3\n 19:\tcc \tint3\n 1a:\tcc \tint3\n 1b:\t49 8b 84 24 e0 f1 ff \tmov -0xe20(%r12),%rax\n 22:\tff\n 23:\t48 8b 80 90 1b 00 00 \tmov 0x1b90(%rax),%rax\n 2a:*\t83 38 03 \tcmpl $0x3,(%rax)\t\t\u003c-- trapping instruction\n 2d:\t0f 84 37 fe ff ff \tje 0xfffffffffffffe6a\n 33:\tbb ea ff ff ff \tmov $0xffffffea,%ebx\n 38:\teb cc \tjmp 0x6\n 3a:\t49 \trex.WB\n 3b:\t8b \t.byte 0x8b\n 3c:\t84 24 10 \ttest %ah,(%rax,%rdx,1)\n 3f:\tf3 \trepz\n\nCode starting with the faulting instruction\n===========================================\n 0:\t83 38 03 \tcmpl $0x3,(%rax)\n 3:\t0f 84 37 fe ff ff \tje 0xfffffffffffffe40\n 9:\tbb ea ff ff ff \tmov $0xffffffea,%ebx\n e:\teb cc \tjmp 0xffffffffffffffdc\n 10:\t49 \trex.WB\n 11:\t8b \t.byte 0x8b\n 12:\t84 24 10 \ttest %ah,(%rax,%rdx,1)\n 15:\tf3 \trepz\n[ 9890.526285] RSP: 0018:ffffb8db09013d68 EFLAGS: 00010246\n[ 9890.526291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9308e0d656c8\n[ 9890.526295] RDX: 0000000000000000 RSI: ffffffffab99460b RDI: ffffffffab9a7685\n[ 9890.526300] RBP: ffffb8db09013db8 R08: 0000000000000000 R09: 0000000000000873\n[ 9890.526304] R10: ffff9308e0d64800 R11: 0000000000000002 R12: ffff9308e5ff6e70\n[ 9890.526308] R13: ffff930952500e20 R14: ffff9309192a8c00 R15: 0000000000000000\n[ 9890.526313] FS: 0000000000000000(0000) GS:ffff930b4e700000(0000) knlGS:0000000000000000\n[ 9890.526316] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 9890.526318] CR2: 0000000000000000 CR3: 0000000391c58005 CR4: 00000000001706f0\n[ 9890.526321] Call Trace:\n[ 9890.526324] \u003cTASK\u003e\n[ 9890.526327] ? show_regs (arch/x86/kernel/dumpstack.c:479)\n[ 9890.526335] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)\n[ 9890.526340] ? page_fault_oops (arch/x86/mm/fault.c:713)\n[ 9890.526347] ? search_module_extables (kernel/module/main.c:3256 (discriminator\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43911",
"url": "https://www.suse.com/security/cve/CVE-2024-43911"
},
{
"category": "external",
"summary": "SUSE Bug 1229827 for CVE-2024-43911",
"url": "https://bugzilla.suse.com/1229827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43911"
},
{
"cve": "CVE-2024-43912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43912"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: disallow setting special AP channel widths\n\nSetting the AP channel width is meant for use with the normal\n20/40/... MHz channel width progression, and switching around\nin S1G or narrow channels isn\u0027t supported. Disallow that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43912",
"url": "https://www.suse.com/security/cve/CVE-2024-43912"
},
{
"category": "external",
"summary": "SUSE Bug 1229830 for CVE-2024-43912",
"url": "https://bugzilla.suse.com/1229830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-43912"
},
{
"cve": "CVE-2024-44931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: prevent potential speculation leaks in gpio_device_get_desc()\n\nUserspace may trigger a speculative read of an address outside the gpio\ndescriptor array.\nUsers can do that by calling gpio_ioctl() with an offset out of range.\nOffset is copied from user and then used as an array index to get\nthe gpio descriptor without sanitization in gpio_device_get_desc().\n\nThis change ensures that the offset is sanitized by using\narray_index_nospec() to mitigate any possibility of speculative\ninformation leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44931",
"url": "https://www.suse.com/security/cve/CVE-2024-44931"
},
{
"category": "external",
"summary": "SUSE Bug 1229837 for CVE-2024-44931",
"url": "https://bugzilla.suse.com/1229837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-44931"
},
{
"cve": "CVE-2024-44938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44938"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix shift-out-of-bounds in dbDiscardAG\n\nWhen searching for the next smaller log2 block, BLKSTOL2() returned 0,\ncausing shift exponent -1 to be negative.\n\nThis patch fixes the issue by exiting the loop directly when negative\nshift is found.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44938",
"url": "https://www.suse.com/security/cve/CVE-2024-44938"
},
{
"category": "external",
"summary": "SUSE Bug 1229792 for CVE-2024-44938",
"url": "https://bugzilla.suse.com/1229792"
},
{
"category": "external",
"summary": "SUSE Bug 1229793 for CVE-2024-44938",
"url": "https://bugzilla.suse.com/1229793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2024-44938"
},
{
"cve": "CVE-2024-44939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44939"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix null ptr deref in dtInsertEntry\n\n[syzbot reported]\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713\n...\n[Analyze]\nIn dtInsertEntry(), when the pointer h has the same value as p, after writing\nname in UniStrncpy_to_le(), p-\u003eheader.flag will be cleared. This will cause the\npreviously true judgment \"p-\u003eheader.flag \u0026 BT-LEAF\" to change to no after writing\nthe name operation, this leads to entering an incorrect branch and accessing the\nuninitialized object ih when judging this condition for the second time.\n\n[Fix]\nAfter got the page, check freelist first, if freelist == 0 then exit dtInsert()\nand return -EINVAL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44939",
"url": "https://www.suse.com/security/cve/CVE-2024-44939"
},
{
"category": "external",
"summary": "SUSE Bug 1229820 for CVE-2024-44939",
"url": "https://bugzilla.suse.com/1229820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-10.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-10.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-44939"
}
]
}
suse-su-2025:20044-1
Vulnerability from csaf_suse
Published
2025-02-03 08:54
Modified
2025-02-03 08:54
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Micro 6.0 kernel was updated to receive various security bugfixes.
This release includes the first live patch.
The following security bugs were fixed:
- CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage (bsc#1221326).
- CVE-2023-52581: netfilter: nf_tables: fix memleak when more than 255 elements expired (bsc#1220877).
- CVE-2023-52859: perf: hisi: Fix use-after-free when register pmu fails (bsc#1225582).
- CVE-2023-52889: apparmor: Fix null pointer deref when receiving skb during sock creation (bsc#1229287,).
- CVE-2024-26590: erofs: fix inconsistent per-file compression format (bsc#1220252).
- CVE-2024-26631: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).
- CVE-2024-26668: netfilter: nft_limit: reject configurations that cause integer overflow (bsc#1222335).
- CVE-2024-26669: kABI fix for net/sched: flower: Fix chain template offload (bsc#1222350).
- CVE-2024-26677: blacklist.conf: Add e7870cf13d20 ("rxrpc: Fix delayed ACKs to not set the reference serial number") (bsc#1222387)
- CVE-2024-26735: ipv6: sr: fix possible use-after-free and null-ptr-deref (bsc#1222372).
- CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
- CVE-2024-26809: netfilter: nft_set_pipapo: release elements in clone only from destroy path (bsc#1222633).
- CVE-2024-26812: kABI: vfio: struct virqfd kABI workaround (bsc#1222808).
- CVE-2024-26835: netfilter: nf_tables: set dormant flag on hook register failure (bsc#1222967).
- CVE-2024-26837: net: bridge: switchdev: Skip MDB replays of deferred events on offload (bsc#1222973).
- CVE-2024-26851: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (bsc#1223074)
- CVE-2024-27010: net/sched: Fix mirred deadlock on device recursion (bsc#1223720).
- CVE-2024-27011: netfilter: nf_tables: fix memleak in map from abort path (bsc#1223803).
- CVE-2024-27024: net/rds: fix WARNING in rds_conn_connect_if_down (bsc#1223777).
- CVE-2024-27079: iommu/vt-d: Fix NULL domain on device release (bsc#1223742).
- CVE-2024-27403: kabi: restore const specifier in flow_offload_route_init() (bsc#1224415).
- CVE-2024-27433: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() (bsc#1224711).
- CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625).
- CVE-2024-35897: netfilter: nf_tables: discard table flag update with pending basechain deletion (bsc#1224510).
- CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535).
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
- CVE-2024-36286: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
- CVE-2024-36489: tls: fix missing memory barrier in tls_init (bsc#1226874)
- CVE-2024-36881: mm/userfaultfd: reset ptes when close() for wr-protected ones (bsc#1225718).
- CVE-2024-36929: net: core: reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).
- CVE-2024-36933: net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).
- CVE-2024-36979: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage[1] in bridge's mst code. (bsc#1226604).
- CVE-2024-38662: selftests/bpf: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
- CVE-2024-39489: ipv6: sr: fix memleak in seg6_hmac_init_algo (bsc#1227623)
- CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729).
- CVE-2024-40905: ipv6: fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)
- CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798).
- CVE-2024-40920: net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (bsc#1227781).
- CVE-2024-40921: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (bsc#1227784).
- CVE-2024-40938: landlock: fix d_parent walk (bsc#1227840).
- CVE-2024-40939: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail (bsc#1227799).
- CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).
- CVE-2024-40957: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (bsc#1227811).
- CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812).
- CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884).
- CVE-2024-40978: scsi: qedi: Fix crash while reading debugfs attribute (bsc#1227929).
- CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).
- CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).
- CVE-2024-40995: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
- CVE-2024-41000: block/ioctl: prefer different overflow check (bsc#1227867).
- CVE-2024-41007: tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).
- CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020).
- CVE-2024-41010: bpf: Fix too early release of tcx_entry (bsc#1228021).
- CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
- CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409).
- CVE-2024-41020: filelock: Fix fcntl/close race recovery compat path (bsc#1228427).
- CVE-2024-41032: mm: vmalloc: check if a hash-index is in cpu_possible_mask (bsc#1228460).
- CVE-2024-41036: net: ks8851: Fix deadlock with the SPI chip variant (bsc#1228496).
- CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518).
- CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520).
- CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530).
- CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565).
- CVE-2024-41050: cachefiles: cyclic allocation of msg_id to avoid reuse (bsc#1228499).
- CVE-2024-41051: cachefiles: wait for ondemand_object_worker to finish when dropping object (bsc#1228468).
- CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462).
- CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459).
- CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576).
- CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599).
- CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640).
- CVE-2024-41068: s390/sclp: Fix sclp_init() cleanup on failure (bsc#1228579).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
- CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581).
- CVE-2024-41074: cachefiles: Set object to close if ondemand_id < 0 in copen (bsc#1228643).
- CVE-2024-41075: cachefiles: add consistency check for copen/cread (bsc#1228646).
- CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649).
- CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655).
- CVE-2024-41080: io_uring: fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).
- CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617).
- CVE-2024-41084: cxl/region: Avoid null pointer dereference in region lookup (bsc#1228472).
- CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470).
- CVE-2024-42073: mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems (bsc#1228457).
- CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672).
- CVE-2024-42082: xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
- CVE-2024-42095: serial: 8250_omap: Fix Errata i2310 with RX FIFO level check (bsc#1228446).
- CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633).
- CVE-2024-42106: inet_diag: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
- CVE-2024-42107: ice: Do not process extts if PTP is disabled (bsc#1228494).
- CVE-2024-42109: netfilter: nf_tables: unconditionall (bsc#1228505).
- CVE-2024-42110: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
- CVE-2024-42113: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts (bsc#1228568).
- CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591).
- CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705).
- CVE-2024-42138: mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file (bsc#1228500).
- CVE-2024-42139: ice: Fix improper extts handling (bsc#1228503).
- CVE-2024-42142: net/mlx5: E-switch, Create ingress ACL when needed (bsc#1228491).
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743).
- CVE-2024-42148: bnx2x: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
- CVE-2024-42155: s390/pkey: Wipe copies of protected- and secure-keys (bsc#1228733).
- CVE-2024-42156: s390/pkey: Wipe copies of clear-key structures on failure (bsc#1228722).
- CVE-2024-42157: s390/pkey: Wipe sensitive data on failure (bsc#1228727 CVE-2024-42157 git-fixes).
- CVE-2024-42158: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
- CVE-2024-42159: scsi: mpi3mr: sanitise num_phys (bsc#1228754).
- CVE-2024-42161: bpf: avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756).
- CVE-2024-42162: gve: Account for stopped queues when reading NIC stats (bsc#1228706).
- CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723).
- CVE-2024-42241: mm/shmem: disable PMD-sized page cache if needed (bsc#1228986).
- CVE-2024-42245: Revert "sched/fair: Make sure to try to detach at least one movable task" (bsc#1228978).
- CVE-2024-42246: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
- CVE-2024-42247: wireguard: allowedips: avoid unaligned 64-bit memory accesses (bsc#1228988).
- CVE-2024-42268: net/mlx5: Fix missing lock on sync reset reload (bsc#1229391).
- CVE-2024-42269: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). (bsc#1229402).
- CVE-2024-42270: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). (bsc#1229404).
- CVE-2024-42277: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).
- CVE-2024-42281: bpf: Fix a segment issue when downgrading gso_size (bsc#1229386).
- CVE-2024-42283: net: nexthop: Initialize all fields in dumped nexthops (bsc#1229383)
- CVE-2024-42284: tipc: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
- CVE-2024-42290: irqchip/imx-irqsteer: Handle runtime power management correctly (bsc#1229379).
- CVE-2024-42291: ice: Add a per-VF limit on number of FDIR filters (bsc#1229374).
- CVE-2024-42295: nilfs2: handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).
- CVE-2024-42301: dev/parport: fix the array out-of-bounds risk (bsc#1229407).
- CVE-2024-42308: Update DRM patch reference (bsc#1229411)
- CVE-2024-42312: sysctl: always initialize i_uid/i_gid (bsc#1229357)
- CVE-2024-42316: mm/mglru: fix div-by-zero in vmpressure_calc_level() (bsc#1229353).
- CVE-2024-42318: landlock: Do not lose track of restrictions on cred_transfer (bsc#1229351).
- CVE-2024-42322: ipvs: properly dereference pe in ip_vs_add_service (bsc#1229347)
- CVE-2024-43821: scsi: lpfc: Fix a possible null pointer dereference (bsc#1229315).
- CVE-2024-43831: media: mediatek: vcodec: Handle invalid decoder vsi (bsc#1229309).
- CVE-2024-43834: xdp: fix invalid wait context of page_pool_destroy() (bsc#1229314)
- CVE-2024-43837: bpf: Fix updating attached freplace prog in prog_array map (bsc#1229297).
- CVE-2024-43839: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
- CVE-2024-43850: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove (bsc#1229316).
- CVE-2024-43854: block: initialize integrity buffer to zero before writing it to media (bsc#1229345)
- CVE-2024-43855: md: fix deadlock between mddev_suspend and flush bio (bsc#1229342).
- CVE-2024-43864: net/mlx5e: Fix CT entry update leaks of modify header context (bsc#1229496).
- CVE-2024-43866: net/mlx5: Always drain health in shutdown callback (bsc#1229495).
- CVE-2024-43880: kabi: lib: objagg: Put back removed metod in struct objagg_ops (bsc#1229481).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2024-43899: drm/amd/display: Fix null pointer deref in dcn20_resource.c (bsc#1229754).
- CVE-2024-43911: wifi: mac80211: fix NULL dereference at band check in starting tx ba session (bsc#1229827).
Additional CVEs were previously fixed and are only mentioned in the metadata.
The following non-security bugs were fixed:
- ACPI/NUMA: Apply SRAT proximity domain to entire CFMWS window (git-fixes).
- ACPI: SBS: manage alarm sysfs attribute through psy core (stable-fixes).
- ACPI: battery: create alarm sysfs attribute atomically (stable-fixes).
- ACPI: processor_idle: use raw_safe_halt() in acpi_idle_play_dead() (git-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).
- ALSA: hda/realtek - FIxed ALC285 headphone no sound (stable-fixes).
- ALSA: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).
- ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G (stable-fixes).
- ALSA: hda/realtek: Add support for new HP G12 laptops (stable-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs on HP Laptop 14-ey0xxx (stable-fixes).
- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book3 Ultra (stable-fixes).
- ALSA: hda/realtek: Implement sound init sequence for Samsung Galaxy Book3 Pro 360 (stable-fixes).
- ALSA: hda/realtek: support HP Pavilion Aero 13-bg0xxx Mute LED (stable-fixes).
- ALSA: hda/tas2781: Use correct endian conversion (git-fixes).
- ALSA: hda/tas2781: fix wrong calibrated data order (git-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).
- ALSA: hda: Conditionally use snooping for AMD HDMI (git-fixes).
- ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- ALSA: seq: Skip event type filtering for UMP events (git-fixes).
- ALSA: seq: ump: Explicitly reset RPN with Null RPN (stable-fixes).
- ALSA: seq: ump: Optimize conversions from SysEx to UMP (git-fixes).
- ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes).
- ALSA: seq: ump: Use the common RPN/bank conversion context (stable-fixes).
- ALSA: timer: Relax start tick time check for slave timer elements (git-fixes).
- ALSA: ump: Explicitly reset RPN with Null RPN (stable-fixes).
- ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes).
- ALSA: usb-audio: Correct surround channels in UAC1 channel map (git-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- ALSA: usb-audio: Support Yamaha P-125 quirk entry (stable-fixes).
- ALSA: usb: Fix UBSAN warning in parse_audio_unit() (stable-fixes).
- ASoC: SOF: Intel: hda-dsp: Make sure that no irq handler is pending before suspend (stable-fixes).
- ASoC: SOF: Remove libraries from topology lookups (git-fixes).
- ASoC: SOF: Remove libraries from topology lookups (git-fixes).
- ASoC: SOF: amd: Fix for acp init sequence (git-fixes).
- ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data (stable-fixes).
- ASoC: SOF: mediatek: Add missing board compatible (stable-fixes).
- ASoC: allow module autoloading for table board_ids (stable-fixes).
- ASoC: allow module autoloading for table db1200_pids (stable-fixes).
- ASoC: amd: acp: fix module autoloading (git-fixes).
- ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop 16-n0xxx (bsc#1227182).
- ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes).
- ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes).
- ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes).
- ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes).
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes).
- ASoC: cs35l45: Checks index of cs35l45_irqs[] (stable-fixes).
- ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes).
- ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes).
- ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes).
- ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes).
- ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes).
- ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes).
- ASoC: mediatek: mt8188: Mark AFE_DAC_CON0 register as volatile (stable-fixes).
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes).
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes).
- ASoC: nau8822: Lower debug print priority (stable-fixes).
- ASoC: nau8822: Lower debug print priority (stable-fixes).
- Bluetooth: Add device 13d3:3572 IMC Networks Bluetooth Radio (stable-fixes).
- Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes).
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- Bluetooth: MGMT: Add error handling to pair_device() (git-fixes).
- Bluetooth: SMP: Fix assumption of Central always being Initiator (git-fixes).
- Bluetooth: bnep: Fix out-of-bound access (stable-fixes).
- Bluetooth: btintel: Fail setup on error (git-fixes).
- Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading (stable-fixes).
- Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (stable-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (stable-fixes).
- Bluetooth: hci_conn: Check non NULL function before calling for HFP offload (stable-fixes).
- Bluetooth: hci_core: Fix LE quote calculation (git-fixes).
- Bluetooth: hci_core: Fix not handling hibernation actions (git-fixes).
- Bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes).
- Bluetooth: hci_sync: avoid dup filtering when passive scanning with adv monitor (git-fixes).
- Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (git-fixes).
- Drop libata patch that caused a regression (bsc#1229054)
- HID: wacom: Defer calculation of resolution until resolution_code is known (git-fixes).
- Input: MT - limit max slots (stable-fixes).
- Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (bsc#1229056).
- Input: i8042 - add forcenorestore quirk to leave controller untouched even on s3 (stable-fixes).
- Input: i8042 - use new forcenorestore quirk to replace old buggy quirk combination (stable-fixes).
- KVM: Always flush async #PF workqueue when vCPU is being destroyed (git-fixes).
- KVM: Make KVM_MEM_GUEST_MEMFD mutually exclusive with KVM_MEM_READONLY (git-fixes).
- KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869).
- KVM: PPC: Book3S HV: Handle pending exceptions on guest entry with MSR_EE (bsc#1215199).
- KVM: Protect vcpu->pid dereference via debugfs with RCU (git-fixes).
- KVM: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes).
- KVM: Stop processing *all* memslots when "null" mmu_notifier handler is found (git-fixes).
- KVM: VMX: Move posted interrupt descriptor out of VMX code (git-fixes).
- KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() (git-fixes).
- KVM: VMX: Switch __vmx_exit() and kvm_x86_vendor_exit() in vmx_exit() (git-fixes).
- KVM: arm64: AArch32: Fix spurious trapping of conditional instructions (git-fixes).
- KVM: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (git-fixes).
- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes).
- KVM: arm64: Fix AArch32 register narrowing on userspace write (git-fixes).
- KVM: arm64: Fix __pkvm_init_switch_pgd call ABI (git-fixes).
- KVM: arm64: Fix clobbered ELR in sync abort/SError (git-fixes)
- KVM: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes).
- KVM: arm64: timers: Correctly handle TGE flip with CNTPOFF_EL2 (git-fixes).
- KVM: arm64: timers: Fix resource leaks in kvm_timer_hyp_init() (git-fixes).
- KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes).
- KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes).
- KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes).
- KVM: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes).
- KVM: arm64: vgic: Add a non-locking primitive for kvm_vgic_vcpu_destroy() (git-fixes).
- KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy (git-fixes).
- KVM: arm64: vgic: Simplify kvm_vgic_destroy() (git-fixes).
- KVM: fix kvm_mmu_memory_cache allocation warning (git-fixes).
- KVM: nVMX: Add a helper to get highest pending from Posted Interrupt vector (git-fixes).
- KVM: nVMX: Check for pending posted interrupts when looking for nested events (git-fixes).
- KVM: nVMX: Request immediate exit iff pending nested event needs injection (git-fixes).
- KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes).
- KVM: s390: fix validity interception issue when gisa is switched off (git-fixes bsc#1229167).
- KVM: x86/mmu: Bug the VM if KVM tries to split a !hugepage SPTE (git-fixes).
- KVM: x86: Limit check IDs for KVM_SET_BOOT_CPU_ID (git-fixes).
- Move upstreamed powerpc patches into sorted section
- Move upstreamed sound patches into sorted section
- Moved upstreamed ASoC patch into sorted section
- NFSD: Support write delegations in LAYOUTGET (git-fixes).
- NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).
- PCI: Add Edimax Vendor ID to pci_ids.h (stable-fixes).
- PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes).
- PCI: loongson: Enable MSI in LS7A Root Complex (stable-fixes).
- RDMA/cache: Release GID table even if leak is detected (git-fixes)
- RDMA/device: Return error earlier if port in not valid (git-fixes)
- RDMA/hns: Check atomic wr length (git-fixes)
- RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes)
- RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes)
- RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes)
- RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes)
- RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes)
- RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes)
- RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes)
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes)
- RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes).
- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes)
- RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes)
- RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes)
- RDMA/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes)
- RDMA: Fix netdev tracker in ib_device_set_netdev (git-fixes)
- Revert "ALSA: firewire-lib: obsolete workqueue for period update" (bsc#1208783).
- Revert "ALSA: firewire-lib: operate for period elapse event in process context" (bsc#1208783).
- Revert "KVM: Prevent module exit until all VMs are freed" (git-fixes).
- Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" (git-fixes).
- Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" (git-fixes).
- Revert "misc: fastrpc: Restrict untrusted app to attach to privileged PD" (git-fixes).
- Revert "usb: gadget: uvc: cleanup request when not in correct state" (stable-fixes).
- Revert "usb: typec: tcpm: clear pd_event queue in PORT_RESET" (git-fixes).
- SUNRPC: Fix a race to wake a sync task (git-fixes).
- SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes).
- Squashfs: fix variable overflow triggered by sysbot (git-fixes).
- USB: serial: debug: do not echo input by default (stable-fixes).
- Update config files. Disable vdpa drivers for Alibaba ENI and SolidNET (jsc#PED-8954, bsc#1227834)
- Update config files. Disable CONFIG_KFENCE on ppc64le (bsc#1226920)
- Update patch references for ASoC regression fixes (bsc#1229045 bsc#1229046)
- afs: fix __afs_break_callback() / afs_drop_open_mmap() race (git-fixes).
- apparmor: unpack transition table if dfa is not present (bsc#1226031).
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- arm64: Add Neoverse-V2 part (git-fixes)
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- arm64: barrier: Restore spec_bar() macro (git-fixes)
- arm64: cputype: Add Cortex-A720 definitions (git-fixes)
- arm64: cputype: Add Cortex-A725 definitions (git-fixes)
- arm64: cputype: Add Cortex-X1C definitions (git-fixes)
- arm64: cputype: Add Cortex-X3 definitions (git-fixes)
- arm64: cputype: Add Cortex-X4 definitions (git-fixes)
- arm64: cputype: Add Cortex-X925 definitions (git-fixes)
- arm64: cputype: Add Neoverse-V3 definitions (git-fixes)
- arm64: dts: imx8mp: Add NPU Node (git-fixes)
- arm64: dts: imx8mp: Fix pgc vpu locations (git-fixes)
- arm64: dts: imx8mp: Fix pgc_mlmix location (git-fixes)
- arm64: dts: imx8mp: add HDMI power-domains (git-fixes)
- arm64: errata: Expand speculative SSBS workaround (again) (git-fixes)
- arm64: errata: Expand speculative SSBS workaround (git-fixes)
- arm64: errata: Unify speculative SSBS errata logic (git-fixes). Update config files.
- arm64: jump_label: Ensure patched jump_labels are visible to all CPUs (git-fixes)
- ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1 (stable-fixes).
- ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error (stable-fixes).
- blacklist.conf: Add libata upstream revert entry (bsc#1229054)
- bnxt_re: Fix imm_data endianness (git-fixes)
- bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG (git-fixes)
- bpf, lpm: Fix check prefixlen before walking trie (git-fixes).
- bpf/tests: Remove duplicate JSGT tests (git-fixes).
- bpf: Add crosstask check to __bpf_get_stack (git-fixes).
- bpf: Detect IP == ksym.end as part of BPF program (git-fixes).
- bpf: Ensure proper register state printing for cond jumps (git-fixes).
- bpf: Fix a few selftest failures due to llvm18 change (git-fixes).
- bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903).
- bpf: Fix check_stack_write_fixed_off() to correctly spill imm (git-fixes).
- bpf: Fix kfunc callback register type handling (git-fixes).
- bpf: Fix prog_array_map_poke_run map poke update (git-fixes).
- bpf: Fix unnecessary -EBUSY from htab_lock_bucket (git-fixes).
- bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly (git-fixes).
- bpf: Remove unnecessary wait from bpf_map_copy_value() (git-fixes).
- bpf: Set uattr->batch.count as zero before batched update or deletion (git-fixes).
- bpf: do not infer PTR_TO_CTX for programs with unnamed context type (git-fixes).
- bpf: enforce precision of R0 on callback return (git-fixes).
- bpf: extract bpf_ctx_convert_map logic and make it more reusable (git-fixes).
- bpf: fix control-flow graph checking in privileged mode (git-fixes).
- bpf: handle bpf_user_pt_regs_t typedef explicitly for PTR_TO_CTX global arg (git-fixes).
- bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes() (git-fixes).
- bpf: kprobe: remove unused declaring of bpf_kprobe_override (git-fixes).
- bpf: simplify btf_get_prog_ctx_type() into btf_is_prog_ctx_type() (git-fixes).
- bpftool: Align output skeleton ELF code (git-fixes).
- bpftool: Fix -Wcast-qual warning (git-fixes).
- bpftool: Silence build warning about calloc() (git-fixes).
- bpftool: mark orphaned programs during prog show (git-fixes).
- btrfs: add a btrfs_finish_ordered_extent helper (git-fixes).
- btrfs: add a is_data_bbio helper (git-fixes).
- btrfs: add an ordered_extent pointer to struct btrfs_bio (git-fixes).
- btrfs: copy dir permission and time when creating a stub subvolume (bsc#1228321).
- btrfs: ensure fast fsync waits for ordered extents after a write failure (git-fixes).
- btrfs: factor out a btrfs_queue_ordered_fn helper (git-fixes).
- btrfs: factor out a can_finish_ordered_extent helper (git-fixes).
- btrfs: fix corruption after buffer fault in during direct IO append write (git-fixes).
- btrfs: fix double inode unlock for direct IO sync writes (git-fixes).
- btrfs: fix extent map use-after-free when adding pages to compressed bio (git-fixes).
- btrfs: fix leak of qgroup extent records after transaction abort (git-fixes).
- btrfs: fix ordered extent split error handling in btrfs_dio_submit_io (git-fixes).
- btrfs: limit write bios to a single ordered extent (git-fixes).
- btrfs: make btrfs_finish_ordered_extent() return void (git-fixes).
- btrfs: merge the two calls to btrfs_add_ordered_extent in run_delalloc_nocow (git-fixes).
- btrfs: open code btrfs_bio_end_io in btrfs_dio_submit_io (git-fixes).
- btrfs: open code end_extent_writepage in end_bio_extent_writepage (git-fixes).
- btrfs: pass a btrfs_inode to btrfs_fdatawrite_range() (git-fixes).
- btrfs: pass a btrfs_inode to btrfs_wait_ordered_range() (git-fixes).
- btrfs: pass an ordered_extent to btrfs_reloc_clone_csums (git-fixes).
- btrfs: pass an ordered_extent to btrfs_submit_compressed_write (git-fixes).
- btrfs: remove btrfs_add_ordered_extent (git-fixes).
- btrfs: rename err to ret in btrfs_direct_write() (git-fixes).
- btrfs: uninline some static inline helpers from tree-log.h (git-fixes).
- btrfs: use a btrfs_inode in the log context (struct btrfs_log_ctx) (git-fixes).
- btrfs: use a btrfs_inode local variable at btrfs_sync_file() (git-fixes).
- btrfs: use bbio->ordered in btrfs_csum_one_bio (git-fixes).
- btrfs: use btrfs_finish_ordered_extent to complete buffered writes (git-fixes).
- btrfs: use btrfs_finish_ordered_extent to complete compressed writes (git-fixes).
- btrfs: use btrfs_finish_ordered_extent to complete direct writes (git-fixes).
- btrfs: use irq safe locking when running and adding delayed iputs (git-fixes).
- cachefiles, erofs: Fix NULL deref in when cachefiles is not doing ondemand-mode (bsc#1229245).
- cachefiles: add missing lock protection when polling (bsc#1229256).
- cachefiles: add restore command to recover inflight ondemand read requests (bsc#1229244).
- cachefiles: add spin_lock for cachefiles_ondemand_info (bsc#1229249).
- cachefiles: cancel all requests for the object that is being dropped (bsc#1229255).
- cachefiles: defer exposing anon_fd until after copy_to_user() succeeds (bsc#1229251).
- cachefiles: extract ondemand info field from cachefiles_object (bsc#1229240).
- cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() (bsc#1229247).
- cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() (bsc#1229246).
- cachefiles: introduce object ondemand state (bsc#1229239).
- cachefiles: make on-demand read killable (bsc#1229252).
- cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode (bsc#1229243).
- cachefiles: never get a new anonymous fd if ondemand_id is valid (bsc#1229250).
- cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229253).
- cachefiles: remove err_put_fd label in cachefiles_ondemand_daemon_read() (bsc#1229248).
- cachefiles: resend an open request if the read request's object is closed (bsc#1229241).
- cachefiles: stop sending new request when dropping object (bsc#1229254).
- can: mcp251xfd: tef: prepare to workaround broken TEF FIFO tail index erratum (stable-fixes).
- can: mcp251xfd: tef: update workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes).
- ceph: periodically flush the cap releases (bsc#1230056).
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- char: xillybus: Check USB endpoints when probing device (git-fixes).
- char: xillybus: Do not destroy workqueue from work item running on it (stable-fixes).
- char: xillybus: Refine workqueue handling (git-fixes).
- clk: en7523: fix rate divider for slic and spi clocks (git-fixes).
- clk: qcom: Park shared RCGs upon registration (git-fixes).
- clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs (git-fixes).
- clk: qcom: gcc-sa8775p: Update the GDSC wait_val fields and flags (git-fixes).
- clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock (git-fixes).
- clk: qcom: gpucc-sa8775p: Park RCG's clk source at XO during disable (git-fixes).
- clk: qcom: gpucc-sa8775p: Remove the CLK_IS_CRITICAL and ALWAYS_ON flags (git-fixes).
- clk: qcom: gpucc-sa8775p: Update wait_val fields for GPU GDSC's (git-fixes).
- clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable (git-fixes).
- clk: qcom: kpss-xcc: Return of_clk_add_hw_provider to transfer the error (git-fixes).
- clk: visconti: Add bounds-checking coverage for struct visconti_pll_provider (stable-fixes).
- clocksource/drivers/sh_cmt: Address race condition for clock events (stable-fixes).
- cpu/SMT: Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- cxl/region: Move cxl_dpa_to_region() work to the region driver (bsc#1228472)
- dev/parport: fix the array out-of-bounds risk (stable-fixes).
- device property: Add cleanup.h based fwnode_handle_put() scope based cleanup (stable-fixes).
- dmaengine: dw: Add memory bus width verification (git-fixes).
- dmaengine: dw: Add peripheral bus width verification (git-fixes).
- docs: KVM: Fix register ID of SPSR_FIQ (git-fixes).
- driver core: Fix uevent_show() vs driver detach race (git-fixes).
- drm/admgpu: fix dereferencing null pointer context (stable-fixes).
- drm/amd/display: Add delay to improve LTTPR UHBR interop (stable-fixes).
- drm/amd/display: Add null checker before passing variables (stable-fixes).
- drm/amd/display: Adjust cursor position (git-fixes).
- drm/amd/display: Check for NULL pointer (stable-fixes).
- drm/amd/display: Skip Recompute DSC Params if no Stream on Link (stable-fixes).
- drm/amd/display: avoid using null object of framebuffer (git-fixes).
- drm/amd/display: fix cursor offset on rotation 180 (git-fixes).
- drm/amd/display: fix s2idle entry for DCN3.5+ (stable-fixes).
- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (stable-fixes).
- drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes).
- drm/amdgpu/jpeg4: properly set atomics vmid field (stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference for smu7 (stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes).
- drm/amdgpu/pm: Fix the param type of set_power_profile_mode (stable-fixes).
- drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (stable-fixes).
- drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1 (git-fixes).
- drm/amdgpu: Actually check flags for all context ops (stable-fixes).
- drm/amdgpu: Add lock around VF RLCG interface (stable-fixes).
- drm/amdgpu: Fix the null pointer dereference to ras_manager (stable-fixes).
- drm/amdgpu: Forward soft recovery errors to userspace (stable-fixes).
- drm/amdgpu: Validate TA binary size (stable-fixes).
- drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes).
- drm/amdgpu: fix potential resource leak warning (stable-fixes).
- drm/amdgpu: reset vm state machine after gpu reset(vram lost) (stable-fixes).
- drm/bridge: analogix_dp: properly handle zero sized AUX transactions (stable-fixes).
- drm/client: fix null pointer dereference in drm_client_modeset_probe (git-fixes).
- drm/dp_mst: Skip CSN if topology probing is not done yet (stable-fixes).
- drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes).
- drm/i915/dsi: Make Lenovo Yoga Tab 3 X90F DMI match less strict (git-fixes).
- drm/i915/gem: Adjust vma offset for framebuffer mmap offset (stable-fixes).
- drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (git-fixes).
- drm/i915/hdcp: Fix HDCP2_STREAM_STATUS macro (git-fixes).
- drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll() (git-fixes).
- drm/lima: set gp bus_stop bit before hard reset (stable-fixes).
- drm/mediatek/dp: Fix spurious kfree() (git-fixes).
- drm/msm/dp: fix the max supported bpp logic (git-fixes).
- drm/msm/dp: reset the link phy params before link training (git-fixes).
- drm/msm/dpu: capture snapshot on the first commit_done timeout (stable-fixes).
- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (git-fixes).
- drm/msm/dpu: do not play tricks with debug macros (git-fixes).
- drm/msm/dpu: drop MSM_ENC_VBLANK support (stable-fixes).
- drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable() (git-fixes).
- drm/msm/dpu: split dpu_encoder_wait_for_event into two functions (stable-fixes).
- drm/msm/dpu: take plane rotation into account for wide planes (git-fixes).
- drm/msm/dpu: try multirect based on mdp clock limits (stable-fixes).
- drm/msm/dpu: use drmm-managed allocation for dpu_encoder_phys (stable-fixes).
- drm/msm/mdss: Rename path references to mdp_path (stable-fixes).
- drm/msm/mdss: switch mdss to use devm_of_icc_get() (stable-fixes).
- drm/msm: Reduce fallout of fence signaling vs reclaim hangs (stable-fixes).
- drm/nouveau: prime: fix refcount underflow (git-fixes).
- drm/panel: nt36523: Set 120Hz fps for xiaomi,elish panels (stable-fixes).
- drm/radeon/evergreen_cs: Clean up errors in evergreen_cs.c (bsc#1229024).
- drm/radeon: Remove __counted_by from StateArray.states[] (git-fixes).
- drm/rockchip: vop2: clear afbc en and transform bit for cluster window at linear mode (stable-fixes).
- drm/virtio: Fix type of dma-fence context variable (git-fixes).
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes).
- drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes).
- drm/vmwgfx: Fix prime with external buffers (git-fixes).
- efi/libstub: Zero initialize heap allocated struct screen_info (git-fixes).
- evm: do not copy up 'security.evm' xattr (git-fixes).
- firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid (stable-fixes).
- fs/netfs/fscache_cookie: add missing "n_accesses" check (bsc#1229455).
- fuse: Initialize beyond-EOF page contents before setting uptodate (bsc#1229456).
- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (git-fixes).
- genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (git-fixes).
- genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (git-fixes).
- gfs2: setattr_chown: Add missing initialization (git-fixes).
- gpio: mlxbf3: Support shutdown() function (git-fixes).
- gpio: prevent potential speculation leaks in gpio_device_get_desc() (stable-fixes).
- gpio: sysfs: extend the critical section for unregistering sysfs devices (stable-fixes).
- gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes).
- hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes).
- hwmon: (ltc2992) Avoid division by zero (stable-fixes).
- hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() (git-fixes).
- hwmon: (pc87360) Bounds check data->innr usage (stable-fixes).
- i2c: Fix conditional for substituting empty ACPI functions (stable-fixes).
- i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes).
- i2c: qcom-geni: Add missing clk_disable_unprepare in geni_i2c_runtime_resume (git-fixes).
- i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes).
- i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes).
- i2c: riic: avoid potential division by zero (stable-fixes).
- i2c: smbus: Improve handling of stuck alerts (git-fixes).
- i2c: smbus: Send alert notifications to all devices if source not found (git-fixes).
- i2c: stm32f7: Add atomic_xfer method to driver (stable-fixes).
- i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer (stable-fixes).
- i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out (stable-fixes).
- i915/perf: Remove code to update PWR_CLK_STATE for gen12 (git-fixes).
- ice: Fix NULL pointer access, if PF does not support SRIOV_LAG (bsc#1228737).
- io_uring/advise: support 64-bit lengths (git-fixes).
- io_uring: Drop per-ctx dummy_ubuf (git-fixes).
- io_uring: Fix probe of disabled operations (git-fixes).
- io_uring: fix io_match_task must_hold (git-fixes).
- io_uring: tighten task exit cancellations (git-fixes).
- iommu/amd: Convert comma to semicolon (git-fixes).
- iommu/vt-d: Fix identity map bounds in si_domain_init() (git-fixes).
- iommufd/device: Fix hwpt at err_unresv in iommufd_device_do_replace() (git-fixes).
- ip6_tunnel: Fix broken GRO (bsc#1229444).
- ipv6: sr: fix incorrect unregister order (git-fixes).
- irqdomain: Fixed unbalanced fwnode get and put (git-fixes).
- jfs: Fix shift-out-of-bounds in dbDiscardAG (git-fixes).
- jfs: define xtree root and page independently (git-fixes).
- jfs: fix null ptr deref in dtInsertEntry (git-fixes).
- jump_label: Clarify condition in static_key_fast_inc_not_disabled() (git-fixes).
- jump_label: Fix concurrency issues in static_key_slow_dec() (git-fixes).
- jump_label: Fix the fix, brown paper bags galore (git-fixes).
- jump_label: Simplify and clarify static_key_fast_inc_cpus_locked() (git-fixes).
- kABI fix of: virtio-crypto: handle config changed by work queue (git-fixes).
- kABI workaround for sound core UMP conversion (stable-fixes).
- kabi fix for KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes).
- kabi fix for SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes).
- kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783)
- kcov: properly check for softirq context (git-fixes).
- kernel-binary: generate and install compile_commands.json (bsc#1228971)
- kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy() (bsc#1229134).
- kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files (git-fixes).
- kprobes: Fix to check symbol prefixes correctly (git-fixes).
- kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
- kvm: s390: Reject memory region operations for ucontrol VMs (git-fixes bsc#1229168).
- libbpf: Add missing LIBBPF_API annotation to libbpf_set_memlock_rlim API (git-fixes).
- libbpf: Apply map_set_def_max_entries() for inner_maps on creation (git-fixes).
- libbpf: Fix faccessat() usage on Android (git-fixes).
- libbpf: Use OPTS_SET() macro in bpf_xdp_query() (git-fixes).
- md-cluster: fix hanging issue while a new disk adding (bsc#1223395).
- md-cluster: fix hanging issue while a new disk adding (bsc#1223395).
- md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395).
- md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395).
- md-cluster: keeping kabi compatibility for upstream commit 35a0a409fa26 (bsc#1223395).
- md/md-bitmap: fix writing non bitmap pages (git-fixes).
- md/raid1: set max_sectors during early return from choose_slow_rdev() (git-fixes).
- md/raid1: support read error check (git-fixes).
- md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (git-fixes).
- md/raid5: fix spares errors about rcu usage (git-fixes).
- md/raid5: recheck if reshape has finished with device_lock held (git-fixes).
- md: Do not wait for MD_RECOVERY_NEEDED for HOT_REMOVE_DISK ioctl (git-fixes).
- md: add a mddev_add_trace_msg helper (git-fixes).
- md: add check for sleepers in md_wakeup_thread() (git-fixes).
- md: change the return value type of md_write_start to void (git-fixes).
- md: do not account sync_io if iostats of the disk is disabled (git-fixes).
- md: do not delete safemode_timer in mddev_suspend (git-fixes).
- md: factor out a helper exceed_read_errors() to check read_errors (git-fixes).
- md: fix a suspicious RCU usage warning (git-fixes).
- media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()" (git-fixes).
- media: amphion: Remove lock in s_ctrl callback (stable-fixes).
- media: drivers/media/dvb-core: copy user arrays safely (stable-fixes).
- media: pci: cx23885: check cx23885_vdev_init() return (stable-fixes).
- media: uvcvideo: Add quirk for invalid dev_sof in Logitech C920 (git-fixes).
- media: uvcvideo: Disable autosuspend for Insta360 Link (stable-fixes).
- media: uvcvideo: Fix the bandwdith quirk on USB 3.x (stable-fixes).
- media: uvcvideo: Ignore empty TS packets (stable-fixes).
- media: uvcvideo: Quirk for invalid dev_sof in Logitech C922 (stable-fixes).
- media: xc2028: avoid use-after-free in load_firmware_cb() (stable-fixes).
- memcg: protect concurrent access to mem_cgroup_idr (git-fixes).
- memory: stm32-fmc2-ebi: check regmap_read return value (stable-fixes).
- memory: tegra: Skip SID programming if SID registers are not set (stable-fixes).
- minmax: add a few more MIN_T/MAX_T users (bsc#1229024).
- minmax: avoid overly complicated constant expressions in VM code (bsc#1229024).
- minmax: do not use max() in situations that want a C constant expression (bsc#1229024).
- minmax: fix up min3() and max3() too (bsc#1229024).
- minmax: improve macro expansion and type checking (bsc#1229024).
- minmax: make generic MIN() and MAX() macros available everywhere (bsc#1229024).
- minmax: simplify and clarify min_t()/max_t() implementation (bsc#1229024).
- minmax: simplify min()/max()/clamp() implementation (bsc#1229024).
- mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes).
- mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).
- mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes).
- mmc: mmc_test: Fix NULL dereference on allocation failure (git-fixes).
- mmc: mtk-sd: receive cmd8 data when hs400 tuning fail (git-fixes).
- net/iucv: fix the allocation size of iucv_path_table array (git-fixes bsc#1229451).
- net/iucv: fix use after free in iucv_sock_close() (bsc#1228973).
- net/rds: fix possible cp null dereference (git-fixes).
- net/sched: initialize noop_qdisc owner (git-fixes).
- net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes).
- net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() (git-fixes).
- net: fix sk_memory_allocated_{add|sub} vs softirqs (bsc#1228757).
- net: mana: Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530).
- net: mana: Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086).
- net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154).
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).
- net: missing check virtio (git-fixes).
- net: phy: micrel: Fix the KSZ9131 MDI-X status issue (git-fixes).
- net: phy: realtek: add support for RTL8366S Gigabit PHY (git-fixes).
- net: usb: qmi_wwan: fix memory leak for not ip packets (git-fixes).
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes).
- netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462).
- nfc: pn533: Add poll mod list filling check (git-fixes).
- nfs: do not invalidate dentries on transient errors (git-fixes).
- nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes).
- nfs: make the rpc_stat per net namespace (git-fixes).
- nfs: pass explicit offset/count to trace events (git-fixes).
- nfs: propagate readlink errors in nfs_symlink_filler (git-fixes).
- nouveau/firmware: use dma non-coherent allocator (git-fixes).
- nvme-multipath: find NUMA path only for online numa-node (git-fixes).
- nvme-multipath: implement "queue-depth" iopolicy (bsc#1227706).
- nvme-multipath: prepare for "queue-depth" iopolicy (bsc#1227706).
- nvme-pci: Fix the instructions for disabling power management (git-fixes).
- nvme-pci: add missing condition check for existence of mapped data (git-fixes).
- nvme-pci: do not directly handle subsys reset fallout (bsc#1220066).
- nvme-sysfs: add 'tls_configured_key' sysfs attribute (bsc#1221857).
- nvme-sysfs: add 'tls_keyring' attribute (bsc#1221857).
- nvme-tcp: check for invalidated or revoked key (bsc#1221857).
- nvme-tcp: sanitize TLS key handling (bsc#1221857).
- nvme: add a newline to the 'tls_key' sysfs attribute (bsc#1221857).
- nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes).
- nvme: avoid double free special payload (git-fixes).
- nvme: fix NVME_NS_DEAC may incorrectly identifying the disk as EXT_LBA (git-fixes).
- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
- nvme: split off TLS sysfs attributes into a separate group (bsc#1221857).
- nvme: tcp: remove unnecessary goto statement (bsc#1221857).
- nvme_core: scan namespaces asynchronously (bsc#1224105).
- nvmet-auth: fix nvmet_auth hash error handling (git-fixes).
- nvmet: always initialize cqe.result (git-fixes).
- nvmet: do not return 'reserved' for empty TSAS values (git-fixes).
- nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes).
- nvmet: make 'tsas' attribute idempotent for RDMA (git-fixes).
- ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410).
- padata: Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes).
- perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes).
- pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE (git-fixes).
- pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins (git-fixes).
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes).
- pinctrl: starfive: jh7110: Correct the level trigger configuration of iev register (git-fixes).
- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes).
- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes).
- platform/surface: aggregator: Fix warning when controller is destroyed in probe (git-fixes).
- platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779).
- platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779).
- platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779).
- platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779).
- platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779).
- platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779).
- platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779).
- platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779).
- platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779).
- platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779).
- platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779).
- platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779).
- platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779).
- platform/x86/intel/ifs: Initialize union ifs_status to zero (git-fixes).
- platform/x86: lg-laptop: fix %s null argument warning (stable-fixes).
- power: supply: axp288_charger: Fix constant_charge_voltage writes (git-fixes).
- power: supply: axp288_charger: Round constant_charge_voltage writes down (git-fixes).
- power: supply: qcom_battmgr: return EAGAIN when firmware service is not up (git-fixes).
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869).
- powerpc/io: Avoid clang null pointer arithmetic warnings (bsc#1194869).
- powerpc/kexec: make the update_cpus_node() function public (bsc#1194869).
- powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869).
- powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869).
- powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869).
- powerpc/pseries: Whitelist dtl slub object for copying to userspace (bsc#1194869).
- powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869).
- powerpc/topology: Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" (bsc#1194869).
- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869).
- powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869).
- printk/panic: Allow cpu backtraces to be written into ringbuffer during panic (bsc#1225607).
- reiserfs: fix uninit-value in comp_keys (git-fixes).
- rtc: nct3018y: fix possible NULL dereference (stable-fixes).
- s390/cpum_cf: Fix endless loop in CF_DIAG event stop (git-fixes bsc#1229171).
- s390/dasd: fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229173).
- s390/dasd: fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229452).
- s390/pci: Add missing virt_to_phys() for directed DIBV (git-fixes bsc#1229174).
- s390/pci: Allow allocation of more than 1 MSI interrupt (git-fixes bsc#1229172).
- s390/pci: Refactor arch_setup_msi_irqs() (git-fixes bsc#1229172).
- s390/pkey: harmonize pkey s390 debug feature calls (bsc#1228720).
- s390/pkey: introduce dynamic debugging for pkey (bsc#1228720).
- s390/sclp: Prevent release of buffer in I/O (git-fixes bsc#1229169).
- s390/uv: Panic for set and remove shared access UVC errors (git-fixes bsc#1229170).
- samples/bpf: syscall_tp_user: Fix array out-of-bound access (git-fixes).
- samples/bpf: syscall_tp_user: Rename num_progs into nr_tests (git-fixes).
- sbitmap: use READ_ONCE to access map->word (stable-fixes).
- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857).
- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857).
- scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857).
- scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857).
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857).
- scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857).
- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857).
- scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857).
- scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850).
- scsi: qla2xxx: Complete command early within lock (bsc#1228850).
- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
- scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850).
- scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850).
- scsi: qla2xxx: Fix flash read failure (bsc#1228850).
- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
- scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850).
- scsi: qla2xxx: Indent help text (bsc#1228850).
- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
- scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850).
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850).
- scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850).
- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
- selftest/bpf: Add map_in_maps with BPF_MAP_TYPE_PERF_EVENT_ARRAY values (git-fixes).
- selftests/bpf: Add a test to verify previous stacksafe() fix (bsc#1225903).
- selftests/bpf: Add assert for user stacks in test_task_stack (git-fixes).
- selftests/bpf: Add netkit to tc_redirect selftest (git-fixes).
- selftests/bpf: De-veth-ize the tc_redirect test case (git-fixes).
- selftests/bpf: Disable IPv6 for lwt_redirect test (git-fixes).
- selftests/bpf: Fix erroneous bitmask operation (git-fixes).
- selftests/bpf: Fix issues in setup_classid_environment() (git-fixes).
- selftests/bpf: Fix potential premature unload in bpf_testmod (git-fixes).
- selftests/bpf: Fix pyperf180 compilation failure with clang18 (git-fixes).
- selftests/bpf: Fix the flaky tc_redirect_dtime test (git-fixes).
- selftests/bpf: Fix up xdp bonding test wrt feature flags (git-fixes).
- selftests/bpf: Make linked_list failure test more robust (git-fixes).
- selftests/bpf: Relax time_tai test for equal timestamps in tai_forward (git-fixes).
- selftests/bpf: Skip module_fentry_shadow test when bpf_testmod is not available (git-fixes).
- selftests/bpf: Wait for the netstamp_needed_key static key to be turned on (git-fixes).
- selftests/bpf: fix RELEASE=1 build for tc_opts (git-fixes).
- selftests/bpf: fix bpf_loop_bench for new callback verification scheme (git-fixes).
- selftests/bpf: fix compiler warnings in RELEASE=1 mode (git-fixes).
- selftests/bpf: satisfy compiler by having explicit return in btf test (git-fixes).
- serial: core: check uartclk for zero to avoid divide by zero (stable-fixes).
- soc: qcom: cmd-db: Map shared memory as WC, not WB (git-fixes).
- soc: qcom: pmic_glink: Actually communicate when remote goes down (git-fixes).
- soundwire: stream: fix programming slave ports for non-continous port maps (git-fixes).
- spi: Add empty versions of ACPI functions (stable-fixes).
- spi: microchip-core: fix init function not setting the master and motorola modes (git-fixes).
- spi: microchip-core: switch to use modern name (stable-fixes).
- spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes).
- spi: spidev: Add missing spi_device_id for bh2228fv (git-fixes).
- squashfs: squashfs_read_data need to check if the length is 0 (git-fixes).
- ssb: Fix division by zero issue in ssb_calc_clock_rate (stable-fixes).
- staging: iio: resolver: ad2s1210: fix use before initialization (stable-fixes).
- staging: ks7010: disable bh on tx_dev_lock (stable-fixes).
- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228849).
- sunrpc: add a struct rpc_stats arg to rpc_create_args (git-fixes).
- swiotlb: do not set total_used to 0 in swiotlb_create_debugfs_files() (git-fixes).
- swiotlb: fix swiotlb_bounce() to do partial sync's correctly (git-fixes).
- syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes).
- thermal/drivers/broadcom: Fix race between removal and clock disable (git-fixes).
- thermal: bcm2835: Convert to platform remove callback returning void (stable-fixes).
- thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes).
- tools/perf: Fix perf bench epoll to enable the run when some CPU's are offline (bsc#1227747).
- tools/perf: Fix perf bench futex to enable the run when some CPU's are offline (bsc#1227747).
- tools/perf: Fix timing issue with parallel threads in perf bench wake-up-parallel (bsc#1227747).
- tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids (git-fixes).
- tools/resolve_btfids: Fix cross-compilation to non-host endianness (git-fixes).
- tools/resolve_btfids: Refactor set sorting with types from btf_ids.h (git-fixes).
- tools/resolve_btfids: fix build with musl libc (git-fixes).
- trace/pid_list: Change gfp flags in pid_list_fill_irq() (git-fixes).
- tracing: Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes).
- tty: atmel_serial: use the correct RTS flag (git-fixes).
- tty: serial: fsl_lpuart: mark last busy before uart_add_one_port (git-fixes).
- usb: cdnsp: fix for Link TRB with TC (git-fixes).
- usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function (git-fixes).
- usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (git-fixes).
- usb: dwc3: core: Skip setting event buffers for host only controllers (stable-fixes).
- usb: dwc3: omap: add missing depopulate in probe error path (git-fixes).
- usb: dwc3: st: add missing depopulate in probe error path (git-fixes).
- usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes).
- usb: gadget: core: Check for unset descriptor (git-fixes).
- usb: gadget: fsl: Increase size of name buffer for endpoints (stable-fixes).
- usb: gadget: u_audio: Check return codes from usb_ep_enable and config_ep_by_speed (git-fixes).
- usb: gadget: u_serial: Set start_delayed during suspend (git-fixes).
- usb: gadget: uvc: cleanup request when not in correct state (stable-fixes).
- usb: typec: fsa4480: Add support to swap SBU orientation (git-fixes).
- usb: typec: fsa4480: Check if the chip is really there (git-fixes).
- usb: typec: fsa4480: Relax CHIP_ID check (git-fixes).
- usb: typec: fsa4480: add support for Audio Accessory Mode (git-fixes).
- usb: typec: fsa4480: rework mux & switch setup to handle more states (git-fixes).
- usb: vhci-hcd: Do not drop references before new references are gained (stable-fixes).
- vfio/pci: fix potential memory leak in vfio_intx_enable() (git-fixes).
- vhost-scsi: Handle vhost_vq_work_queue failures for events (git-fixes).
- vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes).
- vhost/vsock: always initialize seqpacket_allow (git-fixes).
- vhost: Release worker mutex during flushes (git-fixes).
- vhost: Use virtqueue mutex for swapping worker (git-fixes).
- virt: guest_memfd: fix reference leak on hwpoisoned page (git-fixes).
- virtio-crypto: handle config changed by work queue (git-fixes).
- virtio: reenable config if freezing device failed (git-fixes).
- virtio_net: use u64_stats_t infra to avoid data-races (git-fixes).
- virtiofs: forbid newlines in tags (bsc#1229940).
- wifi: ath12k: fix memory leak in ath12k_dp_rx_peer_frag_setup() (stable-fixes).
- wifi: ath12k: fix soft lockup on suspend (git-fixes).
- wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion (git-fixes).
- wifi: cfg80211: fix reporting failed MLO links status with cfg80211_connect_done (git-fixes).
- wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes).
- wifi: mac80211: use monitor sdata with driver only if desired (git-fixes).
- wifi: mwifiex: duplicate static structs used in driver instances (git-fixes).
- wifi: nl80211: disallow setting special AP channel widths (stable-fixes).
- wifi: nl80211: do not give key data to userspace (stable-fixes).
- wifi: rtw88: usb: Fix disconnection after beacon loss (stable-fixes).
- wifi: wfx: repair open network AP mode (git-fixes).
- workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).
- workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454).
- x86/asm: Use %c/%n instead of %P operand modifier in asm templates (git-fixes).
- x86/entry/64: Remove obsolete comment on tracing vs. SYSRET (git-fixes).
- x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes).
- x86/mm: Fix pti_clone_pgtable() alignment assumption (git-fixes).
- x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes).
- x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks() (git-fixes).
- x86/numa: Fix the address overlap check in numa_fill_memblks() (git-fixes).
- x86/numa: Fix the sort compare func used in numa_fill_memblks() (git-fixes).
- x86/numa: Introduce numa_fill_memblks() (git-fixes).
- x86/pci: Skip early E820 check for ECAM region (git-fixes).
- x86/xen: Convert comma to semicolon (git-fixes).
- xfs: Fix missing interval for missing_owner in xfs fsmap (git-fixes).
- xfs: Fix the owner setting issue for rmap query in xfs fsmap (git-fixes).
- xfs: allow cross-linking special files without project quota (git-fixes).
- xfs: allow symlinks with short remote targets (bsc#1229160).
- xfs: allow unlinked symlinks and dirs with zero size (git-fixes).
- xfs: attr forks require attr, not attr2 (git-fixes).
- xfs: convert comma to semicolon (git-fixes).
- xfs: do not use current->journal_info (git-fixes).
- xfs: fix unlink vs cluster buffer instantiation race (git-fixes).
- xfs: honor init_xattrs in xfs_init_new_inode for !ATTR fs (git-fixes).
- xfs: journal geometry is not properly bounds checked (git-fixes).
- xfs: match lock mode in xfs_buffered_write_iomap_begin() (git-fixes).
- xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery (git-fixes).
- xfs: upgrade the extent counters in xfs_reflink_end_cow_extent later (git-fixes).
- xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes).
- xfs: use consistent uid/gid when grabbing dquots for inodes (git-fixes).
- xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes).
- xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes).
Patchnames
SUSE-SLE-Micro-6.0-61
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise Micro 6.0 kernel was updated to receive various security bugfixes.\n\nThis release includes the first live patch.\n\nThe following security bugs were fixed:\n\n- CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section-\u003eusage (bsc#1221326).\n- CVE-2023-52581: netfilter: nf_tables: fix memleak when more than 255 elements expired (bsc#1220877).\n- CVE-2023-52859: perf: hisi: Fix use-after-free when register pmu fails (bsc#1225582).\n- CVE-2023-52889: apparmor: Fix null pointer deref when receiving skb during sock creation (bsc#1229287,).\n- CVE-2024-26590: erofs: fix inconsistent per-file compression format (bsc#1220252).\n- CVE-2024-26631: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).\n- CVE-2024-26668: netfilter: nft_limit: reject configurations that cause integer overflow (bsc#1222335).\n- CVE-2024-26669: kABI fix for net/sched: flower: Fix chain template offload (bsc#1222350).\n- CVE-2024-26677: blacklist.conf: Add e7870cf13d20 (\"rxrpc: Fix delayed ACKs to not set the reference serial number\") (bsc#1222387)\n- CVE-2024-26735: ipv6: sr: fix possible use-after-free and null-ptr-deref (bsc#1222372).\n- CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).\n- CVE-2024-26809: netfilter: nft_set_pipapo: release elements in clone only from destroy path (bsc#1222633).\n- CVE-2024-26812: kABI: vfio: struct virqfd kABI workaround (bsc#1222808).\n- CVE-2024-26835: netfilter: nf_tables: set dormant flag on hook register failure (bsc#1222967).\n- CVE-2024-26837: net: bridge: switchdev: Skip MDB replays of deferred events on offload (bsc#1222973).\n- CVE-2024-26851: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (bsc#1223074)\n- CVE-2024-27010: net/sched: Fix mirred deadlock on device recursion (bsc#1223720).\n- CVE-2024-27011: netfilter: nf_tables: fix memleak in map from abort path (bsc#1223803).\n- CVE-2024-27024: net/rds: fix WARNING in rds_conn_connect_if_down (bsc#1223777).\n- CVE-2024-27079: iommu/vt-d: Fix NULL domain on device release (bsc#1223742).\n- CVE-2024-27403: kabi: restore const specifier in flow_offload_route_init() (bsc#1224415).\n- CVE-2024-27433: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() (bsc#1224711).\n- CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625).\n- CVE-2024-35897: netfilter: nf_tables: discard table flag update with pending basechain deletion (bsc#1224510).\n- CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535).\n- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).\n- CVE-2024-36286: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)\n- CVE-2024-36489: tls: fix missing memory barrier in tls_init (bsc#1226874)\n- CVE-2024-36881: mm/userfaultfd: reset ptes when close() for wr-protected ones (bsc#1225718).\n- CVE-2024-36929: net: core: reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).\n- CVE-2024-36933: net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).\n- CVE-2024-36979: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage[1] in bridge\u0027s mst code. (bsc#1226604).\n- CVE-2024-38662: selftests/bpf: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).\n- CVE-2024-39489: ipv6: sr: fix memleak in seg6_hmac_init_algo (bsc#1227623)\n- CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729).\n- CVE-2024-40905: ipv6: fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)\n- CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798).\n- CVE-2024-40920: net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (bsc#1227781).\n- CVE-2024-40921: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (bsc#1227784).\n- CVE-2024-40938: landlock: fix d_parent walk (bsc#1227840).\n- CVE-2024-40939: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail (bsc#1227799).\n- CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)\n- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).\n- CVE-2024-40957: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (bsc#1227811).\n- CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812).\n- CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884).\n- CVE-2024-40978: scsi: qedi: Fix crash while reading debugfs attribute (bsc#1227929).\n- CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).\n- CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).\n- CVE-2024-40995: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).\n- CVE-2024-41000: block/ioctl: prefer different overflow check (bsc#1227867).\n- CVE-2024-41007: tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).\n- CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020).\n- CVE-2024-41010: bpf: Fix too early release of tcx_entry (bsc#1228021).\n- CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).\n- CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409).\n- CVE-2024-41020: filelock: Fix fcntl/close race recovery compat path (bsc#1228427).\n- CVE-2024-41032: mm: vmalloc: check if a hash-index is in cpu_possible_mask (bsc#1228460).\n- CVE-2024-41036: net: ks8851: Fix deadlock with the SPI chip variant (bsc#1228496).\n- CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518).\n- CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520).\n- CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530).\n- CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565).\n- CVE-2024-41050: cachefiles: cyclic allocation of msg_id to avoid reuse (bsc#1228499).\n- CVE-2024-41051: cachefiles: wait for ondemand_object_worker to finish when dropping object (bsc#1228468).\n- CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462).\n- CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459).\n- CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576).\n- CVE-2024-41064: powerpc/eeh: avoid possible crash when edev-\u003epdev changes (bsc#1228599).\n- CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640).\n- CVE-2024-41068: s390/sclp: Fix sclp_init() cleanup on failure (bsc#1228579).\n- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).\n- CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581).\n- CVE-2024-41074: cachefiles: Set object to close if ondemand_id \u003c 0 in copen (bsc#1228643).\n- CVE-2024-41075: cachefiles: add consistency check for copen/cread (bsc#1228646).\n- CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649).\n- CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655).\n- CVE-2024-41080: io_uring: fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).\n- CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617).\n- CVE-2024-41084: cxl/region: Avoid null pointer dereference in region lookup (bsc#1228472).\n- CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470).\n- CVE-2024-42073: mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems (bsc#1228457).\n- CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672).\n- CVE-2024-42082: xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).\n- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).\n- CVE-2024-42095: serial: 8250_omap: Fix Errata i2310 with RX FIFO level check (bsc#1228446).\n- CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633).\n- CVE-2024-42106: inet_diag: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).\n- CVE-2024-42107: ice: Do not process extts if PTP is disabled (bsc#1228494).\n- CVE-2024-42109: netfilter: nf_tables: unconditionall (bsc#1228505).\n- CVE-2024-42110: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).\n- CVE-2024-42113: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts (bsc#1228568).\n- CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591).\n- CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705).\n- CVE-2024-42138: mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file (bsc#1228500).\n- CVE-2024-42139: ice: Fix improper extts handling (bsc#1228503).\n- CVE-2024-42142: net/mlx5: E-switch, Create ingress ACL when needed (bsc#1228491).\n- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743).\n- CVE-2024-42148: bnx2x: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).\n- CVE-2024-42155: s390/pkey: Wipe copies of protected- and secure-keys (bsc#1228733).\n- CVE-2024-42156: s390/pkey: Wipe copies of clear-key structures on failure (bsc#1228722).\n- CVE-2024-42157: s390/pkey: Wipe sensitive data on failure (bsc#1228727 CVE-2024-42157 git-fixes).\n- CVE-2024-42158: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).\n- CVE-2024-42159: scsi: mpi3mr: sanitise num_phys (bsc#1228754).\n- CVE-2024-42161: bpf: avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756).\n- CVE-2024-42162: gve: Account for stopped queues when reading NIC stats (bsc#1228706).\n- CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723).\n- CVE-2024-42241: mm/shmem: disable PMD-sized page cache if needed (bsc#1228986).\n- CVE-2024-42245: Revert \"sched/fair: Make sure to try to detach at least one movable task\" (bsc#1228978).\n- CVE-2024-42246: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).\n- CVE-2024-42247: wireguard: allowedips: avoid unaligned 64-bit memory accesses (bsc#1228988).\n- CVE-2024-42268: net/mlx5: Fix missing lock on sync reset reload (bsc#1229391).\n- CVE-2024-42269: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). (bsc#1229402).\n- CVE-2024-42270: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). (bsc#1229404).\n- CVE-2024-42277: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).\n- CVE-2024-42281: bpf: Fix a segment issue when downgrading gso_size (bsc#1229386).\n- CVE-2024-42283: net: nexthop: Initialize all fields in dumped nexthops (bsc#1229383)\n- CVE-2024-42284: tipc: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)\n- CVE-2024-42290: irqchip/imx-irqsteer: Handle runtime power management correctly (bsc#1229379).\n- CVE-2024-42291: ice: Add a per-VF limit on number of FDIR filters (bsc#1229374).\n- CVE-2024-42295: nilfs2: handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).\n- CVE-2024-42301: dev/parport: fix the array out-of-bounds risk (bsc#1229407).\n- CVE-2024-42308: Update DRM patch reference (bsc#1229411)\n- CVE-2024-42312: sysctl: always initialize i_uid/i_gid (bsc#1229357)\n- CVE-2024-42316: mm/mglru: fix div-by-zero in vmpressure_calc_level() (bsc#1229353).\n- CVE-2024-42318: landlock: Do not lose track of restrictions on cred_transfer (bsc#1229351).\n- CVE-2024-42322: ipvs: properly dereference pe in ip_vs_add_service (bsc#1229347)\n- CVE-2024-43821: scsi: lpfc: Fix a possible null pointer dereference (bsc#1229315).\n- CVE-2024-43831: media: mediatek: vcodec: Handle invalid decoder vsi (bsc#1229309).\n- CVE-2024-43834: xdp: fix invalid wait context of page_pool_destroy() (bsc#1229314)\n- CVE-2024-43837: bpf: Fix updating attached freplace prog in prog_array map (bsc#1229297).\n- CVE-2024-43839: bna: adjust \u0027name\u0027 buf size of bna_tcb and bna_ccb structures (bsc#1229301).\n- CVE-2024-43850: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove (bsc#1229316).\n- CVE-2024-43854: block: initialize integrity buffer to zero before writing it to media (bsc#1229345)\n- CVE-2024-43855: md: fix deadlock between mddev_suspend and flush bio (bsc#1229342).\n- CVE-2024-43864: net/mlx5e: Fix CT entry update leaks of modify header context (bsc#1229496).\n- CVE-2024-43866: net/mlx5: Always drain health in shutdown callback (bsc#1229495).\n- CVE-2024-43880: kabi: lib: objagg: Put back removed metod in struct objagg_ops (bsc#1229481).\n- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)\n- CVE-2024-43899: drm/amd/display: Fix null pointer deref in dcn20_resource.c (bsc#1229754).\n- CVE-2024-43911: wifi: mac80211: fix NULL dereference at band check in starting tx ba session (bsc#1229827).\n\nAdditional CVEs were previously fixed and are only mentioned in the metadata.\n\nThe following non-security bugs were fixed:\n\n- ACPI/NUMA: Apply SRAT proximity domain to entire CFMWS window (git-fixes).\n- ACPI: SBS: manage alarm sysfs attribute through psy core (stable-fixes).\n- ACPI: battery: create alarm sysfs attribute atomically (stable-fixes).\n- ACPI: processor_idle: use raw_safe_halt() in acpi_idle_play_dead() (git-fixes).\n- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).\n- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).\n- ALSA: hda/realtek - FIxed ALC285 headphone no sound (stable-fixes).\n- ALSA: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes).\n- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).\n- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).\n- ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G (stable-fixes).\n- ALSA: hda/realtek: Add support for new HP G12 laptops (stable-fixes).\n- ALSA: hda/realtek: Enable mute/micmute LEDs on HP Laptop 14-ey0xxx (stable-fixes).\n- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes).\n- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book3 Ultra (stable-fixes).\n- ALSA: hda/realtek: Implement sound init sequence for Samsung Galaxy Book3 Pro 360 (stable-fixes).\n- ALSA: hda/realtek: support HP Pavilion Aero 13-bg0xxx Mute LED (stable-fixes).\n- ALSA: hda/tas2781: Use correct endian conversion (git-fixes).\n- ALSA: hda/tas2781: fix wrong calibrated data order (git-fixes).\n- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).\n- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).\n- ALSA: hda: Conditionally use snooping for AMD HDMI (git-fixes).\n- ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes).\n- ALSA: line6: Fix racy access to midibuf (stable-fixes).\n- ALSA: line6: Fix racy access to midibuf (stable-fixes).\n- ALSA: seq: Skip event type filtering for UMP events (git-fixes).\n- ALSA: seq: ump: Explicitly reset RPN with Null RPN (stable-fixes).\n- ALSA: seq: ump: Optimize conversions from SysEx to UMP (git-fixes).\n- ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes).\n- ALSA: seq: ump: Use the common RPN/bank conversion context (stable-fixes).\n- ALSA: timer: Relax start tick time check for slave timer elements (git-fixes).\n- ALSA: ump: Explicitly reset RPN with Null RPN (stable-fixes).\n- ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes).\n- ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes).\n- ALSA: usb-audio: Correct surround channels in UAC1 channel map (git-fixes).\n- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).\n- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).\n- ALSA: usb-audio: Support Yamaha P-125 quirk entry (stable-fixes).\n- ALSA: usb: Fix UBSAN warning in parse_audio_unit() (stable-fixes).\n- ASoC: SOF: Intel: hda-dsp: Make sure that no irq handler is pending before suspend (stable-fixes).\n- ASoC: SOF: Remove libraries from topology lookups (git-fixes).\n- ASoC: SOF: Remove libraries from topology lookups (git-fixes).\n- ASoC: SOF: amd: Fix for acp init sequence (git-fixes).\n- ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data (stable-fixes).\n- ASoC: SOF: mediatek: Add missing board compatible (stable-fixes).\n- ASoC: allow module autoloading for table board_ids (stable-fixes).\n- ASoC: allow module autoloading for table db1200_pids (stable-fixes).\n- ASoC: amd: acp: fix module autoloading (git-fixes).\n- ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop 16-n0xxx (bsc#1227182).\n- ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes).\n- ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes).\n- ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes).\n- ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes).\n- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes).\n- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes).\n- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).\n- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).\n- ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes).\n- ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes).\n- ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes).\n- ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes).\n- ASoC: cs35l45: Checks index of cs35l45_irqs[] (stable-fixes).\n- ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes).\n- ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes).\n- ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes).\n- ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes).\n- ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes).\n- ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes).\n- ASoC: mediatek: mt8188: Mark AFE_DAC_CON0 register as volatile (stable-fixes).\n- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes).\n- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes).\n- ASoC: nau8822: Lower debug print priority (stable-fixes).\n- ASoC: nau8822: Lower debug print priority (stable-fixes).\n- Bluetooth: Add device 13d3:3572 IMC Networks Bluetooth Radio (stable-fixes).\n- Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes).\n- Bluetooth: L2CAP: Fix deadlock (git-fixes).\n- Bluetooth: MGMT: Add error handling to pair_device() (git-fixes).\n- Bluetooth: SMP: Fix assumption of Central always being Initiator (git-fixes).\n- Bluetooth: bnep: Fix out-of-bound access (stable-fixes).\n- Bluetooth: btintel: Fail setup on error (git-fixes).\n- Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading (stable-fixes).\n- Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (stable-fixes).\n- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (stable-fixes).\n- Bluetooth: hci_conn: Check non NULL function before calling for HFP offload (stable-fixes).\n- Bluetooth: hci_core: Fix LE quote calculation (git-fixes).\n- Bluetooth: hci_core: Fix not handling hibernation actions (git-fixes).\n- Bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes).\n- Bluetooth: hci_sync: avoid dup filtering when passive scanning with adv monitor (git-fixes).\n- Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (git-fixes).\n- Drop libata patch that caused a regression (bsc#1229054)\n- HID: wacom: Defer calculation of resolution until resolution_code is known (git-fixes).\n- Input: MT - limit max slots (stable-fixes).\n- Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (bsc#1229056).\n- Input: i8042 - add forcenorestore quirk to leave controller untouched even on s3 (stable-fixes).\n- Input: i8042 - use new forcenorestore quirk to replace old buggy quirk combination (stable-fixes).\n- KVM: Always flush async #PF workqueue when vCPU is being destroyed (git-fixes).\n- KVM: Make KVM_MEM_GUEST_MEMFD mutually exclusive with KVM_MEM_READONLY (git-fixes).\n- KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869).\n- KVM: PPC: Book3S HV: Handle pending exceptions on guest entry with MSR_EE (bsc#1215199).\n- KVM: Protect vcpu-\u003epid dereference via debugfs with RCU (git-fixes).\n- KVM: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes).\n- KVM: Stop processing *all* memslots when \"null\" mmu_notifier handler is found (git-fixes).\n- KVM: VMX: Move posted interrupt descriptor out of VMX code (git-fixes).\n- KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() (git-fixes).\n- KVM: VMX: Switch __vmx_exit() and kvm_x86_vendor_exit() in vmx_exit() (git-fixes).\n- KVM: arm64: AArch32: Fix spurious trapping of conditional instructions (git-fixes).\n- KVM: arm64: Add missing memory barriers when switching to pKVM\u0027s hyp pgd (git-fixes).\n- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes).\n- KVM: arm64: Fix AArch32 register narrowing on userspace write (git-fixes).\n- KVM: arm64: Fix __pkvm_init_switch_pgd call ABI (git-fixes).\n- KVM: arm64: Fix clobbered ELR in sync abort/SError (git-fixes)\n- KVM: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes).\n- KVM: arm64: timers: Correctly handle TGE flip with CNTPOFF_EL2 (git-fixes).\n- KVM: arm64: timers: Fix resource leaks in kvm_timer_hyp_init() (git-fixes).\n- KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes).\n- KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes).\n- KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes).\n- KVM: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes).\n- KVM: arm64: vgic: Add a non-locking primitive for kvm_vgic_vcpu_destroy() (git-fixes).\n- KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy (git-fixes).\n- KVM: arm64: vgic: Simplify kvm_vgic_destroy() (git-fixes).\n- KVM: fix kvm_mmu_memory_cache allocation warning (git-fixes).\n- KVM: nVMX: Add a helper to get highest pending from Posted Interrupt vector (git-fixes).\n- KVM: nVMX: Check for pending posted interrupts when looking for nested events (git-fixes).\n- KVM: nVMX: Request immediate exit iff pending nested event needs injection (git-fixes).\n- KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes).\n- KVM: s390: fix validity interception issue when gisa is switched off (git-fixes bsc#1229167).\n- KVM: x86/mmu: Bug the VM if KVM tries to split a !hugepage SPTE (git-fixes).\n- KVM: x86: Limit check IDs for KVM_SET_BOOT_CPU_ID (git-fixes).\n- Move upstreamed powerpc patches into sorted section\n- Move upstreamed sound patches into sorted section\n- Moved upstreamed ASoC patch into sorted section\n- NFSD: Support write delegations in LAYOUTGET (git-fixes).\n- NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).\n- PCI: Add Edimax Vendor ID to pci_ids.h (stable-fixes).\n- PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes).\n- PCI: loongson: Enable MSI in LS7A Root Complex (stable-fixes).\n- RDMA/cache: Release GID table even if leak is detected (git-fixes)\n- RDMA/device: Return error earlier if port in not valid (git-fixes)\n- RDMA/hns: Check atomic wr length (git-fixes)\n- RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes)\n- RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes)\n- RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes)\n- RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes)\n- RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes)\n- RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes)\n- RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes)\n- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes)\n- RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes).\n- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes)\n- RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes)\n- RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes)\n- RDMA/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes)\n- RDMA: Fix netdev tracker in ib_device_set_netdev (git-fixes)\n- Revert \"ALSA: firewire-lib: obsolete workqueue for period update\" (bsc#1208783).\n- Revert \"ALSA: firewire-lib: operate for period elapse event in process context\" (bsc#1208783).\n- Revert \"KVM: Prevent module exit until all VMs are freed\" (git-fixes).\n- Revert \"Revert \"md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d\"\" (git-fixes).\n- Revert \"md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d\" (git-fixes).\n- Revert \"misc: fastrpc: Restrict untrusted app to attach to privileged PD\" (git-fixes).\n- Revert \"usb: gadget: uvc: cleanup request when not in correct state\" (stable-fixes).\n- Revert \"usb: typec: tcpm: clear pd_event queue in PORT_RESET\" (git-fixes).\n- SUNRPC: Fix a race to wake a sync task (git-fixes).\n- SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes).\n- Squashfs: fix variable overflow triggered by sysbot (git-fixes).\n- USB: serial: debug: do not echo input by default (stable-fixes).\n- Update config files. Disable vdpa drivers for Alibaba ENI and SolidNET (jsc#PED-8954, bsc#1227834)\n- Update config files. Disable CONFIG_KFENCE on ppc64le (bsc#1226920)\n- Update patch references for ASoC regression fixes (bsc#1229045 bsc#1229046)\n- afs: fix __afs_break_callback() / afs_drop_open_mmap() race (git-fixes).\n- apparmor: unpack transition table if dfa is not present (bsc#1226031).\n- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)\n- arm64: Add Neoverse-V2 part (git-fixes)\n- arm64: Fix KASAN random tag seed initialization (git-fixes)\n- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)\n- arm64: barrier: Restore spec_bar() macro (git-fixes)\n- arm64: cputype: Add Cortex-A720 definitions (git-fixes)\n- arm64: cputype: Add Cortex-A725 definitions (git-fixes)\n- arm64: cputype: Add Cortex-X1C definitions (git-fixes)\n- arm64: cputype: Add Cortex-X3 definitions (git-fixes)\n- arm64: cputype: Add Cortex-X4 definitions (git-fixes)\n- arm64: cputype: Add Cortex-X925 definitions (git-fixes)\n- arm64: cputype: Add Neoverse-V3 definitions (git-fixes)\n- arm64: dts: imx8mp: Add NPU Node (git-fixes)\n- arm64: dts: imx8mp: Fix pgc vpu locations (git-fixes)\n- arm64: dts: imx8mp: Fix pgc_mlmix location (git-fixes)\n- arm64: dts: imx8mp: add HDMI power-domains (git-fixes)\n- arm64: errata: Expand speculative SSBS workaround (again) (git-fixes)\n- arm64: errata: Expand speculative SSBS workaround (git-fixes)\n- arm64: errata: Unify speculative SSBS errata logic (git-fixes). Update config files.\n- arm64: jump_label: Ensure patched jump_labels are visible to all CPUs (git-fixes)\n- ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1 (stable-fixes).\n- ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error (stable-fixes).\n- blacklist.conf: Add libata upstream revert entry (bsc#1229054)\n- bnxt_re: Fix imm_data endianness (git-fixes)\n- bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG (git-fixes)\n- bpf, lpm: Fix check prefixlen before walking trie (git-fixes).\n- bpf/tests: Remove duplicate JSGT tests (git-fixes).\n- bpf: Add crosstask check to __bpf_get_stack (git-fixes).\n- bpf: Detect IP == ksym.end as part of BPF program (git-fixes).\n- bpf: Ensure proper register state printing for cond jumps (git-fixes).\n- bpf: Fix a few selftest failures due to llvm18 change (git-fixes).\n- bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903).\n- bpf: Fix check_stack_write_fixed_off() to correctly spill imm (git-fixes).\n- bpf: Fix kfunc callback register type handling (git-fixes).\n- bpf: Fix prog_array_map_poke_run map poke update (git-fixes).\n- bpf: Fix unnecessary -EBUSY from htab_lock_bucket (git-fixes).\n- bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly (git-fixes).\n- bpf: Remove unnecessary wait from bpf_map_copy_value() (git-fixes).\n- bpf: Set uattr-\u003ebatch.count as zero before batched update or deletion (git-fixes).\n- bpf: do not infer PTR_TO_CTX for programs with unnamed context type (git-fixes).\n- bpf: enforce precision of R0 on callback return (git-fixes).\n- bpf: extract bpf_ctx_convert_map logic and make it more reusable (git-fixes).\n- bpf: fix control-flow graph checking in privileged mode (git-fixes).\n- bpf: handle bpf_user_pt_regs_t typedef explicitly for PTR_TO_CTX global arg (git-fixes).\n- bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes() (git-fixes).\n- bpf: kprobe: remove unused declaring of bpf_kprobe_override (git-fixes).\n- bpf: simplify btf_get_prog_ctx_type() into btf_is_prog_ctx_type() (git-fixes).\n- bpftool: Align output skeleton ELF code (git-fixes).\n- bpftool: Fix -Wcast-qual warning (git-fixes).\n- bpftool: Silence build warning about calloc() (git-fixes).\n- bpftool: mark orphaned programs during prog show (git-fixes).\n- btrfs: add a btrfs_finish_ordered_extent helper (git-fixes).\n- btrfs: add a is_data_bbio helper (git-fixes).\n- btrfs: add an ordered_extent pointer to struct btrfs_bio (git-fixes).\n- btrfs: copy dir permission and time when creating a stub subvolume (bsc#1228321).\n- btrfs: ensure fast fsync waits for ordered extents after a write failure (git-fixes).\n- btrfs: factor out a btrfs_queue_ordered_fn helper (git-fixes).\n- btrfs: factor out a can_finish_ordered_extent helper (git-fixes).\n- btrfs: fix corruption after buffer fault in during direct IO append write (git-fixes).\n- btrfs: fix double inode unlock for direct IO sync writes (git-fixes).\n- btrfs: fix extent map use-after-free when adding pages to compressed bio (git-fixes).\n- btrfs: fix leak of qgroup extent records after transaction abort (git-fixes).\n- btrfs: fix ordered extent split error handling in btrfs_dio_submit_io (git-fixes).\n- btrfs: limit write bios to a single ordered extent (git-fixes).\n- btrfs: make btrfs_finish_ordered_extent() return void (git-fixes).\n- btrfs: merge the two calls to btrfs_add_ordered_extent in run_delalloc_nocow (git-fixes).\n- btrfs: open code btrfs_bio_end_io in btrfs_dio_submit_io (git-fixes).\n- btrfs: open code end_extent_writepage in end_bio_extent_writepage (git-fixes).\n- btrfs: pass a btrfs_inode to btrfs_fdatawrite_range() (git-fixes).\n- btrfs: pass a btrfs_inode to btrfs_wait_ordered_range() (git-fixes).\n- btrfs: pass an ordered_extent to btrfs_reloc_clone_csums (git-fixes).\n- btrfs: pass an ordered_extent to btrfs_submit_compressed_write (git-fixes).\n- btrfs: remove btrfs_add_ordered_extent (git-fixes).\n- btrfs: rename err to ret in btrfs_direct_write() (git-fixes).\n- btrfs: uninline some static inline helpers from tree-log.h (git-fixes).\n- btrfs: use a btrfs_inode in the log context (struct btrfs_log_ctx) (git-fixes).\n- btrfs: use a btrfs_inode local variable at btrfs_sync_file() (git-fixes).\n- btrfs: use bbio-\u003eordered in btrfs_csum_one_bio (git-fixes).\n- btrfs: use btrfs_finish_ordered_extent to complete buffered writes (git-fixes).\n- btrfs: use btrfs_finish_ordered_extent to complete compressed writes (git-fixes).\n- btrfs: use btrfs_finish_ordered_extent to complete direct writes (git-fixes).\n- btrfs: use irq safe locking when running and adding delayed iputs (git-fixes).\n- cachefiles, erofs: Fix NULL deref in when cachefiles is not doing ondemand-mode (bsc#1229245).\n- cachefiles: add missing lock protection when polling (bsc#1229256).\n- cachefiles: add restore command to recover inflight ondemand read requests (bsc#1229244).\n- cachefiles: add spin_lock for cachefiles_ondemand_info (bsc#1229249).\n- cachefiles: cancel all requests for the object that is being dropped (bsc#1229255).\n- cachefiles: defer exposing anon_fd until after copy_to_user() succeeds (bsc#1229251).\n- cachefiles: extract ondemand info field from cachefiles_object (bsc#1229240).\n- cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() (bsc#1229247).\n- cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() (bsc#1229246).\n- cachefiles: introduce object ondemand state (bsc#1229239).\n- cachefiles: make on-demand read killable (bsc#1229252).\n- cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode (bsc#1229243).\n- cachefiles: never get a new anonymous fd if ondemand_id is valid (bsc#1229250).\n- cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229253).\n- cachefiles: remove err_put_fd label in cachefiles_ondemand_daemon_read() (bsc#1229248).\n- cachefiles: resend an open request if the read request\u0027s object is closed (bsc#1229241).\n- cachefiles: stop sending new request when dropping object (bsc#1229254).\n- can: mcp251xfd: tef: prepare to workaround broken TEF FIFO tail index erratum (stable-fixes).\n- can: mcp251xfd: tef: update workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes).\n- ceph: periodically flush the cap releases (bsc#1230056).\n- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).\n- cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254).\n- cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254).\n- cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).\n- cgroup: Remove unnecessary list_empty() (bsc#1222254).\n- cgroup: preserve KABI of cgroup_root (bsc#1222254).\n- char: xillybus: Check USB endpoints when probing device (git-fixes).\n- char: xillybus: Do not destroy workqueue from work item running on it (stable-fixes).\n- char: xillybus: Refine workqueue handling (git-fixes).\n- clk: en7523: fix rate divider for slic and spi clocks (git-fixes).\n- clk: qcom: Park shared RCGs upon registration (git-fixes).\n- clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs (git-fixes).\n- clk: qcom: gcc-sa8775p: Update the GDSC wait_val fields and flags (git-fixes).\n- clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock (git-fixes).\n- clk: qcom: gpucc-sa8775p: Park RCG\u0027s clk source at XO during disable (git-fixes).\n- clk: qcom: gpucc-sa8775p: Remove the CLK_IS_CRITICAL and ALWAYS_ON flags (git-fixes).\n- clk: qcom: gpucc-sa8775p: Update wait_val fields for GPU GDSC\u0027s (git-fixes).\n- clk: qcom: gpucc-sm8350: Park RCG\u0027s clk source at XO during disable (git-fixes).\n- clk: qcom: kpss-xcc: Return of_clk_add_hw_provider to transfer the error (git-fixes).\n- clk: visconti: Add bounds-checking coverage for struct visconti_pll_provider (stable-fixes).\n- clocksource/drivers/sh_cmt: Address race condition for clock events (stable-fixes).\n- cpu/SMT: Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).\n- cxl/region: Move cxl_dpa_to_region() work to the region driver (bsc#1228472)\n- dev/parport: fix the array out-of-bounds risk (stable-fixes).\n- device property: Add cleanup.h based fwnode_handle_put() scope based cleanup (stable-fixes).\n- dmaengine: dw: Add memory bus width verification (git-fixes).\n- dmaengine: dw: Add peripheral bus width verification (git-fixes).\n- docs: KVM: Fix register ID of SPSR_FIQ (git-fixes).\n- driver core: Fix uevent_show() vs driver detach race (git-fixes).\n- drm/admgpu: fix dereferencing null pointer context (stable-fixes).\n- drm/amd/display: Add delay to improve LTTPR UHBR interop (stable-fixes).\n- drm/amd/display: Add null checker before passing variables (stable-fixes).\n- drm/amd/display: Adjust cursor position (git-fixes).\n- drm/amd/display: Check for NULL pointer (stable-fixes).\n- drm/amd/display: Skip Recompute DSC Params if no Stream on Link (stable-fixes).\n- drm/amd/display: avoid using null object of framebuffer (git-fixes).\n- drm/amd/display: fix cursor offset on rotation 180 (git-fixes).\n- drm/amd/display: fix s2idle entry for DCN3.5+ (stable-fixes).\n- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (stable-fixes).\n- drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes).\n- drm/amdgpu/jpeg4: properly set atomics vmid field (stable-fixes).\n- drm/amdgpu/pm: Fix the null pointer dereference for smu7 (stable-fixes).\n- drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes).\n- drm/amdgpu/pm: Fix the param type of set_power_profile_mode (stable-fixes).\n- drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (stable-fixes).\n- drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1 (git-fixes).\n- drm/amdgpu: Actually check flags for all context ops (stable-fixes).\n- drm/amdgpu: Add lock around VF RLCG interface (stable-fixes).\n- drm/amdgpu: Fix the null pointer dereference to ras_manager (stable-fixes).\n- drm/amdgpu: Forward soft recovery errors to userspace (stable-fixes).\n- drm/amdgpu: Validate TA binary size (stable-fixes).\n- drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes).\n- drm/amdgpu: fix potential resource leak warning (stable-fixes).\n- drm/amdgpu: reset vm state machine after gpu reset(vram lost) (stable-fixes).\n- drm/bridge: analogix_dp: properly handle zero sized AUX transactions (stable-fixes).\n- drm/client: fix null pointer dereference in drm_client_modeset_probe (git-fixes).\n- drm/dp_mst: Skip CSN if topology probing is not done yet (stable-fixes).\n- drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes).\n- drm/i915/dsi: Make Lenovo Yoga Tab 3 X90F DMI match less strict (git-fixes).\n- drm/i915/gem: Adjust vma offset for framebuffer mmap offset (stable-fixes).\n- drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (git-fixes).\n- drm/i915/hdcp: Fix HDCP2_STREAM_STATUS macro (git-fixes).\n- drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll() (git-fixes).\n- drm/lima: set gp bus_stop bit before hard reset (stable-fixes).\n- drm/mediatek/dp: Fix spurious kfree() (git-fixes).\n- drm/msm/dp: fix the max supported bpp logic (git-fixes).\n- drm/msm/dp: reset the link phy params before link training (git-fixes).\n- drm/msm/dpu: capture snapshot on the first commit_done timeout (stable-fixes).\n- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (git-fixes).\n- drm/msm/dpu: do not play tricks with debug macros (git-fixes).\n- drm/msm/dpu: drop MSM_ENC_VBLANK support (stable-fixes).\n- drm/msm/dpu: move dpu_encoder\u0027s connector assignment to atomic_enable() (git-fixes).\n- drm/msm/dpu: split dpu_encoder_wait_for_event into two functions (stable-fixes).\n- drm/msm/dpu: take plane rotation into account for wide planes (git-fixes).\n- drm/msm/dpu: try multirect based on mdp clock limits (stable-fixes).\n- drm/msm/dpu: use drmm-managed allocation for dpu_encoder_phys (stable-fixes).\n- drm/msm/mdss: Rename path references to mdp_path (stable-fixes).\n- drm/msm/mdss: switch mdss to use devm_of_icc_get() (stable-fixes).\n- drm/msm: Reduce fallout of fence signaling vs reclaim hangs (stable-fixes).\n- drm/nouveau: prime: fix refcount underflow (git-fixes).\n- drm/panel: nt36523: Set 120Hz fps for xiaomi,elish panels (stable-fixes).\n- drm/radeon/evergreen_cs: Clean up errors in evergreen_cs.c (bsc#1229024).\n- drm/radeon: Remove __counted_by from StateArray.states[] (git-fixes).\n- drm/rockchip: vop2: clear afbc en and transform bit for cluster window at linear mode (stable-fixes).\n- drm/virtio: Fix type of dma-fence context variable (git-fixes).\n- drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes).\n- drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes).\n- drm/vmwgfx: Fix prime with external buffers (git-fixes).\n- efi/libstub: Zero initialize heap allocated struct screen_info (git-fixes).\n- evm: do not copy up \u0027security.evm\u0027 xattr (git-fixes).\n- firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid (stable-fixes).\n- fs/netfs/fscache_cookie: add missing \"n_accesses\" check (bsc#1229455).\n- fuse: Initialize beyond-EOF page contents before setting uptodate (bsc#1229456).\n- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (git-fixes).\n- genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (git-fixes).\n- genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (git-fixes).\n- gfs2: setattr_chown: Add missing initialization (git-fixes).\n- gpio: mlxbf3: Support shutdown() function (git-fixes).\n- gpio: prevent potential speculation leaks in gpio_device_get_desc() (stable-fixes).\n- gpio: sysfs: extend the critical section for unregistering sysfs devices (stable-fixes).\n- gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes).\n- hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes).\n- hwmon: (ltc2992) Avoid division by zero (stable-fixes).\n- hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() (git-fixes).\n- hwmon: (pc87360) Bounds check data-\u003einnr usage (stable-fixes).\n- i2c: Fix conditional for substituting empty ACPI functions (stable-fixes).\n- i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes).\n- i2c: qcom-geni: Add missing clk_disable_unprepare in geni_i2c_runtime_resume (git-fixes).\n- i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes).\n- i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes).\n- i2c: riic: avoid potential division by zero (stable-fixes).\n- i2c: smbus: Improve handling of stuck alerts (git-fixes).\n- i2c: smbus: Send alert notifications to all devices if source not found (git-fixes).\n- i2c: stm32f7: Add atomic_xfer method to driver (stable-fixes).\n- i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer (stable-fixes).\n- i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out (stable-fixes).\n- i915/perf: Remove code to update PWR_CLK_STATE for gen12 (git-fixes).\n- ice: Fix NULL pointer access, if PF does not support SRIOV_LAG (bsc#1228737).\n- io_uring/advise: support 64-bit lengths (git-fixes).\n- io_uring: Drop per-ctx dummy_ubuf (git-fixes).\n- io_uring: Fix probe of disabled operations (git-fixes).\n- io_uring: fix io_match_task must_hold (git-fixes).\n- io_uring: tighten task exit cancellations (git-fixes).\n- iommu/amd: Convert comma to semicolon (git-fixes).\n- iommu/vt-d: Fix identity map bounds in si_domain_init() (git-fixes).\n- iommufd/device: Fix hwpt at err_unresv in iommufd_device_do_replace() (git-fixes).\n- ip6_tunnel: Fix broken GRO (bsc#1229444).\n- ipv6: sr: fix incorrect unregister order (git-fixes).\n- irqdomain: Fixed unbalanced fwnode get and put (git-fixes).\n- jfs: Fix shift-out-of-bounds in dbDiscardAG (git-fixes).\n- jfs: define xtree root and page independently (git-fixes).\n- jfs: fix null ptr deref in dtInsertEntry (git-fixes).\n- jump_label: Clarify condition in static_key_fast_inc_not_disabled() (git-fixes).\n- jump_label: Fix concurrency issues in static_key_slow_dec() (git-fixes).\n- jump_label: Fix the fix, brown paper bags galore (git-fixes).\n- jump_label: Simplify and clarify static_key_fast_inc_cpus_locked() (git-fixes).\n- kABI fix of: virtio-crypto: handle config changed by work queue (git-fixes).\n- kABI workaround for sound core UMP conversion (stable-fixes).\n- kabi fix for KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes).\n- kabi fix for SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes).\n- kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783)\n- kcov: properly check for softirq context (git-fixes).\n- kernel-binary: generate and install compile_commands.json (bsc#1228971)\n- kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy() (bsc#1229134).\n- kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files (git-fixes).\n- kprobes: Fix to check symbol prefixes correctly (git-fixes).\n- kprobes: Prohibit probing on CFI preamble symbol (git-fixes).\n- kvm: s390: Reject memory region operations for ucontrol VMs (git-fixes bsc#1229168).\n- libbpf: Add missing LIBBPF_API annotation to libbpf_set_memlock_rlim API (git-fixes).\n- libbpf: Apply map_set_def_max_entries() for inner_maps on creation (git-fixes).\n- libbpf: Fix faccessat() usage on Android (git-fixes).\n- libbpf: Use OPTS_SET() macro in bpf_xdp_query() (git-fixes).\n- md-cluster: fix hanging issue while a new disk adding (bsc#1223395).\n- md-cluster: fix hanging issue while a new disk adding (bsc#1223395).\n- md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395).\n- md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395).\n- md-cluster: keeping kabi compatibility for upstream commit 35a0a409fa26 (bsc#1223395).\n- md/md-bitmap: fix writing non bitmap pages (git-fixes).\n- md/raid1: set max_sectors during early return from choose_slow_rdev() (git-fixes).\n- md/raid1: support read error check (git-fixes).\n- md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (git-fixes).\n- md/raid5: fix spares errors about rcu usage (git-fixes).\n- md/raid5: recheck if reshape has finished with device_lock held (git-fixes).\n- md: Do not wait for MD_RECOVERY_NEEDED for HOT_REMOVE_DISK ioctl (git-fixes).\n- md: add a mddev_add_trace_msg helper (git-fixes).\n- md: add check for sleepers in md_wakeup_thread() (git-fixes).\n- md: change the return value type of md_write_start to void (git-fixes).\n- md: do not account sync_io if iostats of the disk is disabled (git-fixes).\n- md: do not delete safemode_timer in mddev_suspend (git-fixes).\n- md: factor out a helper exceed_read_errors() to check read_errors (git-fixes).\n- md: fix a suspicious RCU usage warning (git-fixes).\n- media: Revert \"media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()\" (git-fixes).\n- media: amphion: Remove lock in s_ctrl callback (stable-fixes).\n- media: drivers/media/dvb-core: copy user arrays safely (stable-fixes).\n- media: pci: cx23885: check cx23885_vdev_init() return (stable-fixes).\n- media: uvcvideo: Add quirk for invalid dev_sof in Logitech C920 (git-fixes).\n- media: uvcvideo: Disable autosuspend for Insta360 Link (stable-fixes).\n- media: uvcvideo: Fix the bandwdith quirk on USB 3.x (stable-fixes).\n- media: uvcvideo: Ignore empty TS packets (stable-fixes).\n- media: uvcvideo: Quirk for invalid dev_sof in Logitech C922 (stable-fixes).\n- media: xc2028: avoid use-after-free in load_firmware_cb() (stable-fixes).\n- memcg: protect concurrent access to mem_cgroup_idr (git-fixes).\n- memory: stm32-fmc2-ebi: check regmap_read return value (stable-fixes).\n- memory: tegra: Skip SID programming if SID registers are not set (stable-fixes).\n- minmax: add a few more MIN_T/MAX_T users (bsc#1229024).\n- minmax: avoid overly complicated constant expressions in VM code (bsc#1229024).\n- minmax: do not use max() in situations that want a C constant expression (bsc#1229024).\n- minmax: fix up min3() and max3() too (bsc#1229024).\n- minmax: improve macro expansion and type checking (bsc#1229024).\n- minmax: make generic MIN() and MAX() macros available everywhere (bsc#1229024).\n- minmax: simplify and clarify min_t()/max_t() implementation (bsc#1229024).\n- minmax: simplify min()/max()/clamp() implementation (bsc#1229024).\n- mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes).\n- mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).\n- mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes).\n- mmc: mmc_test: Fix NULL dereference on allocation failure (git-fixes).\n- mmc: mtk-sd: receive cmd8 data when hs400 tuning fail (git-fixes).\n- net/iucv: fix the allocation size of iucv_path_table array (git-fixes bsc#1229451).\n- net/iucv: fix use after free in iucv_sock_close() (bsc#1228973).\n- net/rds: fix possible cp null dereference (git-fixes).\n- net/sched: initialize noop_qdisc owner (git-fixes).\n- net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes).\n- net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() (git-fixes).\n- net: fix sk_memory_allocated_{add|sub} vs softirqs (bsc#1228757).\n- net: mana: Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530).\n- net: mana: Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086).\n- net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154).\n- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).\n- net: missing check virtio (git-fixes).\n- net: phy: micrel: Fix the KSZ9131 MDI-X status issue (git-fixes).\n- net: phy: realtek: add support for RTL8366S Gigabit PHY (git-fixes).\n- net: usb: qmi_wwan: fix memory leak for not ip packets (git-fixes).\n- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes).\n- netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462).\n- nfc: pn533: Add poll mod list filling check (git-fixes).\n- nfs: do not invalidate dentries on transient errors (git-fixes).\n- nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes).\n- nfs: make the rpc_stat per net namespace (git-fixes).\n- nfs: pass explicit offset/count to trace events (git-fixes).\n- nfs: propagate readlink errors in nfs_symlink_filler (git-fixes).\n- nouveau/firmware: use dma non-coherent allocator (git-fixes).\n- nvme-multipath: find NUMA path only for online numa-node (git-fixes).\n- nvme-multipath: implement \"queue-depth\" iopolicy (bsc#1227706).\n- nvme-multipath: prepare for \"queue-depth\" iopolicy (bsc#1227706).\n- nvme-pci: Fix the instructions for disabling power management (git-fixes).\n- nvme-pci: add missing condition check for existence of mapped data (git-fixes).\n- nvme-pci: do not directly handle subsys reset fallout (bsc#1220066).\n- nvme-sysfs: add \u0027tls_configured_key\u0027 sysfs attribute (bsc#1221857).\n- nvme-sysfs: add \u0027tls_keyring\u0027 attribute (bsc#1221857).\n- nvme-tcp: check for invalidated or revoked key (bsc#1221857).\n- nvme-tcp: sanitize TLS key handling (bsc#1221857).\n- nvme: add a newline to the \u0027tls_key\u0027 sysfs attribute (bsc#1221857).\n- nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes).\n- nvme: avoid double free special payload (git-fixes).\n- nvme: fix NVME_NS_DEAC may incorrectly identifying the disk as EXT_LBA (git-fixes).\n- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).\n- nvme: split off TLS sysfs attributes into a separate group (bsc#1221857).\n- nvme: tcp: remove unnecessary goto statement (bsc#1221857).\n- nvme_core: scan namespaces asynchronously (bsc#1224105).\n- nvmet-auth: fix nvmet_auth hash error handling (git-fixes).\n- nvmet: always initialize cqe.result (git-fixes).\n- nvmet: do not return \u0027reserved\u0027 for empty TSAS values (git-fixes).\n- nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes).\n- nvmet: make \u0027tsas\u0027 attribute idempotent for RDMA (git-fixes).\n- ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410).\n- padata: Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes).\n- perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes).\n- pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE (git-fixes).\n- pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins (git-fixes).\n- pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes).\n- pinctrl: starfive: jh7110: Correct the level trigger configuration of iev register (git-fixes).\n- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes).\n- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes).\n- platform/surface: aggregator: Fix warning when controller is destroyed in probe (git-fixes).\n- platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779).\n- platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779).\n- platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779).\n- platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779).\n- platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779).\n- platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779).\n- platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779).\n- platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779).\n- platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779).\n- platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779).\n- platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779).\n- platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779).\n- platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779).\n- platform/x86/intel/ifs: Initialize union ifs_status to zero (git-fixes).\n- platform/x86: lg-laptop: fix %s null argument warning (stable-fixes).\n- power: supply: axp288_charger: Fix constant_charge_voltage writes (git-fixes).\n- power: supply: axp288_charger: Round constant_charge_voltage writes down (git-fixes).\n- power: supply: qcom_battmgr: return EAGAIN when firmware service is not up (git-fixes).\n- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869).\n- powerpc/io: Avoid clang null pointer arithmetic warnings (bsc#1194869).\n- powerpc/kexec: make the update_cpus_node() function public (bsc#1194869).\n- powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869).\n- powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869).\n- powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869).\n- powerpc/pseries: Whitelist dtl slub object for copying to userspace (bsc#1194869).\n- powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869).\n- powerpc/topology: Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).\n- powerpc/xmon: Check cpu id in commands \"c#\", \"dp#\" and \"dx#\" (bsc#1194869).\n- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869).\n- powerpc: xor_vmx: Add \u0027-mhard-float\u0027 to CFLAGS (bsc#1194869).\n- printk/panic: Allow cpu backtraces to be written into ringbuffer during panic (bsc#1225607).\n- reiserfs: fix uninit-value in comp_keys (git-fixes).\n- rtc: nct3018y: fix possible NULL dereference (stable-fixes).\n- s390/cpum_cf: Fix endless loop in CF_DIAG event stop (git-fixes bsc#1229171).\n- s390/dasd: fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229173).\n- s390/dasd: fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229452).\n- s390/pci: Add missing virt_to_phys() for directed DIBV (git-fixes bsc#1229174).\n- s390/pci: Allow allocation of more than 1 MSI interrupt (git-fixes bsc#1229172).\n- s390/pci: Refactor arch_setup_msi_irqs() (git-fixes bsc#1229172).\n- s390/pkey: harmonize pkey s390 debug feature calls (bsc#1228720).\n- s390/pkey: introduce dynamic debugging for pkey (bsc#1228720).\n- s390/sclp: Prevent release of buffer in I/O (git-fixes bsc#1229169).\n- s390/uv: Panic for set and remove shared access UVC errors (git-fixes bsc#1229170).\n- samples/bpf: syscall_tp_user: Fix array out-of-bound access (git-fixes).\n- samples/bpf: syscall_tp_user: Rename num_progs into nr_tests (git-fixes).\n- sbitmap: use READ_ONCE to access map-\u003eword (stable-fixes).\n- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857).\n- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857).\n- scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857).\n- scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857).\n- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857).\n- scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857).\n- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857).\n- scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857).\n- scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850).\n- scsi: qla2xxx: Complete command early within lock (bsc#1228850).\n- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).\n- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).\n- scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850).\n- scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850).\n- scsi: qla2xxx: Fix flash read failure (bsc#1228850).\n- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).\n- scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850).\n- scsi: qla2xxx: Indent help text (bsc#1228850).\n- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).\n- scsi: qla2xxx: Remove unused struct \u0027scsi_dif_tuple\u0027 (bsc#1228850).\n- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850).\n- scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850).\n- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).\n- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).\n- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).\n- selftest/bpf: Add map_in_maps with BPF_MAP_TYPE_PERF_EVENT_ARRAY values (git-fixes).\n- selftests/bpf: Add a test to verify previous stacksafe() fix (bsc#1225903).\n- selftests/bpf: Add assert for user stacks in test_task_stack (git-fixes).\n- selftests/bpf: Add netkit to tc_redirect selftest (git-fixes).\n- selftests/bpf: De-veth-ize the tc_redirect test case (git-fixes).\n- selftests/bpf: Disable IPv6 for lwt_redirect test (git-fixes).\n- selftests/bpf: Fix erroneous bitmask operation (git-fixes).\n- selftests/bpf: Fix issues in setup_classid_environment() (git-fixes).\n- selftests/bpf: Fix potential premature unload in bpf_testmod (git-fixes).\n- selftests/bpf: Fix pyperf180 compilation failure with clang18 (git-fixes).\n- selftests/bpf: Fix the flaky tc_redirect_dtime test (git-fixes).\n- selftests/bpf: Fix up xdp bonding test wrt feature flags (git-fixes).\n- selftests/bpf: Make linked_list failure test more robust (git-fixes).\n- selftests/bpf: Relax time_tai test for equal timestamps in tai_forward (git-fixes).\n- selftests/bpf: Skip module_fentry_shadow test when bpf_testmod is not available (git-fixes).\n- selftests/bpf: Wait for the netstamp_needed_key static key to be turned on (git-fixes).\n- selftests/bpf: fix RELEASE=1 build for tc_opts (git-fixes).\n- selftests/bpf: fix bpf_loop_bench for new callback verification scheme (git-fixes).\n- selftests/bpf: fix compiler warnings in RELEASE=1 mode (git-fixes).\n- selftests/bpf: satisfy compiler by having explicit return in btf test (git-fixes).\n- serial: core: check uartclk for zero to avoid divide by zero (stable-fixes).\n- soc: qcom: cmd-db: Map shared memory as WC, not WB (git-fixes).\n- soc: qcom: pmic_glink: Actually communicate when remote goes down (git-fixes).\n- soundwire: stream: fix programming slave ports for non-continous port maps (git-fixes).\n- spi: Add empty versions of ACPI functions (stable-fixes).\n- spi: microchip-core: fix init function not setting the master and motorola modes (git-fixes).\n- spi: microchip-core: switch to use modern name (stable-fixes).\n- spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes).\n- spi: spidev: Add missing spi_device_id for bh2228fv (git-fixes).\n- squashfs: squashfs_read_data need to check if the length is 0 (git-fixes).\n- ssb: Fix division by zero issue in ssb_calc_clock_rate (stable-fixes).\n- staging: iio: resolver: ad2s1210: fix use before initialization (stable-fixes).\n- staging: ks7010: disable bh on tx_dev_lock (stable-fixes).\n- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228849).\n- sunrpc: add a struct rpc_stats arg to rpc_create_args (git-fixes).\n- swiotlb: do not set total_used to 0 in swiotlb_create_debugfs_files() (git-fixes).\n- swiotlb: fix swiotlb_bounce() to do partial sync\u0027s correctly (git-fixes).\n- syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes).\n- thermal/drivers/broadcom: Fix race between removal and clock disable (git-fixes).\n- thermal: bcm2835: Convert to platform remove callback returning void (stable-fixes).\n- thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes).\n- tools/perf: Fix perf bench epoll to enable the run when some CPU\u0027s are offline (bsc#1227747).\n- tools/perf: Fix perf bench futex to enable the run when some CPU\u0027s are offline (bsc#1227747).\n- tools/perf: Fix timing issue with parallel threads in perf bench wake-up-parallel (bsc#1227747).\n- tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids (git-fixes).\n- tools/resolve_btfids: Fix cross-compilation to non-host endianness (git-fixes).\n- tools/resolve_btfids: Refactor set sorting with types from btf_ids.h (git-fixes).\n- tools/resolve_btfids: fix build with musl libc (git-fixes).\n- trace/pid_list: Change gfp flags in pid_list_fill_irq() (git-fixes).\n- tracing: Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes).\n- tty: atmel_serial: use the correct RTS flag (git-fixes).\n- tty: serial: fsl_lpuart: mark last busy before uart_add_one_port (git-fixes).\n- usb: cdnsp: fix for Link TRB with TC (git-fixes).\n- usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function (git-fixes).\n- usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (git-fixes).\n- usb: dwc3: core: Skip setting event buffers for host only controllers (stable-fixes).\n- usb: dwc3: omap: add missing depopulate in probe error path (git-fixes).\n- usb: dwc3: st: add missing depopulate in probe error path (git-fixes).\n- usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes).\n- usb: gadget: core: Check for unset descriptor (git-fixes).\n- usb: gadget: fsl: Increase size of name buffer for endpoints (stable-fixes).\n- usb: gadget: u_audio: Check return codes from usb_ep_enable and config_ep_by_speed (git-fixes).\n- usb: gadget: u_serial: Set start_delayed during suspend (git-fixes).\n- usb: gadget: uvc: cleanup request when not in correct state (stable-fixes).\n- usb: typec: fsa4480: Add support to swap SBU orientation (git-fixes).\n- usb: typec: fsa4480: Check if the chip is really there (git-fixes).\n- usb: typec: fsa4480: Relax CHIP_ID check (git-fixes).\n- usb: typec: fsa4480: add support for Audio Accessory Mode (git-fixes).\n- usb: typec: fsa4480: rework mux \u0026 switch setup to handle more states (git-fixes).\n- usb: vhci-hcd: Do not drop references before new references are gained (stable-fixes).\n- vfio/pci: fix potential memory leak in vfio_intx_enable() (git-fixes).\n- vhost-scsi: Handle vhost_vq_work_queue failures for events (git-fixes).\n- vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes).\n- vhost/vsock: always initialize seqpacket_allow (git-fixes).\n- vhost: Release worker mutex during flushes (git-fixes).\n- vhost: Use virtqueue mutex for swapping worker (git-fixes).\n- virt: guest_memfd: fix reference leak on hwpoisoned page (git-fixes).\n- virtio-crypto: handle config changed by work queue (git-fixes).\n- virtio: reenable config if freezing device failed (git-fixes).\n- virtio_net: use u64_stats_t infra to avoid data-races (git-fixes).\n- virtiofs: forbid newlines in tags (bsc#1229940).\n- wifi: ath12k: fix memory leak in ath12k_dp_rx_peer_frag_setup() (stable-fixes).\n- wifi: ath12k: fix soft lockup on suspend (git-fixes).\n- wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion (git-fixes).\n- wifi: cfg80211: fix reporting failed MLO links status with cfg80211_connect_done (git-fixes).\n- wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes).\n- wifi: mac80211: use monitor sdata with driver only if desired (git-fixes).\n- wifi: mwifiex: duplicate static structs used in driver instances (git-fixes).\n- wifi: nl80211: disallow setting special AP channel widths (stable-fixes).\n- wifi: nl80211: do not give key data to userspace (stable-fixes).\n- wifi: rtw88: usb: Fix disconnection after beacon loss (stable-fixes).\n- wifi: wfx: repair open network AP mode (git-fixes).\n- workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).\n- workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454).\n- x86/asm: Use %c/%n instead of %P operand modifier in asm templates (git-fixes).\n- x86/entry/64: Remove obsolete comment on tracing vs. SYSRET (git-fixes).\n- x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes).\n- x86/mm: Fix pti_clone_pgtable() alignment assumption (git-fixes).\n- x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes).\n- x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks() (git-fixes).\n- x86/numa: Fix the address overlap check in numa_fill_memblks() (git-fixes).\n- x86/numa: Fix the sort compare func used in numa_fill_memblks() (git-fixes).\n- x86/numa: Introduce numa_fill_memblks() (git-fixes).\n- x86/pci: Skip early E820 check for ECAM region (git-fixes).\n- x86/xen: Convert comma to semicolon (git-fixes).\n- xfs: Fix missing interval for missing_owner in xfs fsmap (git-fixes).\n- xfs: Fix the owner setting issue for rmap query in xfs fsmap (git-fixes).\n- xfs: allow cross-linking special files without project quota (git-fixes).\n- xfs: allow symlinks with short remote targets (bsc#1229160).\n- xfs: allow unlinked symlinks and dirs with zero size (git-fixes).\n- xfs: attr forks require attr, not attr2 (git-fixes).\n- xfs: convert comma to semicolon (git-fixes).\n- xfs: do not use current-\u003ejournal_info (git-fixes).\n- xfs: fix unlink vs cluster buffer instantiation race (git-fixes).\n- xfs: honor init_xattrs in xfs_init_new_inode for !ATTR fs (git-fixes).\n- xfs: journal geometry is not properly bounds checked (git-fixes).\n- xfs: match lock mode in xfs_buffered_write_iomap_begin() (git-fixes).\n- xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery (git-fixes).\n- xfs: upgrade the extent counters in xfs_reflink_end_cow_extent later (git-fixes).\n- xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes).\n- xfs: use consistent uid/gid when grabbing dquots for inodes (git-fixes).\n- xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes).\n- xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-61",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20044-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20044-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520044-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20044-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021334.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1193454",
"url": "https://bugzilla.suse.com/1193454"
},
{
"category": "self",
"summary": "SUSE Bug 1194869",
"url": "https://bugzilla.suse.com/1194869"
},
{
"category": "self",
"summary": "SUSE Bug 1205462",
"url": "https://bugzilla.suse.com/1205462"
},
{
"category": "self",
"summary": "SUSE Bug 1208783",
"url": "https://bugzilla.suse.com/1208783"
},
{
"category": "self",
"summary": "SUSE Bug 1213123",
"url": "https://bugzilla.suse.com/1213123"
},
{
"category": "self",
"summary": "SUSE Bug 1214285",
"url": "https://bugzilla.suse.com/1214285"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1220066",
"url": "https://bugzilla.suse.com/1220066"
},
{
"category": "self",
"summary": "SUSE Bug 1220252",
"url": "https://bugzilla.suse.com/1220252"
},
{
"category": "self",
"summary": "SUSE Bug 1220877",
"url": "https://bugzilla.suse.com/1220877"
},
{
"category": "self",
"summary": "SUSE Bug 1221326",
"url": "https://bugzilla.suse.com/1221326"
},
{
"category": "self",
"summary": "SUSE Bug 1221630",
"url": "https://bugzilla.suse.com/1221630"
},
{
"category": "self",
"summary": "SUSE Bug 1221645",
"url": "https://bugzilla.suse.com/1221645"
},
{
"category": "self",
"summary": "SUSE Bug 1221652",
"url": "https://bugzilla.suse.com/1221652"
},
{
"category": "self",
"summary": "SUSE Bug 1221857",
"url": "https://bugzilla.suse.com/1221857"
},
{
"category": "self",
"summary": "SUSE Bug 1222254",
"url": "https://bugzilla.suse.com/1222254"
},
{
"category": "self",
"summary": "SUSE Bug 1222335",
"url": "https://bugzilla.suse.com/1222335"
},
{
"category": "self",
"summary": "SUSE Bug 1222350",
"url": "https://bugzilla.suse.com/1222350"
},
{
"category": "self",
"summary": "SUSE Bug 1222364",
"url": "https://bugzilla.suse.com/1222364"
},
{
"category": "self",
"summary": "SUSE Bug 1222372",
"url": "https://bugzilla.suse.com/1222372"
},
{
"category": "self",
"summary": "SUSE Bug 1222387",
"url": "https://bugzilla.suse.com/1222387"
},
{
"category": "self",
"summary": "SUSE Bug 1222433",
"url": "https://bugzilla.suse.com/1222433"
},
{
"category": "self",
"summary": "SUSE Bug 1222434",
"url": "https://bugzilla.suse.com/1222434"
},
{
"category": "self",
"summary": "SUSE Bug 1222625",
"url": "https://bugzilla.suse.com/1222625"
},
{
"category": "self",
"summary": "SUSE Bug 1222633",
"url": "https://bugzilla.suse.com/1222633"
},
{
"category": "self",
"summary": "SUSE Bug 1222634",
"url": "https://bugzilla.suse.com/1222634"
},
{
"category": "self",
"summary": "SUSE Bug 1222808",
"url": "https://bugzilla.suse.com/1222808"
},
{
"category": "self",
"summary": "SUSE Bug 1222967",
"url": "https://bugzilla.suse.com/1222967"
},
{
"category": "self",
"summary": "SUSE Bug 1222973",
"url": "https://bugzilla.suse.com/1222973"
},
{
"category": "self",
"summary": "SUSE Bug 1223053",
"url": "https://bugzilla.suse.com/1223053"
},
{
"category": "self",
"summary": "SUSE Bug 1223074",
"url": "https://bugzilla.suse.com/1223074"
},
{
"category": "self",
"summary": "SUSE Bug 1223191",
"url": "https://bugzilla.suse.com/1223191"
},
{
"category": "self",
"summary": "SUSE Bug 1223395",
"url": "https://bugzilla.suse.com/1223395"
},
{
"category": "self",
"summary": "SUSE Bug 1223635",
"url": "https://bugzilla.suse.com/1223635"
},
{
"category": "self",
"summary": "SUSE Bug 1223720",
"url": "https://bugzilla.suse.com/1223720"
},
{
"category": "self",
"summary": "SUSE Bug 1223731",
"url": "https://bugzilla.suse.com/1223731"
},
{
"category": "self",
"summary": "SUSE Bug 1223742",
"url": "https://bugzilla.suse.com/1223742"
},
{
"category": "self",
"summary": "SUSE Bug 1223763",
"url": "https://bugzilla.suse.com/1223763"
},
{
"category": "self",
"summary": "SUSE Bug 1223767",
"url": "https://bugzilla.suse.com/1223767"
},
{
"category": "self",
"summary": "SUSE Bug 1223777",
"url": "https://bugzilla.suse.com/1223777"
},
{
"category": "self",
"summary": "SUSE Bug 1223803",
"url": "https://bugzilla.suse.com/1223803"
},
{
"category": "self",
"summary": "SUSE Bug 1224105",
"url": "https://bugzilla.suse.com/1224105"
},
{
"category": "self",
"summary": "SUSE Bug 1224415",
"url": "https://bugzilla.suse.com/1224415"
},
{
"category": "self",
"summary": "SUSE Bug 1224485",
"url": "https://bugzilla.suse.com/1224485"
},
{
"category": "self",
"summary": "SUSE Bug 1224496",
"url": "https://bugzilla.suse.com/1224496"
},
{
"category": "self",
"summary": "SUSE Bug 1224510",
"url": "https://bugzilla.suse.com/1224510"
},
{
"category": "self",
"summary": "SUSE Bug 1224535",
"url": "https://bugzilla.suse.com/1224535"
},
{
"category": "self",
"summary": "SUSE Bug 1224631",
"url": "https://bugzilla.suse.com/1224631"
},
{
"category": "self",
"summary": "SUSE Bug 1224636",
"url": "https://bugzilla.suse.com/1224636"
},
{
"category": "self",
"summary": "SUSE Bug 1224690",
"url": "https://bugzilla.suse.com/1224690"
},
{
"category": "self",
"summary": "SUSE Bug 1224694",
"url": "https://bugzilla.suse.com/1224694"
},
{
"category": "self",
"summary": "SUSE Bug 1224700",
"url": "https://bugzilla.suse.com/1224700"
},
{
"category": "self",
"summary": "SUSE Bug 1224711",
"url": "https://bugzilla.suse.com/1224711"
},
{
"category": "self",
"summary": "SUSE Bug 1225475",
"url": "https://bugzilla.suse.com/1225475"
},
{
"category": "self",
"summary": "SUSE Bug 1225582",
"url": "https://bugzilla.suse.com/1225582"
},
{
"category": "self",
"summary": "SUSE Bug 1225607",
"url": "https://bugzilla.suse.com/1225607"
},
{
"category": "self",
"summary": "SUSE Bug 1225718",
"url": "https://bugzilla.suse.com/1225718"
},
{
"category": "self",
"summary": "SUSE Bug 1225751",
"url": "https://bugzilla.suse.com/1225751"
},
{
"category": "self",
"summary": "SUSE Bug 1225814",
"url": "https://bugzilla.suse.com/1225814"
},
{
"category": "self",
"summary": "SUSE Bug 1225832",
"url": "https://bugzilla.suse.com/1225832"
},
{
"category": "self",
"summary": "SUSE Bug 1225838",
"url": "https://bugzilla.suse.com/1225838"
},
{
"category": "self",
"summary": "SUSE Bug 1225903",
"url": "https://bugzilla.suse.com/1225903"
},
{
"category": "self",
"summary": "SUSE Bug 1226031",
"url": "https://bugzilla.suse.com/1226031"
},
{
"category": "self",
"summary": "SUSE Bug 1226127",
"url": "https://bugzilla.suse.com/1226127"
},
{
"category": "self",
"summary": "SUSE Bug 1226502",
"url": "https://bugzilla.suse.com/1226502"
},
{
"category": "self",
"summary": "SUSE Bug 1226530",
"url": "https://bugzilla.suse.com/1226530"
},
{
"category": "self",
"summary": "SUSE Bug 1226588",
"url": "https://bugzilla.suse.com/1226588"
},
{
"category": "self",
"summary": "SUSE Bug 1226604",
"url": "https://bugzilla.suse.com/1226604"
},
{
"category": "self",
"summary": "SUSE Bug 1226743",
"url": "https://bugzilla.suse.com/1226743"
},
{
"category": "self",
"summary": "SUSE Bug 1226751",
"url": "https://bugzilla.suse.com/1226751"
},
{
"category": "self",
"summary": "SUSE Bug 1226765",
"url": "https://bugzilla.suse.com/1226765"
},
{
"category": "self",
"summary": "SUSE Bug 1226798",
"url": "https://bugzilla.suse.com/1226798"
},
{
"category": "self",
"summary": "SUSE Bug 1226801",
"url": "https://bugzilla.suse.com/1226801"
},
{
"category": "self",
"summary": "SUSE Bug 1226834",
"url": "https://bugzilla.suse.com/1226834"
},
{
"category": "self",
"summary": "SUSE Bug 1226874",
"url": "https://bugzilla.suse.com/1226874"
},
{
"category": "self",
"summary": "SUSE Bug 1226885",
"url": "https://bugzilla.suse.com/1226885"
},
{
"category": "self",
"summary": "SUSE Bug 1226920",
"url": "https://bugzilla.suse.com/1226920"
},
{
"category": "self",
"summary": "SUSE Bug 1227149",
"url": "https://bugzilla.suse.com/1227149"
},
{
"category": "self",
"summary": "SUSE Bug 1227182",
"url": "https://bugzilla.suse.com/1227182"
},
{
"category": "self",
"summary": "SUSE Bug 1227383",
"url": "https://bugzilla.suse.com/1227383"
},
{
"category": "self",
"summary": "SUSE Bug 1227437",
"url": "https://bugzilla.suse.com/1227437"
},
{
"category": "self",
"summary": "SUSE Bug 1227492",
"url": "https://bugzilla.suse.com/1227492"
},
{
"category": "self",
"summary": "SUSE Bug 1227493",
"url": "https://bugzilla.suse.com/1227493"
},
{
"category": "self",
"summary": "SUSE Bug 1227494",
"url": "https://bugzilla.suse.com/1227494"
},
{
"category": "self",
"summary": "SUSE Bug 1227618",
"url": "https://bugzilla.suse.com/1227618"
},
{
"category": "self",
"summary": "SUSE Bug 1227620",
"url": "https://bugzilla.suse.com/1227620"
},
{
"category": "self",
"summary": "SUSE Bug 1227623",
"url": "https://bugzilla.suse.com/1227623"
},
{
"category": "self",
"summary": "SUSE Bug 1227627",
"url": "https://bugzilla.suse.com/1227627"
},
{
"category": "self",
"summary": "SUSE Bug 1227634",
"url": "https://bugzilla.suse.com/1227634"
},
{
"category": "self",
"summary": "SUSE Bug 1227706",
"url": "https://bugzilla.suse.com/1227706"
},
{
"category": "self",
"summary": "SUSE Bug 1227722",
"url": "https://bugzilla.suse.com/1227722"
},
{
"category": "self",
"summary": "SUSE Bug 1227724",
"url": "https://bugzilla.suse.com/1227724"
},
{
"category": "self",
"summary": "SUSE Bug 1227725",
"url": "https://bugzilla.suse.com/1227725"
},
{
"category": "self",
"summary": "SUSE Bug 1227728",
"url": "https://bugzilla.suse.com/1227728"
},
{
"category": "self",
"summary": "SUSE Bug 1227729",
"url": "https://bugzilla.suse.com/1227729"
},
{
"category": "self",
"summary": "SUSE Bug 1227732",
"url": "https://bugzilla.suse.com/1227732"
},
{
"category": "self",
"summary": "SUSE Bug 1227733",
"url": "https://bugzilla.suse.com/1227733"
},
{
"category": "self",
"summary": "SUSE Bug 1227734",
"url": "https://bugzilla.suse.com/1227734"
},
{
"category": "self",
"summary": "SUSE Bug 1227747",
"url": "https://bugzilla.suse.com/1227747"
},
{
"category": "self",
"summary": "SUSE Bug 1227750",
"url": "https://bugzilla.suse.com/1227750"
},
{
"category": "self",
"summary": "SUSE Bug 1227754",
"url": "https://bugzilla.suse.com/1227754"
},
{
"category": "self",
"summary": "SUSE Bug 1227758",
"url": "https://bugzilla.suse.com/1227758"
},
{
"category": "self",
"summary": "SUSE Bug 1227760",
"url": "https://bugzilla.suse.com/1227760"
},
{
"category": "self",
"summary": "SUSE Bug 1227761",
"url": "https://bugzilla.suse.com/1227761"
},
{
"category": "self",
"summary": "SUSE Bug 1227764",
"url": "https://bugzilla.suse.com/1227764"
},
{
"category": "self",
"summary": "SUSE Bug 1227766",
"url": "https://bugzilla.suse.com/1227766"
},
{
"category": "self",
"summary": "SUSE Bug 1227770",
"url": "https://bugzilla.suse.com/1227770"
},
{
"category": "self",
"summary": "SUSE Bug 1227771",
"url": "https://bugzilla.suse.com/1227771"
},
{
"category": "self",
"summary": "SUSE Bug 1227772",
"url": "https://bugzilla.suse.com/1227772"
},
{
"category": "self",
"summary": "SUSE Bug 1227774",
"url": "https://bugzilla.suse.com/1227774"
},
{
"category": "self",
"summary": "SUSE Bug 1227781",
"url": "https://bugzilla.suse.com/1227781"
},
{
"category": "self",
"summary": "SUSE Bug 1227784",
"url": "https://bugzilla.suse.com/1227784"
},
{
"category": "self",
"summary": "SUSE Bug 1227785",
"url": "https://bugzilla.suse.com/1227785"
},
{
"category": "self",
"summary": "SUSE Bug 1227787",
"url": "https://bugzilla.suse.com/1227787"
},
{
"category": "self",
"summary": "SUSE Bug 1227790",
"url": "https://bugzilla.suse.com/1227790"
},
{
"category": "self",
"summary": "SUSE Bug 1227791",
"url": "https://bugzilla.suse.com/1227791"
},
{
"category": "self",
"summary": "SUSE Bug 1227792",
"url": "https://bugzilla.suse.com/1227792"
},
{
"category": "self",
"summary": "SUSE Bug 1227796",
"url": "https://bugzilla.suse.com/1227796"
},
{
"category": "self",
"summary": "SUSE Bug 1227798",
"url": "https://bugzilla.suse.com/1227798"
},
{
"category": "self",
"summary": "SUSE Bug 1227799",
"url": "https://bugzilla.suse.com/1227799"
},
{
"category": "self",
"summary": "SUSE Bug 1227802",
"url": "https://bugzilla.suse.com/1227802"
},
{
"category": "self",
"summary": "SUSE Bug 1227808",
"url": "https://bugzilla.suse.com/1227808"
},
{
"category": "self",
"summary": "SUSE Bug 1227810",
"url": "https://bugzilla.suse.com/1227810"
},
{
"category": "self",
"summary": "SUSE Bug 1227811",
"url": "https://bugzilla.suse.com/1227811"
},
{
"category": "self",
"summary": "SUSE Bug 1227812",
"url": "https://bugzilla.suse.com/1227812"
},
{
"category": "self",
"summary": "SUSE Bug 1227815",
"url": "https://bugzilla.suse.com/1227815"
},
{
"category": "self",
"summary": "SUSE Bug 1227816",
"url": "https://bugzilla.suse.com/1227816"
},
{
"category": "self",
"summary": "SUSE Bug 1227818",
"url": "https://bugzilla.suse.com/1227818"
},
{
"category": "self",
"summary": "SUSE Bug 1227820",
"url": "https://bugzilla.suse.com/1227820"
},
{
"category": "self",
"summary": "SUSE Bug 1227823",
"url": "https://bugzilla.suse.com/1227823"
},
{
"category": "self",
"summary": "SUSE Bug 1227824",
"url": "https://bugzilla.suse.com/1227824"
},
{
"category": "self",
"summary": "SUSE Bug 1227826",
"url": "https://bugzilla.suse.com/1227826"
},
{
"category": "self",
"summary": "SUSE Bug 1227828",
"url": "https://bugzilla.suse.com/1227828"
},
{
"category": "self",
"summary": "SUSE Bug 1227829",
"url": "https://bugzilla.suse.com/1227829"
},
{
"category": "self",
"summary": "SUSE Bug 1227830",
"url": "https://bugzilla.suse.com/1227830"
},
{
"category": "self",
"summary": "SUSE Bug 1227832",
"url": "https://bugzilla.suse.com/1227832"
},
{
"category": "self",
"summary": "SUSE Bug 1227833",
"url": "https://bugzilla.suse.com/1227833"
},
{
"category": "self",
"summary": "SUSE Bug 1227834",
"url": "https://bugzilla.suse.com/1227834"
},
{
"category": "self",
"summary": "SUSE Bug 1227839",
"url": "https://bugzilla.suse.com/1227839"
},
{
"category": "self",
"summary": "SUSE Bug 1227840",
"url": "https://bugzilla.suse.com/1227840"
},
{
"category": "self",
"summary": "SUSE Bug 1227846",
"url": "https://bugzilla.suse.com/1227846"
},
{
"category": "self",
"summary": "SUSE Bug 1227849",
"url": "https://bugzilla.suse.com/1227849"
},
{
"category": "self",
"summary": "SUSE Bug 1227851",
"url": "https://bugzilla.suse.com/1227851"
},
{
"category": "self",
"summary": "SUSE Bug 1227853",
"url": "https://bugzilla.suse.com/1227853"
},
{
"category": "self",
"summary": "SUSE Bug 1227863",
"url": "https://bugzilla.suse.com/1227863"
},
{
"category": "self",
"summary": "SUSE Bug 1227864",
"url": "https://bugzilla.suse.com/1227864"
},
{
"category": "self",
"summary": "SUSE Bug 1227865",
"url": "https://bugzilla.suse.com/1227865"
},
{
"category": "self",
"summary": "SUSE Bug 1227867",
"url": "https://bugzilla.suse.com/1227867"
},
{
"category": "self",
"summary": "SUSE Bug 1227869",
"url": "https://bugzilla.suse.com/1227869"
},
{
"category": "self",
"summary": "SUSE Bug 1227870",
"url": "https://bugzilla.suse.com/1227870"
},
{
"category": "self",
"summary": "SUSE Bug 1227883",
"url": "https://bugzilla.suse.com/1227883"
},
{
"category": "self",
"summary": "SUSE Bug 1227884",
"url": "https://bugzilla.suse.com/1227884"
},
{
"category": "self",
"summary": "SUSE Bug 1227891",
"url": "https://bugzilla.suse.com/1227891"
},
{
"category": "self",
"summary": "SUSE Bug 1227893",
"url": "https://bugzilla.suse.com/1227893"
},
{
"category": "self",
"summary": "SUSE Bug 1227929",
"url": "https://bugzilla.suse.com/1227929"
},
{
"category": "self",
"summary": "SUSE Bug 1227950",
"url": "https://bugzilla.suse.com/1227950"
},
{
"category": "self",
"summary": "SUSE Bug 1227957",
"url": "https://bugzilla.suse.com/1227957"
},
{
"category": "self",
"summary": "SUSE Bug 1227981",
"url": "https://bugzilla.suse.com/1227981"
},
{
"category": "self",
"summary": "SUSE Bug 1228020",
"url": "https://bugzilla.suse.com/1228020"
},
{
"category": "self",
"summary": "SUSE Bug 1228021",
"url": "https://bugzilla.suse.com/1228021"
},
{
"category": "self",
"summary": "SUSE Bug 1228192",
"url": "https://bugzilla.suse.com/1228192"
},
{
"category": "self",
"summary": "SUSE Bug 1228235",
"url": "https://bugzilla.suse.com/1228235"
},
{
"category": "self",
"summary": "SUSE Bug 1228236",
"url": "https://bugzilla.suse.com/1228236"
},
{
"category": "self",
"summary": "SUSE Bug 1228247",
"url": "https://bugzilla.suse.com/1228247"
},
{
"category": "self",
"summary": "SUSE Bug 1228321",
"url": "https://bugzilla.suse.com/1228321"
},
{
"category": "self",
"summary": "SUSE Bug 1228409",
"url": "https://bugzilla.suse.com/1228409"
},
{
"category": "self",
"summary": "SUSE Bug 1228410",
"url": "https://bugzilla.suse.com/1228410"
},
{
"category": "self",
"summary": "SUSE Bug 1228426",
"url": "https://bugzilla.suse.com/1228426"
},
{
"category": "self",
"summary": "SUSE Bug 1228427",
"url": "https://bugzilla.suse.com/1228427"
},
{
"category": "self",
"summary": "SUSE Bug 1228429",
"url": "https://bugzilla.suse.com/1228429"
},
{
"category": "self",
"summary": "SUSE Bug 1228446",
"url": "https://bugzilla.suse.com/1228446"
},
{
"category": "self",
"summary": "SUSE Bug 1228447",
"url": "https://bugzilla.suse.com/1228447"
},
{
"category": "self",
"summary": "SUSE Bug 1228449",
"url": "https://bugzilla.suse.com/1228449"
},
{
"category": "self",
"summary": "SUSE Bug 1228450",
"url": "https://bugzilla.suse.com/1228450"
},
{
"category": "self",
"summary": "SUSE Bug 1228452",
"url": "https://bugzilla.suse.com/1228452"
},
{
"category": "self",
"summary": "SUSE Bug 1228456",
"url": "https://bugzilla.suse.com/1228456"
},
{
"category": "self",
"summary": "SUSE Bug 1228457",
"url": "https://bugzilla.suse.com/1228457"
},
{
"category": "self",
"summary": "SUSE Bug 1228458",
"url": "https://bugzilla.suse.com/1228458"
},
{
"category": "self",
"summary": "SUSE Bug 1228459",
"url": "https://bugzilla.suse.com/1228459"
},
{
"category": "self",
"summary": "SUSE Bug 1228460",
"url": "https://bugzilla.suse.com/1228460"
},
{
"category": "self",
"summary": "SUSE Bug 1228462",
"url": "https://bugzilla.suse.com/1228462"
},
{
"category": "self",
"summary": "SUSE Bug 1228463",
"url": "https://bugzilla.suse.com/1228463"
},
{
"category": "self",
"summary": "SUSE Bug 1228466",
"url": "https://bugzilla.suse.com/1228466"
},
{
"category": "self",
"summary": "SUSE Bug 1228467",
"url": "https://bugzilla.suse.com/1228467"
},
{
"category": "self",
"summary": "SUSE Bug 1228468",
"url": "https://bugzilla.suse.com/1228468"
},
{
"category": "self",
"summary": "SUSE Bug 1228469",
"url": "https://bugzilla.suse.com/1228469"
},
{
"category": "self",
"summary": "SUSE Bug 1228470",
"url": "https://bugzilla.suse.com/1228470"
},
{
"category": "self",
"summary": "SUSE Bug 1228472",
"url": "https://bugzilla.suse.com/1228472"
},
{
"category": "self",
"summary": "SUSE Bug 1228479",
"url": "https://bugzilla.suse.com/1228479"
},
{
"category": "self",
"summary": "SUSE Bug 1228480",
"url": "https://bugzilla.suse.com/1228480"
},
{
"category": "self",
"summary": "SUSE Bug 1228481",
"url": "https://bugzilla.suse.com/1228481"
},
{
"category": "self",
"summary": "SUSE Bug 1228482",
"url": "https://bugzilla.suse.com/1228482"
},
{
"category": "self",
"summary": "SUSE Bug 1228483",
"url": "https://bugzilla.suse.com/1228483"
},
{
"category": "self",
"summary": "SUSE Bug 1228484",
"url": "https://bugzilla.suse.com/1228484"
},
{
"category": "self",
"summary": "SUSE Bug 1228485",
"url": "https://bugzilla.suse.com/1228485"
},
{
"category": "self",
"summary": "SUSE Bug 1228486",
"url": "https://bugzilla.suse.com/1228486"
},
{
"category": "self",
"summary": "SUSE Bug 1228487",
"url": "https://bugzilla.suse.com/1228487"
},
{
"category": "self",
"summary": "SUSE Bug 1228489",
"url": "https://bugzilla.suse.com/1228489"
},
{
"category": "self",
"summary": "SUSE Bug 1228491",
"url": "https://bugzilla.suse.com/1228491"
},
{
"category": "self",
"summary": "SUSE Bug 1228492",
"url": "https://bugzilla.suse.com/1228492"
},
{
"category": "self",
"summary": "SUSE Bug 1228493",
"url": "https://bugzilla.suse.com/1228493"
},
{
"category": "self",
"summary": "SUSE Bug 1228494",
"url": "https://bugzilla.suse.com/1228494"
},
{
"category": "self",
"summary": "SUSE Bug 1228495",
"url": "https://bugzilla.suse.com/1228495"
},
{
"category": "self",
"summary": "SUSE Bug 1228496",
"url": "https://bugzilla.suse.com/1228496"
},
{
"category": "self",
"summary": "SUSE Bug 1228499",
"url": "https://bugzilla.suse.com/1228499"
},
{
"category": "self",
"summary": "SUSE Bug 1228500",
"url": "https://bugzilla.suse.com/1228500"
},
{
"category": "self",
"summary": "SUSE Bug 1228501",
"url": "https://bugzilla.suse.com/1228501"
},
{
"category": "self",
"summary": "SUSE Bug 1228502",
"url": "https://bugzilla.suse.com/1228502"
},
{
"category": "self",
"summary": "SUSE Bug 1228503",
"url": "https://bugzilla.suse.com/1228503"
},
{
"category": "self",
"summary": "SUSE Bug 1228505",
"url": "https://bugzilla.suse.com/1228505"
},
{
"category": "self",
"summary": "SUSE Bug 1228508",
"url": "https://bugzilla.suse.com/1228508"
},
{
"category": "self",
"summary": "SUSE Bug 1228509",
"url": "https://bugzilla.suse.com/1228509"
},
{
"category": "self",
"summary": "SUSE Bug 1228510",
"url": "https://bugzilla.suse.com/1228510"
},
{
"category": "self",
"summary": "SUSE Bug 1228511",
"url": "https://bugzilla.suse.com/1228511"
},
{
"category": "self",
"summary": "SUSE Bug 1228513",
"url": "https://bugzilla.suse.com/1228513"
},
{
"category": "self",
"summary": "SUSE Bug 1228515",
"url": "https://bugzilla.suse.com/1228515"
},
{
"category": "self",
"summary": "SUSE Bug 1228516",
"url": "https://bugzilla.suse.com/1228516"
},
{
"category": "self",
"summary": "SUSE Bug 1228518",
"url": "https://bugzilla.suse.com/1228518"
},
{
"category": "self",
"summary": "SUSE Bug 1228520",
"url": "https://bugzilla.suse.com/1228520"
},
{
"category": "self",
"summary": "SUSE Bug 1228525",
"url": "https://bugzilla.suse.com/1228525"
},
{
"category": "self",
"summary": "SUSE Bug 1228527",
"url": "https://bugzilla.suse.com/1228527"
},
{
"category": "self",
"summary": "SUSE Bug 1228530",
"url": "https://bugzilla.suse.com/1228530"
},
{
"category": "self",
"summary": "SUSE Bug 1228531",
"url": "https://bugzilla.suse.com/1228531"
},
{
"category": "self",
"summary": "SUSE Bug 1228539",
"url": "https://bugzilla.suse.com/1228539"
},
{
"category": "self",
"summary": "SUSE Bug 1228561",
"url": "https://bugzilla.suse.com/1228561"
},
{
"category": "self",
"summary": "SUSE Bug 1228563",
"url": "https://bugzilla.suse.com/1228563"
},
{
"category": "self",
"summary": "SUSE Bug 1228564",
"url": "https://bugzilla.suse.com/1228564"
},
{
"category": "self",
"summary": "SUSE Bug 1228565",
"url": "https://bugzilla.suse.com/1228565"
},
{
"category": "self",
"summary": "SUSE Bug 1228567",
"url": "https://bugzilla.suse.com/1228567"
},
{
"category": "self",
"summary": "SUSE Bug 1228568",
"url": "https://bugzilla.suse.com/1228568"
},
{
"category": "self",
"summary": "SUSE Bug 1228572",
"url": "https://bugzilla.suse.com/1228572"
},
{
"category": "self",
"summary": "SUSE Bug 1228576",
"url": "https://bugzilla.suse.com/1228576"
},
{
"category": "self",
"summary": "SUSE Bug 1228579",
"url": "https://bugzilla.suse.com/1228579"
},
{
"category": "self",
"summary": "SUSE Bug 1228580",
"url": "https://bugzilla.suse.com/1228580"
},
{
"category": "self",
"summary": "SUSE Bug 1228581",
"url": "https://bugzilla.suse.com/1228581"
},
{
"category": "self",
"summary": "SUSE Bug 1228582",
"url": "https://bugzilla.suse.com/1228582"
},
{
"category": "self",
"summary": "SUSE Bug 1228584",
"url": "https://bugzilla.suse.com/1228584"
},
{
"category": "self",
"summary": "SUSE Bug 1228586",
"url": "https://bugzilla.suse.com/1228586"
},
{
"category": "self",
"summary": "SUSE Bug 1228588",
"url": "https://bugzilla.suse.com/1228588"
},
{
"category": "self",
"summary": "SUSE Bug 1228590",
"url": "https://bugzilla.suse.com/1228590"
},
{
"category": "self",
"summary": "SUSE Bug 1228591",
"url": "https://bugzilla.suse.com/1228591"
},
{
"category": "self",
"summary": "SUSE Bug 1228599",
"url": "https://bugzilla.suse.com/1228599"
},
{
"category": "self",
"summary": "SUSE Bug 1228615",
"url": "https://bugzilla.suse.com/1228615"
},
{
"category": "self",
"summary": "SUSE Bug 1228616",
"url": "https://bugzilla.suse.com/1228616"
},
{
"category": "self",
"summary": "SUSE Bug 1228617",
"url": "https://bugzilla.suse.com/1228617"
},
{
"category": "self",
"summary": "SUSE Bug 1228625",
"url": "https://bugzilla.suse.com/1228625"
},
{
"category": "self",
"summary": "SUSE Bug 1228626",
"url": "https://bugzilla.suse.com/1228626"
},
{
"category": "self",
"summary": "SUSE Bug 1228633",
"url": "https://bugzilla.suse.com/1228633"
},
{
"category": "self",
"summary": "SUSE Bug 1228635",
"url": "https://bugzilla.suse.com/1228635"
},
{
"category": "self",
"summary": "SUSE Bug 1228636",
"url": "https://bugzilla.suse.com/1228636"
},
{
"category": "self",
"summary": "SUSE Bug 1228640",
"url": "https://bugzilla.suse.com/1228640"
},
{
"category": "self",
"summary": "SUSE Bug 1228643",
"url": "https://bugzilla.suse.com/1228643"
},
{
"category": "self",
"summary": "SUSE Bug 1228644",
"url": "https://bugzilla.suse.com/1228644"
},
{
"category": "self",
"summary": "SUSE Bug 1228646",
"url": "https://bugzilla.suse.com/1228646"
},
{
"category": "self",
"summary": "SUSE Bug 1228649",
"url": "https://bugzilla.suse.com/1228649"
},
{
"category": "self",
"summary": "SUSE Bug 1228650",
"url": "https://bugzilla.suse.com/1228650"
},
{
"category": "self",
"summary": "SUSE Bug 1228654",
"url": "https://bugzilla.suse.com/1228654"
},
{
"category": "self",
"summary": "SUSE Bug 1228655",
"url": "https://bugzilla.suse.com/1228655"
},
{
"category": "self",
"summary": "SUSE Bug 1228656",
"url": "https://bugzilla.suse.com/1228656"
},
{
"category": "self",
"summary": "SUSE Bug 1228658",
"url": "https://bugzilla.suse.com/1228658"
},
{
"category": "self",
"summary": "SUSE Bug 1228660",
"url": "https://bugzilla.suse.com/1228660"
},
{
"category": "self",
"summary": "SUSE Bug 1228662",
"url": "https://bugzilla.suse.com/1228662"
},
{
"category": "self",
"summary": "SUSE Bug 1228665",
"url": "https://bugzilla.suse.com/1228665"
},
{
"category": "self",
"summary": "SUSE Bug 1228666",
"url": "https://bugzilla.suse.com/1228666"
},
{
"category": "self",
"summary": "SUSE Bug 1228667",
"url": "https://bugzilla.suse.com/1228667"
},
{
"category": "self",
"summary": "SUSE Bug 1228672",
"url": "https://bugzilla.suse.com/1228672"
},
{
"category": "self",
"summary": "SUSE Bug 1228673",
"url": "https://bugzilla.suse.com/1228673"
},
{
"category": "self",
"summary": "SUSE Bug 1228674",
"url": "https://bugzilla.suse.com/1228674"
},
{
"category": "self",
"summary": "SUSE Bug 1228677",
"url": "https://bugzilla.suse.com/1228677"
},
{
"category": "self",
"summary": "SUSE Bug 1228680",
"url": "https://bugzilla.suse.com/1228680"
},
{
"category": "self",
"summary": "SUSE Bug 1228687",
"url": "https://bugzilla.suse.com/1228687"
},
{
"category": "self",
"summary": "SUSE Bug 1228705",
"url": "https://bugzilla.suse.com/1228705"
},
{
"category": "self",
"summary": "SUSE Bug 1228706",
"url": "https://bugzilla.suse.com/1228706"
},
{
"category": "self",
"summary": "SUSE Bug 1228707",
"url": "https://bugzilla.suse.com/1228707"
},
{
"category": "self",
"summary": "SUSE Bug 1228708",
"url": "https://bugzilla.suse.com/1228708"
},
{
"category": "self",
"summary": "SUSE Bug 1228709",
"url": "https://bugzilla.suse.com/1228709"
},
{
"category": "self",
"summary": "SUSE Bug 1228710",
"url": "https://bugzilla.suse.com/1228710"
},
{
"category": "self",
"summary": "SUSE Bug 1228718",
"url": "https://bugzilla.suse.com/1228718"
},
{
"category": "self",
"summary": "SUSE Bug 1228720",
"url": "https://bugzilla.suse.com/1228720"
},
{
"category": "self",
"summary": "SUSE Bug 1228721",
"url": "https://bugzilla.suse.com/1228721"
},
{
"category": "self",
"summary": "SUSE Bug 1228722",
"url": "https://bugzilla.suse.com/1228722"
},
{
"category": "self",
"summary": "SUSE Bug 1228723",
"url": "https://bugzilla.suse.com/1228723"
},
{
"category": "self",
"summary": "SUSE Bug 1228724",
"url": "https://bugzilla.suse.com/1228724"
},
{
"category": "self",
"summary": "SUSE Bug 1228726",
"url": "https://bugzilla.suse.com/1228726"
},
{
"category": "self",
"summary": "SUSE Bug 1228727",
"url": "https://bugzilla.suse.com/1228727"
},
{
"category": "self",
"summary": "SUSE Bug 1228733",
"url": "https://bugzilla.suse.com/1228733"
},
{
"category": "self",
"summary": "SUSE Bug 1228737",
"url": "https://bugzilla.suse.com/1228737"
},
{
"category": "self",
"summary": "SUSE Bug 1228743",
"url": "https://bugzilla.suse.com/1228743"
},
{
"category": "self",
"summary": "SUSE Bug 1228748",
"url": "https://bugzilla.suse.com/1228748"
},
{
"category": "self",
"summary": "SUSE Bug 1228754",
"url": "https://bugzilla.suse.com/1228754"
},
{
"category": "self",
"summary": "SUSE Bug 1228756",
"url": "https://bugzilla.suse.com/1228756"
},
{
"category": "self",
"summary": "SUSE Bug 1228757",
"url": "https://bugzilla.suse.com/1228757"
},
{
"category": "self",
"summary": "SUSE Bug 1228758",
"url": "https://bugzilla.suse.com/1228758"
},
{
"category": "self",
"summary": "SUSE Bug 1228764",
"url": "https://bugzilla.suse.com/1228764"
},
{
"category": "self",
"summary": "SUSE Bug 1228766",
"url": "https://bugzilla.suse.com/1228766"
},
{
"category": "self",
"summary": "SUSE Bug 1228779",
"url": "https://bugzilla.suse.com/1228779"
},
{
"category": "self",
"summary": "SUSE Bug 1228801",
"url": "https://bugzilla.suse.com/1228801"
},
{
"category": "self",
"summary": "SUSE Bug 1228849",
"url": "https://bugzilla.suse.com/1228849"
},
{
"category": "self",
"summary": "SUSE Bug 1228850",
"url": "https://bugzilla.suse.com/1228850"
},
{
"category": "self",
"summary": "SUSE Bug 1228857",
"url": "https://bugzilla.suse.com/1228857"
},
{
"category": "self",
"summary": "SUSE Bug 1228959",
"url": "https://bugzilla.suse.com/1228959"
},
{
"category": "self",
"summary": "SUSE Bug 1228964",
"url": "https://bugzilla.suse.com/1228964"
},
{
"category": "self",
"summary": "SUSE Bug 1228966",
"url": "https://bugzilla.suse.com/1228966"
},
{
"category": "self",
"summary": "SUSE Bug 1228967",
"url": "https://bugzilla.suse.com/1228967"
},
{
"category": "self",
"summary": "SUSE Bug 1228971",
"url": "https://bugzilla.suse.com/1228971"
},
{
"category": "self",
"summary": "SUSE Bug 1228973",
"url": "https://bugzilla.suse.com/1228973"
},
{
"category": "self",
"summary": "SUSE Bug 1228977",
"url": "https://bugzilla.suse.com/1228977"
},
{
"category": "self",
"summary": "SUSE Bug 1228978",
"url": "https://bugzilla.suse.com/1228978"
},
{
"category": "self",
"summary": "SUSE Bug 1228979",
"url": "https://bugzilla.suse.com/1228979"
},
{
"category": "self",
"summary": "SUSE Bug 1228986",
"url": "https://bugzilla.suse.com/1228986"
},
{
"category": "self",
"summary": "SUSE Bug 1228988",
"url": "https://bugzilla.suse.com/1228988"
},
{
"category": "self",
"summary": "SUSE Bug 1228989",
"url": "https://bugzilla.suse.com/1228989"
},
{
"category": "self",
"summary": "SUSE Bug 1228991",
"url": "https://bugzilla.suse.com/1228991"
},
{
"category": "self",
"summary": "SUSE Bug 1228992",
"url": "https://bugzilla.suse.com/1228992"
},
{
"category": "self",
"summary": "SUSE Bug 1229005",
"url": "https://bugzilla.suse.com/1229005"
},
{
"category": "self",
"summary": "SUSE Bug 1229024",
"url": "https://bugzilla.suse.com/1229024"
},
{
"category": "self",
"summary": "SUSE Bug 1229042",
"url": "https://bugzilla.suse.com/1229042"
},
{
"category": "self",
"summary": "SUSE Bug 1229045",
"url": "https://bugzilla.suse.com/1229045"
},
{
"category": "self",
"summary": "SUSE Bug 1229046",
"url": "https://bugzilla.suse.com/1229046"
},
{
"category": "self",
"summary": "SUSE Bug 1229054",
"url": "https://bugzilla.suse.com/1229054"
},
{
"category": "self",
"summary": "SUSE Bug 1229056",
"url": "https://bugzilla.suse.com/1229056"
},
{
"category": "self",
"summary": "SUSE Bug 1229086",
"url": "https://bugzilla.suse.com/1229086"
},
{
"category": "self",
"summary": "SUSE Bug 1229134",
"url": "https://bugzilla.suse.com/1229134"
},
{
"category": "self",
"summary": "SUSE Bug 1229136",
"url": "https://bugzilla.suse.com/1229136"
},
{
"category": "self",
"summary": "SUSE Bug 1229154",
"url": "https://bugzilla.suse.com/1229154"
},
{
"category": "self",
"summary": "SUSE Bug 1229156",
"url": "https://bugzilla.suse.com/1229156"
},
{
"category": "self",
"summary": "SUSE Bug 1229160",
"url": "https://bugzilla.suse.com/1229160"
},
{
"category": "self",
"summary": "SUSE Bug 1229167",
"url": "https://bugzilla.suse.com/1229167"
},
{
"category": "self",
"summary": "SUSE Bug 1229168",
"url": "https://bugzilla.suse.com/1229168"
},
{
"category": "self",
"summary": "SUSE Bug 1229169",
"url": "https://bugzilla.suse.com/1229169"
},
{
"category": "self",
"summary": "SUSE Bug 1229170",
"url": "https://bugzilla.suse.com/1229170"
},
{
"category": "self",
"summary": "SUSE Bug 1229171",
"url": "https://bugzilla.suse.com/1229171"
},
{
"category": "self",
"summary": "SUSE Bug 1229172",
"url": "https://bugzilla.suse.com/1229172"
},
{
"category": "self",
"summary": "SUSE Bug 1229173",
"url": "https://bugzilla.suse.com/1229173"
},
{
"category": "self",
"summary": "SUSE Bug 1229174",
"url": "https://bugzilla.suse.com/1229174"
},
{
"category": "self",
"summary": "SUSE Bug 1229239",
"url": "https://bugzilla.suse.com/1229239"
},
{
"category": "self",
"summary": "SUSE Bug 1229240",
"url": "https://bugzilla.suse.com/1229240"
},
{
"category": "self",
"summary": "SUSE Bug 1229241",
"url": "https://bugzilla.suse.com/1229241"
},
{
"category": "self",
"summary": "SUSE Bug 1229243",
"url": "https://bugzilla.suse.com/1229243"
},
{
"category": "self",
"summary": "SUSE Bug 1229244",
"url": "https://bugzilla.suse.com/1229244"
},
{
"category": "self",
"summary": "SUSE Bug 1229245",
"url": "https://bugzilla.suse.com/1229245"
},
{
"category": "self",
"summary": "SUSE Bug 1229246",
"url": "https://bugzilla.suse.com/1229246"
},
{
"category": "self",
"summary": "SUSE Bug 1229247",
"url": "https://bugzilla.suse.com/1229247"
},
{
"category": "self",
"summary": "SUSE Bug 1229248",
"url": "https://bugzilla.suse.com/1229248"
},
{
"category": "self",
"summary": "SUSE Bug 1229249",
"url": "https://bugzilla.suse.com/1229249"
},
{
"category": "self",
"summary": "SUSE Bug 1229250",
"url": "https://bugzilla.suse.com/1229250"
},
{
"category": "self",
"summary": "SUSE Bug 1229251",
"url": "https://bugzilla.suse.com/1229251"
},
{
"category": "self",
"summary": "SUSE Bug 1229252",
"url": "https://bugzilla.suse.com/1229252"
},
{
"category": "self",
"summary": "SUSE Bug 1229253",
"url": "https://bugzilla.suse.com/1229253"
},
{
"category": "self",
"summary": "SUSE Bug 1229254",
"url": "https://bugzilla.suse.com/1229254"
},
{
"category": "self",
"summary": "SUSE Bug 1229255",
"url": "https://bugzilla.suse.com/1229255"
},
{
"category": "self",
"summary": "SUSE Bug 1229256",
"url": "https://bugzilla.suse.com/1229256"
},
{
"category": "self",
"summary": "SUSE Bug 1229287",
"url": "https://bugzilla.suse.com/1229287"
},
{
"category": "self",
"summary": "SUSE Bug 1229290",
"url": "https://bugzilla.suse.com/1229290"
},
{
"category": "self",
"summary": "SUSE Bug 1229291",
"url": "https://bugzilla.suse.com/1229291"
},
{
"category": "self",
"summary": "SUSE Bug 1229292",
"url": "https://bugzilla.suse.com/1229292"
},
{
"category": "self",
"summary": "SUSE Bug 1229294",
"url": "https://bugzilla.suse.com/1229294"
},
{
"category": "self",
"summary": "SUSE Bug 1229296",
"url": "https://bugzilla.suse.com/1229296"
},
{
"category": "self",
"summary": "SUSE Bug 1229297",
"url": "https://bugzilla.suse.com/1229297"
},
{
"category": "self",
"summary": "SUSE Bug 1229298",
"url": "https://bugzilla.suse.com/1229298"
},
{
"category": "self",
"summary": "SUSE Bug 1229299",
"url": "https://bugzilla.suse.com/1229299"
},
{
"category": "self",
"summary": "SUSE Bug 1229301",
"url": "https://bugzilla.suse.com/1229301"
},
{
"category": "self",
"summary": "SUSE Bug 1229303",
"url": "https://bugzilla.suse.com/1229303"
},
{
"category": "self",
"summary": "SUSE Bug 1229304",
"url": "https://bugzilla.suse.com/1229304"
},
{
"category": "self",
"summary": "SUSE Bug 1229305",
"url": "https://bugzilla.suse.com/1229305"
},
{
"category": "self",
"summary": "SUSE Bug 1229307",
"url": "https://bugzilla.suse.com/1229307"
},
{
"category": "self",
"summary": "SUSE Bug 1229309",
"url": "https://bugzilla.suse.com/1229309"
},
{
"category": "self",
"summary": "SUSE Bug 1229312",
"url": "https://bugzilla.suse.com/1229312"
},
{
"category": "self",
"summary": "SUSE Bug 1229313",
"url": "https://bugzilla.suse.com/1229313"
},
{
"category": "self",
"summary": "SUSE Bug 1229314",
"url": "https://bugzilla.suse.com/1229314"
},
{
"category": "self",
"summary": "SUSE Bug 1229315",
"url": "https://bugzilla.suse.com/1229315"
},
{
"category": "self",
"summary": "SUSE Bug 1229316",
"url": "https://bugzilla.suse.com/1229316"
},
{
"category": "self",
"summary": "SUSE Bug 1229317",
"url": "https://bugzilla.suse.com/1229317"
},
{
"category": "self",
"summary": "SUSE Bug 1229318",
"url": "https://bugzilla.suse.com/1229318"
},
{
"category": "self",
"summary": "SUSE Bug 1229319",
"url": "https://bugzilla.suse.com/1229319"
},
{
"category": "self",
"summary": "SUSE Bug 1229320",
"url": "https://bugzilla.suse.com/1229320"
},
{
"category": "self",
"summary": "SUSE Bug 1229327",
"url": "https://bugzilla.suse.com/1229327"
},
{
"category": "self",
"summary": "SUSE Bug 1229341",
"url": "https://bugzilla.suse.com/1229341"
},
{
"category": "self",
"summary": "SUSE Bug 1229342",
"url": "https://bugzilla.suse.com/1229342"
},
{
"category": "self",
"summary": "SUSE Bug 1229344",
"url": "https://bugzilla.suse.com/1229344"
},
{
"category": "self",
"summary": "SUSE Bug 1229345",
"url": "https://bugzilla.suse.com/1229345"
},
{
"category": "self",
"summary": "SUSE Bug 1229346",
"url": "https://bugzilla.suse.com/1229346"
},
{
"category": "self",
"summary": "SUSE Bug 1229347",
"url": "https://bugzilla.suse.com/1229347"
},
{
"category": "self",
"summary": "SUSE Bug 1229349",
"url": "https://bugzilla.suse.com/1229349"
},
{
"category": "self",
"summary": "SUSE Bug 1229350",
"url": "https://bugzilla.suse.com/1229350"
},
{
"category": "self",
"summary": "SUSE Bug 1229351",
"url": "https://bugzilla.suse.com/1229351"
},
{
"category": "self",
"summary": "SUSE Bug 1229353",
"url": "https://bugzilla.suse.com/1229353"
},
{
"category": "self",
"summary": "SUSE Bug 1229354",
"url": "https://bugzilla.suse.com/1229354"
},
{
"category": "self",
"summary": "SUSE Bug 1229355",
"url": "https://bugzilla.suse.com/1229355"
},
{
"category": "self",
"summary": "SUSE Bug 1229356",
"url": "https://bugzilla.suse.com/1229356"
},
{
"category": "self",
"summary": "SUSE Bug 1229357",
"url": "https://bugzilla.suse.com/1229357"
},
{
"category": "self",
"summary": "SUSE Bug 1229358",
"url": "https://bugzilla.suse.com/1229358"
},
{
"category": "self",
"summary": "SUSE Bug 1229359",
"url": "https://bugzilla.suse.com/1229359"
},
{
"category": "self",
"summary": "SUSE Bug 1229360",
"url": "https://bugzilla.suse.com/1229360"
},
{
"category": "self",
"summary": "SUSE Bug 1229365",
"url": "https://bugzilla.suse.com/1229365"
},
{
"category": "self",
"summary": "SUSE Bug 1229366",
"url": "https://bugzilla.suse.com/1229366"
},
{
"category": "self",
"summary": "SUSE Bug 1229369",
"url": "https://bugzilla.suse.com/1229369"
},
{
"category": "self",
"summary": "SUSE Bug 1229370",
"url": "https://bugzilla.suse.com/1229370"
},
{
"category": "self",
"summary": "SUSE Bug 1229373",
"url": "https://bugzilla.suse.com/1229373"
},
{
"category": "self",
"summary": "SUSE Bug 1229374",
"url": "https://bugzilla.suse.com/1229374"
},
{
"category": "self",
"summary": "SUSE Bug 1229379",
"url": "https://bugzilla.suse.com/1229379"
},
{
"category": "self",
"summary": "SUSE Bug 1229381",
"url": "https://bugzilla.suse.com/1229381"
},
{
"category": "self",
"summary": "SUSE Bug 1229382",
"url": "https://bugzilla.suse.com/1229382"
},
{
"category": "self",
"summary": "SUSE Bug 1229383",
"url": "https://bugzilla.suse.com/1229383"
},
{
"category": "self",
"summary": "SUSE Bug 1229386",
"url": "https://bugzilla.suse.com/1229386"
},
{
"category": "self",
"summary": "SUSE Bug 1229388",
"url": "https://bugzilla.suse.com/1229388"
},
{
"category": "self",
"summary": "SUSE Bug 1229390",
"url": "https://bugzilla.suse.com/1229390"
},
{
"category": "self",
"summary": "SUSE Bug 1229391",
"url": "https://bugzilla.suse.com/1229391"
},
{
"category": "self",
"summary": "SUSE Bug 1229392",
"url": "https://bugzilla.suse.com/1229392"
},
{
"category": "self",
"summary": "SUSE Bug 1229395",
"url": "https://bugzilla.suse.com/1229395"
},
{
"category": "self",
"summary": "SUSE Bug 1229398",
"url": "https://bugzilla.suse.com/1229398"
},
{
"category": "self",
"summary": "SUSE Bug 1229399",
"url": "https://bugzilla.suse.com/1229399"
},
{
"category": "self",
"summary": "SUSE Bug 1229400",
"url": "https://bugzilla.suse.com/1229400"
},
{
"category": "self",
"summary": "SUSE Bug 1229402",
"url": "https://bugzilla.suse.com/1229402"
},
{
"category": "self",
"summary": "SUSE Bug 1229403",
"url": "https://bugzilla.suse.com/1229403"
},
{
"category": "self",
"summary": "SUSE Bug 1229404",
"url": "https://bugzilla.suse.com/1229404"
},
{
"category": "self",
"summary": "SUSE Bug 1229407",
"url": "https://bugzilla.suse.com/1229407"
},
{
"category": "self",
"summary": "SUSE Bug 1229409",
"url": "https://bugzilla.suse.com/1229409"
},
{
"category": "self",
"summary": "SUSE Bug 1229410",
"url": "https://bugzilla.suse.com/1229410"
},
{
"category": "self",
"summary": "SUSE Bug 1229411",
"url": "https://bugzilla.suse.com/1229411"
},
{
"category": "self",
"summary": "SUSE Bug 1229413",
"url": "https://bugzilla.suse.com/1229413"
},
{
"category": "self",
"summary": "SUSE Bug 1229414",
"url": "https://bugzilla.suse.com/1229414"
},
{
"category": "self",
"summary": "SUSE Bug 1229417",
"url": "https://bugzilla.suse.com/1229417"
},
{
"category": "self",
"summary": "SUSE Bug 1229444",
"url": "https://bugzilla.suse.com/1229444"
},
{
"category": "self",
"summary": "SUSE Bug 1229451",
"url": "https://bugzilla.suse.com/1229451"
},
{
"category": "self",
"summary": "SUSE Bug 1229452",
"url": "https://bugzilla.suse.com/1229452"
},
{
"category": "self",
"summary": "SUSE Bug 1229455",
"url": "https://bugzilla.suse.com/1229455"
},
{
"category": "self",
"summary": "SUSE Bug 1229456",
"url": "https://bugzilla.suse.com/1229456"
},
{
"category": "self",
"summary": "SUSE Bug 1229480",
"url": "https://bugzilla.suse.com/1229480"
},
{
"category": "self",
"summary": "SUSE Bug 1229481",
"url": "https://bugzilla.suse.com/1229481"
},
{
"category": "self",
"summary": "SUSE Bug 1229482",
"url": "https://bugzilla.suse.com/1229482"
},
{
"category": "self",
"summary": "SUSE Bug 1229484",
"url": "https://bugzilla.suse.com/1229484"
},
{
"category": "self",
"summary": "SUSE Bug 1229485",
"url": "https://bugzilla.suse.com/1229485"
},
{
"category": "self",
"summary": "SUSE Bug 1229486",
"url": "https://bugzilla.suse.com/1229486"
},
{
"category": "self",
"summary": "SUSE Bug 1229487",
"url": "https://bugzilla.suse.com/1229487"
},
{
"category": "self",
"summary": "SUSE Bug 1229488",
"url": "https://bugzilla.suse.com/1229488"
},
{
"category": "self",
"summary": "SUSE Bug 1229489",
"url": "https://bugzilla.suse.com/1229489"
},
{
"category": "self",
"summary": "SUSE Bug 1229490",
"url": "https://bugzilla.suse.com/1229490"
},
{
"category": "self",
"summary": "SUSE Bug 1229493",
"url": "https://bugzilla.suse.com/1229493"
},
{
"category": "self",
"summary": "SUSE Bug 1229495",
"url": "https://bugzilla.suse.com/1229495"
},
{
"category": "self",
"summary": "SUSE Bug 1229496",
"url": "https://bugzilla.suse.com/1229496"
},
{
"category": "self",
"summary": "SUSE Bug 1229497",
"url": "https://bugzilla.suse.com/1229497"
},
{
"category": "self",
"summary": "SUSE Bug 1229500",
"url": "https://bugzilla.suse.com/1229500"
},
{
"category": "self",
"summary": "SUSE Bug 1229503",
"url": "https://bugzilla.suse.com/1229503"
},
{
"category": "self",
"summary": "SUSE Bug 1229707",
"url": "https://bugzilla.suse.com/1229707"
},
{
"category": "self",
"summary": "SUSE Bug 1229739",
"url": "https://bugzilla.suse.com/1229739"
},
{
"category": "self",
"summary": "SUSE Bug 1229743",
"url": "https://bugzilla.suse.com/1229743"
},
{
"category": "self",
"summary": "SUSE Bug 1229746",
"url": "https://bugzilla.suse.com/1229746"
},
{
"category": "self",
"summary": "SUSE Bug 1229747",
"url": "https://bugzilla.suse.com/1229747"
},
{
"category": "self",
"summary": "SUSE Bug 1229752",
"url": "https://bugzilla.suse.com/1229752"
},
{
"category": "self",
"summary": "SUSE Bug 1229754",
"url": "https://bugzilla.suse.com/1229754"
},
{
"category": "self",
"summary": "SUSE Bug 1229755",
"url": "https://bugzilla.suse.com/1229755"
},
{
"category": "self",
"summary": "SUSE Bug 1229756",
"url": "https://bugzilla.suse.com/1229756"
},
{
"category": "self",
"summary": "SUSE Bug 1229759",
"url": "https://bugzilla.suse.com/1229759"
},
{
"category": "self",
"summary": "SUSE Bug 1229761",
"url": "https://bugzilla.suse.com/1229761"
},
{
"category": "self",
"summary": "SUSE Bug 1229767",
"url": "https://bugzilla.suse.com/1229767"
},
{
"category": "self",
"summary": "SUSE Bug 1229781",
"url": "https://bugzilla.suse.com/1229781"
},
{
"category": "self",
"summary": "SUSE Bug 1229784",
"url": "https://bugzilla.suse.com/1229784"
},
{
"category": "self",
"summary": "SUSE Bug 1229785",
"url": "https://bugzilla.suse.com/1229785"
},
{
"category": "self",
"summary": "SUSE Bug 1229787",
"url": "https://bugzilla.suse.com/1229787"
},
{
"category": "self",
"summary": "SUSE Bug 1229788",
"url": "https://bugzilla.suse.com/1229788"
},
{
"category": "self",
"summary": "SUSE Bug 1229789",
"url": "https://bugzilla.suse.com/1229789"
},
{
"category": "self",
"summary": "SUSE Bug 1229792",
"url": "https://bugzilla.suse.com/1229792"
},
{
"category": "self",
"summary": "SUSE Bug 1229820",
"url": "https://bugzilla.suse.com/1229820"
},
{
"category": "self",
"summary": "SUSE Bug 1229827",
"url": "https://bugzilla.suse.com/1229827"
},
{
"category": "self",
"summary": "SUSE Bug 1229830",
"url": "https://bugzilla.suse.com/1229830"
},
{
"category": "self",
"summary": "SUSE Bug 1229837",
"url": "https://bugzilla.suse.com/1229837"
},
{
"category": "self",
"summary": "SUSE Bug 1229940",
"url": "https://bugzilla.suse.com/1229940"
},
{
"category": "self",
"summary": "SUSE Bug 1230056",
"url": "https://bugzilla.suse.com/1230056"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52489 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52581 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52668 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52688 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52859 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52885 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52886 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52887 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52889 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26590 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26590/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26631 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26637 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26668 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26669 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26677 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26682 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26682/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26683 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26735 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26808 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26808/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26809 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26812 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26835 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26837 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26849 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26851 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26976 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26976/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27010 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27011 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27024 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27024/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27049 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27050 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27050/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27403 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27403/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27433 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27433/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27437 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-31076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-31076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35855 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35897 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35897/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35902 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35913 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35939 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35939/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35949 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36270 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36270/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36286 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36288 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36489 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36881 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36907 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36929 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36933 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36939 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36939/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36970 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36979 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38563 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38609 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38609/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38662 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39476 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39476/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39483 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39483/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39484 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39484/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39486 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39486/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39488 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39489 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39491 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39491/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39493 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39493/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39497 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39497/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39499 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39500 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39501 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39501/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39505 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39506 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39508 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39509 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39509/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39510 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39510/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40899 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40899/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40900 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40902 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40903 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40904 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40905 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40909 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40910 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40911 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40912 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40913 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40916 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40916/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40920 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40921 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40921/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40922 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40924 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40926 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40927 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40929 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40930 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40932 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40934 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40936 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40936/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40938 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40939 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40939/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40941 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40941/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40942 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40942/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40943 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40944 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40944/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40945 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40954 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40956 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40957 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40958 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40959 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40962 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40964 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40967 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40976 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40976/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40977 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40977/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40978 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40981 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40982 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40984 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40987 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40988 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40989 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40989/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40990 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40990/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40992 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40992/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40995 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40997 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41000 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41001 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41002 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41004 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41004/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41007 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41010 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41012 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41015 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41015/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41016 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41020 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41022 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41024 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41024/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41025 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41025/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41028 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41028/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41032 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41035 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41036 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41037 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41037/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41038 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41038/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41039 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41040 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41040/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41041 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41041/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41044 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41045 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41045/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41048 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41048/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41049 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41050 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41050/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41051 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41058 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41059 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41060 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41061 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41062 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41064 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41065 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41065/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41066 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41066/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41068 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41069 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41070 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41070/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41071 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41072 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41074 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41075 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41075/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41078 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41080 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41081 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41081/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41084 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41087 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41088 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41089 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41092 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41092/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41093 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41094 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41094/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41095 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41096 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41097 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41098 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42064 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42069 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42070 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42070/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42074 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42077 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42080 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42082 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42087 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42089 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42090 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42092 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42092/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42093 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42095 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42096 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42097 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42098 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42101 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42104 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42105 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42106 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42107 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42109 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42110 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42113 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42114 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42117 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42119 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42120 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42121 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42122 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42124 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42125 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42126 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42127 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42130 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42131 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42132 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42132/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42133 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42136 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42137 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42137/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42138 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42139 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42141 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42142 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42143 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42144 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42144/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42145 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42148 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42152 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42153 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42155 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42156 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42157 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42158 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42159 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42161 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42161/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42162 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42162/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42223 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42223/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42225 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42226 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42227 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42227/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42228 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42228/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42229 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42230 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42232 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42236 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42237 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42237/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42238 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42238/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42240 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42240/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42241 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42241/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42244 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42245 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42245/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42246 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42246/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42247 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42247/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42250 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42250/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42253 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42253/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42259 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42259/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42268 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42268/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42269 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42269/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42270 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42270/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42271 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42271/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42274 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42276 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42276/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42277 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42277/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42278 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42278/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42279 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42279/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42280 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42280/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42281 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42281/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42283 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42284 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42285 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42286 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42287 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42288 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42289 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42290 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42291 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42292 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42295 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42295/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42298 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42298/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42301 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42302 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42303 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42303/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42308 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42308/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42309 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42309/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42310 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42310/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42311 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42311/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42312 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42312/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42313 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42313/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42314 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42314/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42315 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42315/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42316 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42316/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42318 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42318/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42319 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42320 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42320/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42322 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42322/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43816 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43817 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43818 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43819 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43821 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43823 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43824 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43825 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43826 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43829 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43830 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43831 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43833 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43834 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43837 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43839 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43840 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43841 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43842 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43846 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43847 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43849 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43850 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43851 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43853 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43854 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43855 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43856 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43858 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43860 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43861 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43863 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43864 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43866 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43867 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43867/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43871 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43872 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43873 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43874 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43875 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43876 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43877 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43879 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43879/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43880 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43880/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43881 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43882 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43883 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43885 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43889 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43892 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43893 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43894 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43894/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43895 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43897 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43897/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43899 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43899/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43900 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43902 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43903 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43905 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43906 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43907 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43908 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43908/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43909 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43911 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43912 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44931 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44938 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44939 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44939/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-02-03T08:54:39Z",
"generator": {
"date": "2025-02-03T08:54:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20044-1",
"initial_release_date": "2025-02-03T08:54:39Z",
"revision_history": [
{
"date": "2025-02-03T08:54:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-19.1.aarch64",
"product": {
"name": "kernel-default-6.4.0-19.1.aarch64",
"product_id": "kernel-default-6.4.0-19.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-17.1.1.51.aarch64",
"product": {
"name": "kernel-default-base-6.4.0-17.1.1.51.aarch64",
"product_id": "kernel-default-base-6.4.0-17.1.1.51.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.4.0-19.1.noarch",
"product": {
"name": "kernel-devel-6.4.0-19.1.noarch",
"product_id": "kernel-devel-6.4.0-19.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.4.0-19.1.noarch",
"product": {
"name": "kernel-macros-6.4.0-19.1.noarch",
"product_id": "kernel-macros-6.4.0-19.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-6.4.0-19.1.noarch",
"product": {
"name": "kernel-source-6.4.0-19.1.noarch",
"product_id": "kernel-source-6.4.0-19.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-19.1.s390x",
"product": {
"name": "kernel-default-6.4.0-19.1.s390x",
"product_id": "kernel-default-6.4.0-19.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-19.1.s390x",
"product": {
"name": "kernel-default-livepatch-6.4.0-19.1.s390x",
"product_id": "kernel-default-livepatch-6.4.0-19.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"product_id": "kernel-livepatch-6_4_0-19-default-1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-19.1.x86_64",
"product": {
"name": "kernel-default-6.4.0-19.1.x86_64",
"product_id": "kernel-default-6.4.0-19.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-17.1.1.51.x86_64",
"product": {
"name": "kernel-default-base-6.4.0-17.1.1.51.x86_64",
"product_id": "kernel-default-base-6.4.0-17.1.1.51.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-19.1.x86_64",
"product": {
"name": "kernel-default-livepatch-6.4.0-19.1.x86_64",
"product_id": "kernel-default-livepatch-6.4.0-19.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-6.4.0-19.1.x86_64",
"product": {
"name": "kernel-kvmsmall-6.4.0-19.1.x86_64",
"product_id": "kernel-kvmsmall-6.4.0-19.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-19-default-1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-19.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64"
},
"product_reference": "kernel-default-6.4.0-19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-19.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x"
},
"product_reference": "kernel-default-6.4.0-19.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-19.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64"
},
"product_reference": "kernel-default-6.4.0-19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-17.1.1.51.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64"
},
"product_reference": "kernel-default-base-6.4.0-17.1.1.51.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-17.1.1.51.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64"
},
"product_reference": "kernel-default-base-6.4.0-17.1.1.51.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-19.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x"
},
"product_reference": "kernel-default-livepatch-6.4.0-19.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-19.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64"
},
"product_reference": "kernel-default-livepatch-6.4.0-19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.4.0-19.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch"
},
"product_reference": "kernel-devel-6.4.0-19.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-6.4.0-19.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64"
},
"product_reference": "kernel-kvmsmall-6.4.0-19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-19-default-1-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-19-default-1-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.4.0-19.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch"
},
"product_reference": "kernel-macros-6.4.0-19.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.4.0-19.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
},
"product_reference": "kernel-source-6.4.0-19.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52489"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/sparsemem: fix race in accessing memory_section-\u003eusage\n\nThe below race is observed on a PFN which falls into the device memory\nregion with the system memory configuration where PFN\u0027s are such that\n[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL]. Since normal zone start and end\npfn contains the device memory PFN\u0027s as well, the compaction triggered\nwill try on the device memory PFN\u0027s too though they end up in NOP(because\npfn_to_online_page() returns NULL for ZONE_DEVICE memory sections). When\nfrom other core, the section mappings are being removed for the\nZONE_DEVICE region, that the PFN in question belongs to, on which\ncompaction is currently being operated is resulting into the kernel crash\nwith CONFIG_SPASEMEM_VMEMAP enabled. The crash logs can be seen at [1].\n\ncompact_zone()\t\t\tmemunmap_pages\n-------------\t\t\t---------------\n__pageblock_pfn_to_page\n ......\n (a)pfn_valid():\n valid_section()//return true\n\t\t\t (b)__remove_pages()-\u003e\n\t\t\t\t sparse_remove_section()-\u003e\n\t\t\t\t section_deactivate():\n\t\t\t\t [Free the array ms-\u003eusage and set\n\t\t\t\t ms-\u003eusage = NULL]\n pfn_section_valid()\n [Access ms-\u003eusage which\n is NULL]\n\nNOTE: From the above it can be said that the race is reduced to between\nthe pfn_valid()/pfn_section_valid() and the section deactivate with\nSPASEMEM_VMEMAP enabled.\n\nThe commit b943f045a9af(\"mm/sparse: fix kernel crash with\npfn_section_valid check\") tried to address the same problem by clearing\nthe SECTION_HAS_MEM_MAP with the expectation of valid_section() returns\nfalse thus ms-\u003eusage is not accessed.\n\nFix this issue by the below steps:\n\na) Clear SECTION_HAS_MEM_MAP before freeing the -\u003eusage.\n\nb) RCU protected read side critical section will either return NULL\n when SECTION_HAS_MEM_MAP is cleared or can successfully access -\u003eusage.\n\nc) Free the -\u003eusage with kfree_rcu() and set ms-\u003eusage = NULL. No\n attempt will be made to access -\u003eusage after this as the\n SECTION_HAS_MEM_MAP is cleared thus valid_section() return false.\n\nThanks to David/Pavan for their inputs on this patch.\n\n[1] https://lore.kernel.org/linux-mm/994410bb-89aa-d987-1f50-f514903c55aa@quicinc.com/\n\nOn Snapdragon SoC, with the mentioned memory configuration of PFN\u0027s as\n[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL], we are able to see bunch of\nissues daily while testing on a device farm.\n\nFor this particular issue below is the log. Though the below log is\nnot directly pointing to the pfn_section_valid(){ ms-\u003eusage;}, when we\nloaded this dump on T32 lauterbach tool, it is pointing.\n\n[ 540.578056] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000000\n[ 540.578068] Mem abort info:\n[ 540.578070] ESR = 0x0000000096000005\n[ 540.578073] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 540.578077] SET = 0, FnV = 0\n[ 540.578080] EA = 0, S1PTW = 0\n[ 540.578082] FSC = 0x05: level 1 translation fault\n[ 540.578085] Data abort info:\n[ 540.578086] ISV = 0, ISS = 0x00000005\n[ 540.578088] CM = 0, WnR = 0\n[ 540.579431] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBSBTYPE=--)\n[ 540.579436] pc : __pageblock_pfn_to_page+0x6c/0x14c\n[ 540.579454] lr : compact_zone+0x994/0x1058\n[ 540.579460] sp : ffffffc03579b510\n[ 540.579463] x29: ffffffc03579b510 x28: 0000000000235800 x27:000000000000000c\n[ 540.579470] x26: 0000000000235c00 x25: 0000000000000068 x24:ffffffc03579b640\n[ 540.579477] x23: 0000000000000001 x22: ffffffc03579b660 x21:0000000000000000\n[ 540.579483] x20: 0000000000235bff x19: ffffffdebf7e3940 x18:ffffffdebf66d140\n[ 540.579489] x17: 00000000739ba063 x16: 00000000739ba063 x15:00000000009f4bff\n[ 540.579495] x14: 0000008000000000 x13: 0000000000000000 x12:0000000000000001\n[ 540.579501] x11: 0000000000000000 x10: 0000000000000000 x9 :ffffff897d2cd440\n[ 540.579507] x8 : 0000000000000000 x7 : 0000000000000000 x6 :ffffffc03579b5b4\n[ 540.579512] x5 : 0000000000027f25 x4 : ffffffc03579b5b8 x3 :0000000000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52489",
"url": "https://www.suse.com/security/cve/CVE-2023-52489"
},
{
"category": "external",
"summary": "SUSE Bug 1221326 for CVE-2023-52489",
"url": "https://bugzilla.suse.com/1221326"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2023-52489"
},
{
"cve": "CVE-2023-52581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52581"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix memleak when more than 255 elements expired\n\nWhen more than 255 elements expired we\u0027re supposed to switch to a new gc\ncontainer structure.\n\nThis never happens: u8 type will wrap before reaching the boundary\nand nft_trans_gc_space() always returns true.\n\nThis means we recycle the initial gc container structure and\nlose track of the elements that came before.\n\nWhile at it, don\u0027t deref \u0027gc\u0027 after we\u0027ve passed it to call_rcu.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52581",
"url": "https://www.suse.com/security/cve/CVE-2023-52581"
},
{
"category": "external",
"summary": "SUSE Bug 1220877 for CVE-2023-52581",
"url": "https://bugzilla.suse.com/1220877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2023-52581"
},
{
"cve": "CVE-2023-52668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: fix lock ordering in btrfs_zone_activate()\n\nThe btrfs CI reported a lockdep warning as follows by running generic\ngeneric/129.\n\n WARNING: possible circular locking dependency detected\n 6.7.0-rc5+ #1 Not tainted\n ------------------------------------------------------\n kworker/u5:5/793427 is trying to acquire lock:\n ffff88813256d028 (\u0026cache-\u003elock){+.+.}-{2:2}, at: btrfs_zone_finish_one_bg+0x5e/0x130\n but task is already holding lock:\n ffff88810a23a318 (\u0026fs_info-\u003ezone_active_bgs_lock){+.+.}-{2:2}, at: btrfs_zone_finish_one_bg+0x34/0x130\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n -\u003e #1 (\u0026fs_info-\u003ezone_active_bgs_lock){+.+.}-{2:2}:\n ...\n -\u003e #0 (\u0026cache-\u003elock){+.+.}-{2:2}:\n ...\n\nThis is because we take fs_info-\u003ezone_active_bgs_lock after a block_group\u0027s\nlock in btrfs_zone_activate() while doing the opposite in other places.\n\nFix the issue by expanding the fs_info-\u003ezone_active_bgs_lock\u0027s critical\nsection and taking it before a block_group\u0027s lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52668",
"url": "https://www.suse.com/security/cve/CVE-2023-52668"
},
{
"category": "external",
"summary": "SUSE Bug 1224690 for CVE-2023-52668",
"url": "https://bugzilla.suse.com/1224690"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2023-52668"
},
{
"cve": "CVE-2023-52688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix the error handler of rfkill config\n\nWhen the core rfkill config throws error, it should free the\nallocated resources. Currently it is not freeing the core pdev\ncreate resources. Avoid this issue by calling the core pdev\ndestroy in the error handler of core rfkill config.\n\nFound this issue in the code review and it is compile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52688",
"url": "https://www.suse.com/security/cve/CVE-2023-52688"
},
{
"category": "external",
"summary": "SUSE Bug 1224631 for CVE-2023-52688",
"url": "https://bugzilla.suse.com/1224631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2023-52688"
},
{
"cve": "CVE-2023-52859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52859"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: hisi: Fix use-after-free when register pmu fails\n\nWhen we fail to register the uncore pmu, the pmu context may not been\nallocated. The error handing will call cpuhp_state_remove_instance()\nto call uncore pmu offline callback, which migrate the pmu context.\nSince that\u0027s liable to lead to some kind of use-after-free.\n\nUse cpuhp_state_remove_instance_nocalls() instead of\ncpuhp_state_remove_instance() so that the notifiers don\u0027t execute after\nthe PMU device has been failed to register.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52859",
"url": "https://www.suse.com/security/cve/CVE-2023-52859"
},
{
"category": "external",
"summary": "SUSE Bug 1225582 for CVE-2023-52859",
"url": "https://bugzilla.suse.com/1225582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2023-52859"
},
{
"cve": "CVE-2023-52885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix UAF in svc_tcp_listen_data_ready()\n\nAfter the listener svc_sock is freed, and before invoking svc_tcp_accept()\nfor the established child sock, there is a window that the newsock\nretaining a freed listener svc_sock in sk_user_data which cloning from\nparent. In the race window, if data is received on the newsock, we will\nobserve use-after-free report in svc_tcp_listen_data_ready().\n\nReproduce by two tasks:\n\n1. while :; do rpc.nfsd 0 ; rpc.nfsd; done\n2. while :; do echo \"\" | ncat -4 127.0.0.1 2049 ; done\n\nKASAN report:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc]\n Read of size 8 at addr ffff888139d96228 by task nc/102553\n CPU: 7 PID: 102553 Comm: nc Not tainted 6.3.0+ #18\n Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\n Call Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x33/0x50\n print_address_description.constprop.0+0x27/0x310\n print_report+0x3e/0x70\n kasan_report+0xae/0xe0\n svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc]\n tcp_data_queue+0x9f4/0x20e0\n tcp_rcv_established+0x666/0x1f60\n tcp_v4_do_rcv+0x51c/0x850\n tcp_v4_rcv+0x23fc/0x2e80\n ip_protocol_deliver_rcu+0x62/0x300\n ip_local_deliver_finish+0x267/0x350\n ip_local_deliver+0x18b/0x2d0\n ip_rcv+0x2fb/0x370\n __netif_receive_skb_one_core+0x166/0x1b0\n process_backlog+0x24c/0x5e0\n __napi_poll+0xa2/0x500\n net_rx_action+0x854/0xc90\n __do_softirq+0x1bb/0x5de\n do_softirq+0xcb/0x100\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n ...\n \u003c/TASK\u003e\n\n Allocated by task 102371:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n __kasan_kmalloc+0x7b/0x90\n svc_setup_socket+0x52/0x4f0 [sunrpc]\n svc_addsock+0x20d/0x400 [sunrpc]\n __write_ports_addfd+0x209/0x390 [nfsd]\n write_ports+0x239/0x2c0 [nfsd]\n nfsctl_transaction_write+0xac/0x110 [nfsd]\n vfs_write+0x1c3/0xae0\n ksys_write+0xed/0x1c0\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\n Freed by task 102551:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x2a/0x50\n __kasan_slab_free+0x106/0x190\n __kmem_cache_free+0x133/0x270\n svc_xprt_free+0x1e2/0x350 [sunrpc]\n svc_xprt_destroy_all+0x25a/0x440 [sunrpc]\n nfsd_put+0x125/0x240 [nfsd]\n nfsd_svc+0x2cb/0x3c0 [nfsd]\n write_threads+0x1ac/0x2a0 [nfsd]\n nfsctl_transaction_write+0xac/0x110 [nfsd]\n vfs_write+0x1c3/0xae0\n ksys_write+0xed/0x1c0\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nFix the UAF by simply doing nothing in svc_tcp_listen_data_ready()\nif state != TCP_LISTEN, that will avoid dereferencing svsk for all\nchild socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52885",
"url": "https://www.suse.com/security/cve/CVE-2023-52885"
},
{
"category": "external",
"summary": "SUSE Bug 1227750 for CVE-2023-52885",
"url": "https://bugzilla.suse.com/1227750"
},
{
"category": "external",
"summary": "SUSE Bug 1227753 for CVE-2023-52885",
"url": "https://bugzilla.suse.com/1227753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2023-52885"
},
{
"cve": "CVE-2023-52886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Fix race by not overwriting udev-\u003edescriptor in hub_port_init()\n\nSyzbot reported an out-of-bounds read in sysfs.c:read_descriptors():\n\nBUG: KASAN: slab-out-of-bounds in read_descriptors+0x263/0x280 drivers/usb/core/sysfs.c:883\nRead of size 8 at addr ffff88801e78b8c8 by task udevd/5011\n\nCPU: 0 PID: 5011 Comm: udevd Not tainted 6.4.0-rc6-syzkaller-00195-g40f71e7cd3c6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106\n print_address_description.constprop.0+0x2c/0x3c0 mm/kasan/report.c:351\n print_report mm/kasan/report.c:462 [inline]\n kasan_report+0x11c/0x130 mm/kasan/report.c:572\n read_descriptors+0x263/0x280 drivers/usb/core/sysfs.c:883\n...\nAllocated by task 758:\n...\n __do_kmalloc_node mm/slab_common.c:966 [inline]\n __kmalloc+0x5e/0x190 mm/slab_common.c:979\n kmalloc include/linux/slab.h:563 [inline]\n kzalloc include/linux/slab.h:680 [inline]\n usb_get_configuration+0x1f7/0x5170 drivers/usb/core/config.c:887\n usb_enumerate_device drivers/usb/core/hub.c:2407 [inline]\n usb_new_device+0x12b0/0x19d0 drivers/usb/core/hub.c:2545\n\nAs analyzed by Khazhy Kumykov, the cause of this bug is a race between\nread_descriptors() and hub_port_init(): The first routine uses a field\nin udev-\u003edescriptor, not expecting it to change, while the second\noverwrites it.\n\nPrior to commit 45bf39f8df7f (\"USB: core: Don\u0027t hold device lock while\nreading the \"descriptors\" sysfs file\") this race couldn\u0027t occur,\nbecause the routines were mutually exclusive thanks to the device\nlocking. Removing that locking from read_descriptors() exposed it to\nthe race.\n\nThe best way to fix the bug is to keep hub_port_init() from changing\nudev-\u003edescriptor once udev has been initialized and registered.\nDrivers expect the descriptors stored in the kernel to be immutable;\nwe should not undermine this expectation. In fact, this change should\nhave been made long ago.\n\nSo now hub_port_init() will take an additional argument, specifying a\nbuffer in which to store the device descriptor it reads. (If udev has\nnot yet been initialized, the buffer pointer will be NULL and then\nhub_port_init() will store the device descriptor in udev as before.)\nThis eliminates the data race responsible for the out-of-bounds read.\n\nThe changes to hub_port_init() appear more extensive than they really\nare, because of indentation changes resulting from an attempt to avoid\nwriting to other parts of the usb_device structure after it has been\ninitialized. Similar changes should be made to the code that reads\nthe BOS descriptor, but that can be handled in a separate patch later\non. This patch is sufficient to fix the bug found by syzbot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52886",
"url": "https://www.suse.com/security/cve/CVE-2023-52886"
},
{
"category": "external",
"summary": "SUSE Bug 1227981 for CVE-2023-52886",
"url": "https://bugzilla.suse.com/1227981"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2023-52886"
},
{
"cve": "CVE-2023-52887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52887"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new\n\nThis patch enhances error handling in scenarios with RTS (Request to\nSend) messages arriving closely. It replaces the less informative WARN_ON_ONCE\nbacktraces with a new error handling method. This provides clearer error\nmessages and allows for the early termination of problematic sessions.\nPreviously, sessions were only released at the end of j1939_xtp_rx_rts().\n\nPotentially this could be reproduced with something like:\ntestj1939 -r vcan0:0x80 \u0026\nwhile true; do\n\t# send first RTS\n\tcansend vcan0 18EC8090#1014000303002301;\n\t# send second RTS\n\tcansend vcan0 18EC8090#1014000303002301;\n\t# send abort\n\tcansend vcan0 18EC8090#ff00000000002301;\ndone",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52887",
"url": "https://www.suse.com/security/cve/CVE-2023-52887"
},
{
"category": "external",
"summary": "SUSE Bug 1228426 for CVE-2023-52887",
"url": "https://bugzilla.suse.com/1228426"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2023-52887"
},
{
"cve": "CVE-2023-52889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix null pointer deref when receiving skb during sock creation\n\nThe panic below is observed when receiving ICMP packets with secmark set\nwhile an ICMP raw socket is being created. SK_CTX(sk)-\u003elabel is updated\nin apparmor_socket_post_create(), but the packet is delivered to the\nsocket before that, causing the null pointer dereference.\nDrop the packet if label context is not set.\n\n BUG: kernel NULL pointer dereference, address: 000000000000004c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df\n Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020\n RIP: 0010:aa_label_next_confined+0xb/0x40\n Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 \u003c8b\u003e 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2\n RSP: 0018:ffffa92940003b08 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e\n RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002\n R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400\n R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000\n FS: 00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? exc_page_fault+0x7f/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? aa_label_next_confined+0xb/0x40\n apparmor_secmark_check+0xec/0x330\n security_sock_rcv_skb+0x35/0x50\n sk_filter_trim_cap+0x47/0x250\n sock_queue_rcv_skb_reason+0x20/0x60\n raw_rcv+0x13c/0x210\n raw_local_deliver+0x1f3/0x250\n ip_protocol_deliver_rcu+0x4f/0x2f0\n ip_local_deliver_finish+0x76/0xa0\n __netif_receive_skb_one_core+0x89/0xa0\n netif_receive_skb+0x119/0x170\n ? __netdev_alloc_skb+0x3d/0x140\n vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]\n __napi_poll+0x28/0x1b0\n net_rx_action+0x2a4/0x380\n __do_softirq+0xd1/0x2c8\n __irq_exit_rcu+0xbb/0xf0\n common_interrupt+0x86/0xa0\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_common_interrupt+0x26/0x40\n RIP: 0010:apparmor_socket_post_create+0xb/0x200\n Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 \u003c55\u003e 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48\n RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286\n RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001\n RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740\n RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\n R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003\n R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748\n ? __pfx_apparmor_socket_post_create+0x10/0x10\n security_socket_post_create+0x4b/0x80\n __sock_create+0x176/0x1f0\n __sys_socket+0x89/0x100\n __x64_sys_socket+0x17/0x20\n do_syscall_64+0x5d/0x90\n ? do_syscall_64+0x6c/0x90\n ? do_syscall_64+0x6c/0x90\n ? do_syscall_64+0x6c/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52889",
"url": "https://www.suse.com/security/cve/CVE-2023-52889"
},
{
"category": "external",
"summary": "SUSE Bug 1229287 for CVE-2023-52889",
"url": "https://bugzilla.suse.com/1229287"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2023-52889"
},
{
"cve": "CVE-2024-26590",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26590"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix inconsistent per-file compression format\n\nEROFS can select compression algorithms on a per-file basis, and each\nper-file compression algorithm needs to be marked in the on-disk\nsuperblock for initialization.\n\nHowever, syzkaller can generate inconsistent crafted images that use\nan unsupported algorithmtype for specific inodes, e.g. use MicroLZMA\nalgorithmtype even it\u0027s not set in `sbi-\u003eavailable_compr_algs`. This\ncan lead to an unexpected \"BUG: kernel NULL pointer dereference\" if\nthe corresponding decompressor isn\u0027t built-in.\n\nFix this by checking against `sbi-\u003eavailable_compr_algs` for each\nm_algorithmformat request. Incorrect !erofs_sb_has_compr_cfgs preset\nbitmap is now fixed together since it was harmless previously.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26590",
"url": "https://www.suse.com/security/cve/CVE-2024-26590"
},
{
"category": "external",
"summary": "SUSE Bug 1220252 for CVE-2024-26590",
"url": "https://bugzilla.suse.com/1220252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-26590"
},
{
"cve": "CVE-2024-26631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work\n\nidev-\u003emc_ifc_count can be written over without proper locking.\n\nOriginally found by syzbot [1], fix this issue by encapsulating calls\nto mld_ifc_stop_work() (and mld_gq_stop_work() for good measure) with\nmutex_lock() and mutex_unlock() accordingly as these functions\nshould only be called with mc_lock per their declarations.\n\n[1]\nBUG: KCSAN: data-race in ipv6_mc_down / mld_ifc_work\n\nwrite to 0xffff88813a80c832 of 1 bytes by task 3771 on cpu 0:\n mld_ifc_stop_work net/ipv6/mcast.c:1080 [inline]\n ipv6_mc_down+0x10a/0x280 net/ipv6/mcast.c:2725\n addrconf_ifdown+0xe32/0xf10 net/ipv6/addrconf.c:3949\n addrconf_notify+0x310/0x980\n notifier_call_chain kernel/notifier.c:93 [inline]\n raw_notifier_call_chain+0x6b/0x1c0 kernel/notifier.c:461\n __dev_notify_flags+0x205/0x3d0\n dev_change_flags+0xab/0xd0 net/core/dev.c:8685\n do_setlink+0x9f6/0x2430 net/core/rtnetlink.c:2916\n rtnl_group_changelink net/core/rtnetlink.c:3458 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3717 [inline]\n rtnl_newlink+0xbb3/0x1670 net/core/rtnetlink.c:3754\n rtnetlink_rcv_msg+0x807/0x8c0 net/core/rtnetlink.c:6558\n netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2545\n rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6576\n netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]\n netlink_unicast+0x589/0x650 net/netlink/af_netlink.c:1368\n netlink_sendmsg+0x66e/0x770 net/netlink/af_netlink.c:1910\n ...\n\nwrite to 0xffff88813a80c832 of 1 bytes by task 22 on cpu 1:\n mld_ifc_work+0x54c/0x7b0 net/ipv6/mcast.c:2653\n process_one_work kernel/workqueue.c:2627 [inline]\n process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2700\n worker_thread+0x525/0x730 kernel/workqueue.c:2781\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26631",
"url": "https://www.suse.com/security/cve/CVE-2024-26631"
},
{
"category": "external",
"summary": "SUSE Bug 1221630 for CVE-2024-26631",
"url": "https://bugzilla.suse.com/1221630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-26631"
},
{
"cve": "CVE-2024-26637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26637"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: rely on mac80211 debugfs handling for vif\n\nmac80211 started to delete debugfs entries in certain cases, causing a\nath11k to crash when it tried to delete the entries later. Fix this by\nrelying on mac80211 to delete the entries when appropriate and adding\nthem from the vif_add_debugfs handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26637",
"url": "https://www.suse.com/security/cve/CVE-2024-26637"
},
{
"category": "external",
"summary": "SUSE Bug 1221652 for CVE-2024-26637",
"url": "https://bugzilla.suse.com/1221652"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-26637"
},
{
"cve": "CVE-2024-26668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_limit: reject configurations that cause integer overflow\n\nReject bogus configs where internal token counter wraps around.\nThis only occurs with very very large requests, such as 17gbyte/s.\n\nIts better to reject this rather than having incorrect ratelimit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26668",
"url": "https://www.suse.com/security/cve/CVE-2024-26668"
},
{
"category": "external",
"summary": "SUSE Bug 1222335 for CVE-2024-26668",
"url": "https://bugzilla.suse.com/1222335"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-26668"
},
{
"cve": "CVE-2024-26669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26669"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: flower: Fix chain template offload\n\nWhen a qdisc is deleted from a net device the stack instructs the\nunderlying driver to remove its flow offload callback from the\nassociated filter block using the \u0027FLOW_BLOCK_UNBIND\u0027 command. The stack\nthen continues to replay the removal of the filters in the block for\nthis driver by iterating over the chains in the block and invoking the\n\u0027reoffload\u0027 operation of the classifier being used. In turn, the\nclassifier in its \u0027reoffload\u0027 operation prepares and emits a\n\u0027FLOW_CLS_DESTROY\u0027 command for each filter.\n\nHowever, the stack does not do the same for chain templates and the\nunderlying driver never receives a \u0027FLOW_CLS_TMPLT_DESTROY\u0027 command when\na qdisc is deleted. This results in a memory leak [1] which can be\nreproduced using [2].\n\nFix by introducing a \u0027tmplt_reoffload\u0027 operation and have the stack\ninvoke it with the appropriate arguments as part of the replay.\nImplement the operation in the sole classifier that supports chain\ntemplates (flower) by emitting the \u0027FLOW_CLS_TMPLT_{CREATE,DESTROY}\u0027\ncommand based on whether a flow offload callback is being bound to a\nfilter block or being unbound from one.\n\nAs far as I can tell, the issue happens since cited commit which\nreordered tcf_block_offload_unbind() before tcf_block_flush_all_chains()\nin __tcf_block_put(). The order cannot be reversed as the filter block\nis expected to be freed after flushing all the chains.\n\n[1]\nunreferenced object 0xffff888107e28800 (size 2048):\n comm \"tc\", pid 1079, jiffies 4294958525 (age 3074.287s)\n hex dump (first 32 bytes):\n b1 a6 7c 11 81 88 ff ff e0 5b b3 10 81 88 ff ff ..|......[......\n 01 00 00 00 00 00 00 00 e0 aa b0 84 ff ff ff ff ................\n backtrace:\n [\u003cffffffff81c06a68\u003e] __kmem_cache_alloc_node+0x1e8/0x320\n [\u003cffffffff81ab374e\u003e] __kmalloc+0x4e/0x90\n [\u003cffffffff832aec6d\u003e] mlxsw_sp_acl_ruleset_get+0x34d/0x7a0\n [\u003cffffffff832bc195\u003e] mlxsw_sp_flower_tmplt_create+0x145/0x180\n [\u003cffffffff832b2e1a\u003e] mlxsw_sp_flow_block_cb+0x1ea/0x280\n [\u003cffffffff83a10613\u003e] tc_setup_cb_call+0x183/0x340\n [\u003cffffffff83a9f85a\u003e] fl_tmplt_create+0x3da/0x4c0\n [\u003cffffffff83a22435\u003e] tc_ctl_chain+0xa15/0x1170\n [\u003cffffffff838a863c\u003e] rtnetlink_rcv_msg+0x3cc/0xed0\n [\u003cffffffff83ac87f0\u003e] netlink_rcv_skb+0x170/0x440\n [\u003cffffffff83ac6270\u003e] netlink_unicast+0x540/0x820\n [\u003cffffffff83ac6e28\u003e] netlink_sendmsg+0x8d8/0xda0\n [\u003cffffffff83793def\u003e] ____sys_sendmsg+0x30f/0xa80\n [\u003cffffffff8379d29a\u003e] ___sys_sendmsg+0x13a/0x1e0\n [\u003cffffffff8379d50c\u003e] __sys_sendmsg+0x11c/0x1f0\n [\u003cffffffff843b9ce0\u003e] do_syscall_64+0x40/0xe0\nunreferenced object 0xffff88816d2c0400 (size 1024):\n comm \"tc\", pid 1079, jiffies 4294958525 (age 3074.287s)\n hex dump (first 32 bytes):\n 40 00 00 00 00 00 00 00 57 f6 38 be 00 00 00 00 @.......W.8.....\n 10 04 2c 6d 81 88 ff ff 10 04 2c 6d 81 88 ff ff ..,m......,m....\n backtrace:\n [\u003cffffffff81c06a68\u003e] __kmem_cache_alloc_node+0x1e8/0x320\n [\u003cffffffff81ab36c1\u003e] __kmalloc_node+0x51/0x90\n [\u003cffffffff81a8ed96\u003e] kvmalloc_node+0xa6/0x1f0\n [\u003cffffffff82827d03\u003e] bucket_table_alloc.isra.0+0x83/0x460\n [\u003cffffffff82828d2b\u003e] rhashtable_init+0x43b/0x7c0\n [\u003cffffffff832aed48\u003e] mlxsw_sp_acl_ruleset_get+0x428/0x7a0\n [\u003cffffffff832bc195\u003e] mlxsw_sp_flower_tmplt_create+0x145/0x180\n [\u003cffffffff832b2e1a\u003e] mlxsw_sp_flow_block_cb+0x1ea/0x280\n [\u003cffffffff83a10613\u003e] tc_setup_cb_call+0x183/0x340\n [\u003cffffffff83a9f85a\u003e] fl_tmplt_create+0x3da/0x4c0\n [\u003cffffffff83a22435\u003e] tc_ctl_chain+0xa15/0x1170\n [\u003cffffffff838a863c\u003e] rtnetlink_rcv_msg+0x3cc/0xed0\n [\u003cffffffff83ac87f0\u003e] netlink_rcv_skb+0x170/0x440\n [\u003cffffffff83ac6270\u003e] netlink_unicast+0x540/0x820\n [\u003cffffffff83ac6e28\u003e] netlink_sendmsg+0x8d8/0xda0\n [\u003cffffffff83793def\u003e] ____sys_sendmsg+0x30f/0xa80\n\n[2]\n # tc qdisc add dev swp1 clsact\n # tc chain add dev swp1 ingress proto ip chain 1 flower dst_ip 0.0.0.0/32\n # tc qdisc del dev\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26669",
"url": "https://www.suse.com/security/cve/CVE-2024-26669"
},
{
"category": "external",
"summary": "SUSE Bug 1222350 for CVE-2024-26669",
"url": "https://bugzilla.suse.com/1222350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-26669"
},
{
"cve": "CVE-2024-26677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26677"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix delayed ACKs to not set the reference serial number\n\nFix the construction of delayed ACKs to not set the reference serial number\nas they can\u0027t be used as an RTT reference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26677",
"url": "https://www.suse.com/security/cve/CVE-2024-26677"
},
{
"category": "external",
"summary": "SUSE Bug 1222387 for CVE-2024-26677",
"url": "https://bugzilla.suse.com/1222387"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-26677"
},
{
"cve": "CVE-2024-26682",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26682"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: improve CSA/ECSA connection refusal\n\nAs mentioned in the previous commit, we pretty quickly found\nthat some APs have ECSA elements stuck in their probe response,\nso using that to not attempt to connect while CSA is happening\nwe never connect to such an AP.\n\nImprove this situation by checking more carefully and ignoring\nthe ECSA if cfg80211 has previously detected the ECSA element\nbeing stuck in the probe response.\n\nAdditionally, allow connecting to an AP that\u0027s switching to a\nchannel it\u0027s already using, unless it\u0027s using quiet mode. In\nthis case, we may just have to adjust bandwidth later. If it\u0027s\nactually switching channels, it\u0027s better not to try to connect\nin the middle of that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26682",
"url": "https://www.suse.com/security/cve/CVE-2024-26682"
},
{
"category": "external",
"summary": "SUSE Bug 1222433 for CVE-2024-26682",
"url": "https://bugzilla.suse.com/1222433"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-26682"
},
{
"cve": "CVE-2024-26683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: detect stuck ECSA element in probe resp\n\nWe recently added some validation that we don\u0027t try to\nconnect to an AP that is currently in a channel switch\nprocess, since that might want the channel to be quiet\nor we might not be able to connect in time to hear the\nswitching in a beacon. This was in commit c09c4f31998b\n(\"wifi: mac80211: don\u0027t connect to an AP while it\u0027s in\na CSA process\").\n\nHowever, we promptly got a report that this caused new\nconnection failures, and it turns out that the AP that\nwe now cannot connect to is permanently advertising an\nextended channel switch announcement, even with quiet.\nThe AP in question was an Asus RT-AC53, with firmware\n3.0.0.4.380_10760-g21a5898.\n\nAs a first step, attempt to detect that we\u0027re dealing\nwith such a situation, so mac80211 can use this later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26683",
"url": "https://www.suse.com/security/cve/CVE-2024-26683"
},
{
"category": "external",
"summary": "SUSE Bug 1222434 for CVE-2024-26683",
"url": "https://bugzilla.suse.com/1222434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-26683"
},
{
"cve": "CVE-2024-26735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix possible use-after-free and null-ptr-deref\n\nThe pernet operations structure for the subsystem must be registered\nbefore registering the generic netlink family.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26735",
"url": "https://www.suse.com/security/cve/CVE-2024-26735"
},
{
"category": "external",
"summary": "SUSE Bug 1222372 for CVE-2024-26735",
"url": "https://bugzilla.suse.com/1222372"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-26735"
},
{
"cve": "CVE-2024-26808",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26808"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain\n\nRemove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER\nevent is reported, otherwise a stale reference to netdevice remains in\nthe hook list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26808",
"url": "https://www.suse.com/security/cve/CVE-2024-26808"
},
{
"category": "external",
"summary": "SUSE Bug 1222634 for CVE-2024-26808",
"url": "https://bugzilla.suse.com/1222634"
},
{
"category": "external",
"summary": "SUSE Bug 1245772 for CVE-2024-26808",
"url": "https://bugzilla.suse.com/1245772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-26808"
},
{
"cve": "CVE-2024-26809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26809"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: release elements in clone only from destroy path\n\nClone already always provides a current view of the lookup table, use it\nto destroy the set, otherwise it is possible to destroy elements twice.\n\nThis fix requires:\n\n 212ed75dc5fb (\"netfilter: nf_tables: integrate pipapo into commit protocol\")\n\nwhich came after:\n\n 9827a0e6e23b (\"netfilter: nft_set_pipapo: release elements in clone from abort path\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26809",
"url": "https://www.suse.com/security/cve/CVE-2024-26809"
},
{
"category": "external",
"summary": "SUSE Bug 1222633 for CVE-2024-26809",
"url": "https://bugzilla.suse.com/1222633"
},
{
"category": "external",
"summary": "SUSE Bug 1245771 for CVE-2024-26809",
"url": "https://bugzilla.suse.com/1245771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-26809"
},
{
"cve": "CVE-2024-26812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26812"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Create persistent INTx handler\n\nA vulnerability exists where the eventfd for INTx signaling can be\ndeconfigured, which unregisters the IRQ handler but still allows\neventfds to be signaled with a NULL context through the SET_IRQS ioctl\nor through unmask irqfd if the device interrupt is pending.\n\nIdeally this could be solved with some additional locking; the igate\nmutex serializes the ioctl and config space accesses, and the interrupt\nhandler is unregistered relative to the trigger, but the irqfd path\nruns asynchronous to those. The igate mutex cannot be acquired from the\natomic context of the eventfd wake function. Disabling the irqfd\nrelative to the eventfd registration is potentially incompatible with\nexisting userspace.\n\nAs a result, the solution implemented here moves configuration of the\nINTx interrupt handler to track the lifetime of the INTx context object\nand irq_type configuration, rather than registration of a particular\ntrigger eventfd. Synchronization is added between the ioctl path and\neventfd_signal() wrapper such that the eventfd trigger can be\ndynamically updated relative to in-flight interrupts or irqfd callbacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26812",
"url": "https://www.suse.com/security/cve/CVE-2024-26812"
},
{
"category": "external",
"summary": "SUSE Bug 1222808 for CVE-2024-26812",
"url": "https://bugzilla.suse.com/1222808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-26812"
},
{
"cve": "CVE-2024-26835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: set dormant flag on hook register failure\n\nWe need to set the dormant flag again if we fail to register\nthe hooks.\n\nDuring memory pressure hook registration can fail and we end up\nwith a table marked as active but no registered hooks.\n\nOn table/base chain deletion, nf_tables will attempt to unregister\nthe hook again which yields a warn splat from the nftables core.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26835",
"url": "https://www.suse.com/security/cve/CVE-2024-26835"
},
{
"category": "external",
"summary": "SUSE Bug 1222967 for CVE-2024-26835",
"url": "https://bugzilla.suse.com/1222967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "low"
}
],
"title": "CVE-2024-26835"
},
{
"cve": "CVE-2024-26837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26837"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: switchdev: Skip MDB replays of deferred events on offload\n\nBefore this change, generation of the list of MDB events to replay\nwould race against the creation of new group memberships, either from\nthe IGMP/MLD snooping logic or from user configuration.\n\nWhile new memberships are immediately visible to walkers of\nbr-\u003emdb_list, the notification of their existence to switchdev event\nsubscribers is deferred until a later point in time. So if a replay\nlist was generated during a time that overlapped with such a window,\nit would also contain a replay of the not-yet-delivered event.\n\nThe driver would thus receive two copies of what the bridge internally\nconsidered to be one single event. On destruction of the bridge, only\na single membership deletion event was therefore sent. As a\nconsequence of this, drivers which reference count memberships (at\nleast DSA), would be left with orphan groups in their hardware\ndatabase when the bridge was destroyed.\n\nThis is only an issue when replaying additions. While deletion events\nmay still be pending on the deferred queue, they will already have\nbeen removed from br-\u003emdb_list, so no duplicates can be generated in\nthat scenario.\n\nTo a user this meant that old group memberships, from a bridge in\nwhich a port was previously attached, could be reanimated (in\nhardware) when the port joined a new bridge, without the new bridge\u0027s\nknowledge.\n\nFor example, on an mv88e6xxx system, create a snooping bridge and\nimmediately add a port to it:\n\n root@infix-06-0b-00:~$ ip link add dev br0 up type bridge mcast_snooping 1 \u0026\u0026 \\\n \u003e ip link set dev x3 up master br0\n\nAnd then destroy the bridge:\n\n root@infix-06-0b-00:~$ ip link del dev br0\n root@infix-06-0b-00:~$ mvls atu\n ADDRESS FID STATE Q F 0 1 2 3 4 5 6 7 8 9 a\n DEV:0 Marvell 88E6393X\n 33:33:00:00:00:6a 1 static - - 0 . . . . . . . . . .\n 33:33:ff:87:e4:3f 1 static - - 0 . . . . . . . . . .\n ff:ff:ff:ff:ff:ff 1 static - - 0 1 2 3 4 5 6 7 8 9 a\n root@infix-06-0b-00:~$\n\nThe two IPv6 groups remain in the hardware database because the\nport (x3) is notified of the host\u0027s membership twice: once via the\noriginal event and once via a replay. Since only a single delete\nnotification is sent, the count remains at 1 when the bridge is\ndestroyed.\n\nThen add the same port (or another port belonging to the same hardware\ndomain) to a new bridge, this time with snooping disabled:\n\n root@infix-06-0b-00:~$ ip link add dev br1 up type bridge mcast_snooping 0 \u0026\u0026 \\\n \u003e ip link set dev x3 up master br1\n\nAll multicast, including the two IPv6 groups from br0, should now be\nflooded, according to the policy of br1. But instead the old\nmemberships are still active in the hardware database, causing the\nswitch to only forward traffic to those groups towards the CPU (port\n0).\n\nEliminate the race in two steps:\n\n1. Grab the write-side lock of the MDB while generating the replay\n list.\n\nThis prevents new memberships from showing up while we are generating\nthe replay list. But it leaves the scenario in which a deferred event\nwas already generated, but not delivered, before we grabbed the\nlock. Therefore:\n\n2. Make sure that no deferred version of a replay event is already\n enqueued to the switchdev deferred queue, before adding it to the\n replay list, when replaying additions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26837",
"url": "https://www.suse.com/security/cve/CVE-2024-26837"
},
{
"category": "external",
"summary": "SUSE Bug 1222973 for CVE-2024-26837",
"url": "https://bugzilla.suse.com/1222973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "low"
}
],
"title": "CVE-2024-26837"
},
{
"cve": "CVE-2024-26849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26849"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: add nla be16/32 types to minlen array\n\nBUG: KMSAN: uninit-value in nla_validate_range_unsigned lib/nlattr.c:222 [inline]\nBUG: KMSAN: uninit-value in nla_validate_int_range lib/nlattr.c:336 [inline]\nBUG: KMSAN: uninit-value in validate_nla lib/nlattr.c:575 [inline]\nBUG: KMSAN: uninit-value in __nla_validate_parse+0x2e20/0x45c0 lib/nlattr.c:631\n nla_validate_range_unsigned lib/nlattr.c:222 [inline]\n nla_validate_int_range lib/nlattr.c:336 [inline]\n validate_nla lib/nlattr.c:575 [inline]\n...\n\nThe message in question matches this policy:\n\n [NFTA_TARGET_REV] = NLA_POLICY_MAX(NLA_BE32, 255),\n\nbut because NLA_BE32 size in minlen array is 0, the validation\ncode will read past the malformed (too small) attribute.\n\nNote: Other attributes, e.g. BITFIELD32, SINT, UINT.. are also missing:\nthose likely should be added too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26849",
"url": "https://www.suse.com/security/cve/CVE-2024-26849"
},
{
"category": "external",
"summary": "SUSE Bug 1223053 for CVE-2024-26849",
"url": "https://bugzilla.suse.com/1223053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-26849"
},
{
"cve": "CVE-2024-26851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack_h323: Add protection for bmp length out of range\n\nUBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts\nthat are out of bounds for their data type.\n\nvmlinux get_bitmap(b=75) + 712\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:0\u003e\nvmlinux decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD008037018, level=134443100) + 1956\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:592\u003e\nvmlinux decode_choice(base=0xFFFFFFD0080370F0, level=23843636) + 1216\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:814\u003e\nvmlinux decode_seq(f=0xFFFFFFD0080371A8, level=134443500) + 812\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:576\u003e\nvmlinux decode_choice(base=0xFFFFFFD008037280, level=0) + 1216\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:814\u003e\nvmlinux DecodeRasMessage() + 304\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:833\u003e\nvmlinux ras_help() + 684\n\u003cnet/netfilter/nf_conntrack_h323_main.c:1728\u003e\nvmlinux nf_confirm() + 188\n\u003cnet/netfilter/nf_conntrack_proto.c:137\u003e\n\nDue to abnormal data in skb-\u003edata, the extension bitmap length\nexceeds 32 when decoding ras message then uses the length to make\na shift operation. It will change into negative after several loop.\nUBSAN load could detect a negative shift as an undefined behaviour\nand reports exception.\nSo we add the protection to avoid the length exceeding 32. Or else\nit will return out of range error and stop decoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26851",
"url": "https://www.suse.com/security/cve/CVE-2024-26851"
},
{
"category": "external",
"summary": "SUSE Bug 1223074 for CVE-2024-26851",
"url": "https://bugzilla.suse.com/1223074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-26851"
},
{
"cve": "CVE-2024-26976",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26976"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Always flush async #PF workqueue when vCPU is being destroyed\n\nAlways flush the per-vCPU async #PF workqueue when a vCPU is clearing its\ncompletion queue, e.g. when a VM and all its vCPUs is being destroyed.\nKVM must ensure that none of its workqueue callbacks is running when the\nlast reference to the KVM _module_ is put. Gifting a reference to the\nassociated VM prevents the workqueue callback from dereferencing freed\nvCPU/VM memory, but does not prevent the KVM module from being unloaded\nbefore the callback completes.\n\nDrop the misguided VM refcount gifting, as calling kvm_put_kvm() from\nasync_pf_execute() if kvm_put_kvm() flushes the async #PF workqueue will\nresult in deadlock. async_pf_execute() can\u0027t return until kvm_put_kvm()\nfinishes, and kvm_put_kvm() can\u0027t return until async_pf_execute() finishes:\n\n WARNING: CPU: 8 PID: 251 at virt/kvm/kvm_main.c:1435 kvm_put_kvm+0x2d/0x320 [kvm]\n Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel kvm irqbypass\n CPU: 8 PID: 251 Comm: kworker/8:1 Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Workqueue: events async_pf_execute [kvm]\n RIP: 0010:kvm_put_kvm+0x2d/0x320 [kvm]\n Call Trace:\n \u003cTASK\u003e\n async_pf_execute+0x198/0x260 [kvm]\n process_one_work+0x145/0x2d0\n worker_thread+0x27e/0x3a0\n kthread+0xba/0xe0\n ret_from_fork+0x2d/0x50\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n INFO: task kworker/8:1:251 blocked for more than 120 seconds.\n Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119\n \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:kworker/8:1 state:D stack:0 pid:251 ppid:2 flags:0x00004000\n Workqueue: events async_pf_execute [kvm]\n Call Trace:\n \u003cTASK\u003e\n __schedule+0x33f/0xa40\n schedule+0x53/0xc0\n schedule_timeout+0x12a/0x140\n __wait_for_common+0x8d/0x1d0\n __flush_work.isra.0+0x19f/0x2c0\n kvm_clear_async_pf_completion_queue+0x129/0x190 [kvm]\n kvm_arch_destroy_vm+0x78/0x1b0 [kvm]\n kvm_put_kvm+0x1c1/0x320 [kvm]\n async_pf_execute+0x198/0x260 [kvm]\n process_one_work+0x145/0x2d0\n worker_thread+0x27e/0x3a0\n kthread+0xba/0xe0\n ret_from_fork+0x2d/0x50\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nIf kvm_clear_async_pf_completion_queue() actually flushes the workqueue,\nthen there\u0027s no need to gift async_pf_execute() a reference because all\ninvocations of async_pf_execute() will be forced to complete before the\nvCPU and its VM are destroyed/freed. And that in turn fixes the module\nunloading bug as __fput() won\u0027t do module_put() on the last vCPU reference\nuntil the vCPU has been freed, e.g. if closing the vCPU file also puts the\nlast reference to the KVM module.\n\nNote that kvm_check_async_pf_completion() may also take the work item off\nthe completion queue and so also needs to flush the work queue, as the\nwork will not be seen by kvm_clear_async_pf_completion_queue(). Waiting\non the workqueue could theoretically delay a vCPU due to waiting for the\nwork to complete, but that\u0027s a very, very small chance, and likely a very\nsmall delay. kvm_arch_async_page_present_queued() unconditionally makes a\nnew request, i.e. will effectively delay entering the guest, so the\nremaining work is really just:\n\n trace_kvm_async_pf_completed(addr, cr2_or_gpa);\n\n __kvm_vcpu_wake_up(vcpu);\n\n mmput(mm);\n\nand mmput() can\u0027t drop the last reference to the page tables if the vCPU is\nstill alive, i.e. the vCPU won\u0027t get stuck tearing down page tables.\n\nAdd a helper to do the flushing, specifically to deal with \"wakeup all\"\nwork items, as they aren\u0027t actually work items, i.e. are never placed in a\nworkqueue. Trying to flush a bogus workqueue entry rightly makes\n__flush_work() complain (kudos to whoever added that sanity check).\n\nNote, commit 5f6de5cbebee (\"KVM: Prevent module exit until al\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26976",
"url": "https://www.suse.com/security/cve/CVE-2024-26976"
},
{
"category": "external",
"summary": "SUSE Bug 1223635 for CVE-2024-26976",
"url": "https://bugzilla.suse.com/1223635"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-26976"
},
{
"cve": "CVE-2024-27010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Fix mirred deadlock on device recursion\n\nWhen the mirred action is used on a classful egress qdisc and a packet is\nmirrored or redirected to self we hit a qdisc lock deadlock.\nSee trace below.\n\n[..... other info removed for brevity....]\n[ 82.890906]\n[ 82.890906] ============================================\n[ 82.890906] WARNING: possible recursive locking detected\n[ 82.890906] 6.8.0-05205-g77fadd89fe2d-dirty #213 Tainted: G W\n[ 82.890906] --------------------------------------------\n[ 82.890906] ping/418 is trying to acquire lock:\n[ 82.890906] ffff888006994110 (\u0026sch-\u003eq.lock){+.-.}-{3:3}, at:\n__dev_queue_xmit+0x1778/0x3550\n[ 82.890906]\n[ 82.890906] but task is already holding lock:\n[ 82.890906] ffff888006994110 (\u0026sch-\u003eq.lock){+.-.}-{3:3}, at:\n__dev_queue_xmit+0x1778/0x3550\n[ 82.890906]\n[ 82.890906] other info that might help us debug this:\n[ 82.890906] Possible unsafe locking scenario:\n[ 82.890906]\n[ 82.890906] CPU0\n[ 82.890906] ----\n[ 82.890906] lock(\u0026sch-\u003eq.lock);\n[ 82.890906] lock(\u0026sch-\u003eq.lock);\n[ 82.890906]\n[ 82.890906] *** DEADLOCK ***\n[ 82.890906]\n[..... other info removed for brevity....]\n\nExample setup (eth0-\u003eeth0) to recreate\ntc qdisc add dev eth0 root handle 1: htb default 30\ntc filter add dev eth0 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth0\n\nAnother example(eth0-\u003eeth1-\u003eeth0) to recreate\ntc qdisc add dev eth0 root handle 1: htb default 30\ntc filter add dev eth0 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth1\n\ntc qdisc add dev eth1 root handle 1: htb default 30\ntc filter add dev eth1 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth0\n\nWe fix this by adding an owner field (CPU id) to struct Qdisc set after\nroot qdisc is entered. When the softirq enters it a second time, if the\nqdisc owner is the same CPU, the packet is dropped to break the loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27010",
"url": "https://www.suse.com/security/cve/CVE-2024-27010"
},
{
"category": "external",
"summary": "SUSE Bug 1223720 for CVE-2024-27010",
"url": "https://bugzilla.suse.com/1223720"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-27010"
},
{
"cve": "CVE-2024-27011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix memleak in map from abort path\n\nThe delete set command does not rely on the transaction object for\nelement removal, therefore, a combination of delete element + delete set\nfrom the abort path could result in restoring twice the refcount of the\nmapping.\n\nCheck for inactive element in the next generation for the delete element\ncommand in the abort path, skip restoring state if next generation bit\nhas been already cleared. This is similar to the activate logic using\nthe set walk iterator.\n\n[ 6170.286929] ------------[ cut here ]------------\n[ 6170.286939] WARNING: CPU: 6 PID: 790302 at net/netfilter/nf_tables_api.c:2086 nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.287071] Modules linked in: [...]\n[ 6170.287633] CPU: 6 PID: 790302 Comm: kworker/6:2 Not tainted 6.9.0-rc3+ #365\n[ 6170.287768] RIP: 0010:nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.287886] Code: df 48 8d 7d 58 e8 69 2e 3b df 48 8b 7d 58 e8 80 1b 37 df 48 8d 7d 68 e8 57 2e 3b df 48 8b 7d 68 e8 6e 1b 37 df 48 89 ef eb c4 \u003c0f\u003e 0b 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 0f\n[ 6170.287895] RSP: 0018:ffff888134b8fd08 EFLAGS: 00010202\n[ 6170.287904] RAX: 0000000000000001 RBX: ffff888125bffb28 RCX: dffffc0000000000\n[ 6170.287912] RDX: 0000000000000003 RSI: ffffffffa20298ab RDI: ffff88811ebe4750\n[ 6170.287919] RBP: ffff88811ebe4700 R08: ffff88838e812650 R09: fffffbfff0623a55\n[ 6170.287926] R10: ffffffff8311d2af R11: 0000000000000001 R12: ffff888125bffb10\n[ 6170.287933] R13: ffff888125bffb10 R14: dead000000000122 R15: dead000000000100\n[ 6170.287940] FS: 0000000000000000(0000) GS:ffff888390b00000(0000) knlGS:0000000000000000\n[ 6170.287948] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 6170.287955] CR2: 00007fd31fc00710 CR3: 0000000133f60004 CR4: 00000000001706f0\n[ 6170.287962] Call Trace:\n[ 6170.287967] \u003cTASK\u003e\n[ 6170.287973] ? __warn+0x9f/0x1a0\n[ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288092] ? report_bug+0x1b1/0x1e0\n[ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288092] ? report_bug+0x1b1/0x1e0\n[ 6170.288104] ? handle_bug+0x3c/0x70\n[ 6170.288112] ? exc_invalid_op+0x17/0x40\n[ 6170.288120] ? asm_exc_invalid_op+0x1a/0x20\n[ 6170.288132] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables]\n[ 6170.288243] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288366] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables]\n[ 6170.288483] nf_tables_trans_destroy_work+0x588/0x590 [nf_tables]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27011",
"url": "https://www.suse.com/security/cve/CVE-2024-27011"
},
{
"category": "external",
"summary": "SUSE Bug 1223803 for CVE-2024-27011",
"url": "https://bugzilla.suse.com/1223803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-27011"
},
{
"cve": "CVE-2024-27024",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27024"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: fix WARNING in rds_conn_connect_if_down\n\nIf connection isn\u0027t established yet, get_mr() will fail, trigger connection after\nget_mr().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27024",
"url": "https://www.suse.com/security/cve/CVE-2024-27024"
},
{
"category": "external",
"summary": "SUSE Bug 1223777 for CVE-2024-27024",
"url": "https://bugzilla.suse.com/1223777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-27024"
},
{
"cve": "CVE-2024-27049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925e: fix use-after-free in free_irq()\n\nFrom commit a304e1b82808 (\"[PATCH] Debug shared irqs\"), there is a test\nto make sure the shared irq handler should be able to handle the unexpected\nevent after deregistration. For this case, let\u0027s apply MT76_REMOVED flag to\nindicate the device was removed and do not run into the resource access\nanymore.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27049",
"url": "https://www.suse.com/security/cve/CVE-2024-27049"
},
{
"category": "external",
"summary": "SUSE Bug 1223763 for CVE-2024-27049",
"url": "https://bugzilla.suse.com/1223763"
},
{
"category": "external",
"summary": "SUSE Bug 1231063 for CVE-2024-27049",
"url": "https://bugzilla.suse.com/1231063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-27049"
},
{
"cve": "CVE-2024-27050",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27050"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibbpf: Use OPTS_SET() macro in bpf_xdp_query()\n\nWhen the feature_flags and xdp_zc_max_segs fields were added to the libbpf\nbpf_xdp_query_opts, the code writing them did not use the OPTS_SET() macro.\nThis causes libbpf to write to those fields unconditionally, which means\nthat programs compiled against an older version of libbpf (with a smaller\nsize of the bpf_xdp_query_opts struct) will have its stack corrupted by\nlibbpf writing out of bounds.\n\nThe patch adding the feature_flags field has an early bail out if the\nfeature_flags field is not part of the opts struct (via the OPTS_HAS)\nmacro, but the patch adding xdp_zc_max_segs does not. For consistency, this\nfix just changes the assignments to both fields to use the OPTS_SET()\nmacro.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27050",
"url": "https://www.suse.com/security/cve/CVE-2024-27050"
},
{
"category": "external",
"summary": "SUSE Bug 1223767 for CVE-2024-27050",
"url": "https://bugzilla.suse.com/1223767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-27050"
},
{
"cve": "CVE-2024-27079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix NULL domain on device release\n\nIn the kdump kernel, the IOMMU operates in deferred_attach mode. In this\nmode, info-\u003edomain may not yet be assigned by the time the release_device\nfunction is called. It leads to the following crash in the crash kernel:\n\n BUG: kernel NULL pointer dereference, address: 000000000000003c\n ...\n RIP: 0010:do_raw_spin_lock+0xa/0xa0\n ...\n _raw_spin_lock_irqsave+0x1b/0x30\n intel_iommu_release_device+0x96/0x170\n iommu_deinit_device+0x39/0xf0\n __iommu_group_remove_device+0xa0/0xd0\n iommu_bus_notifier+0x55/0xb0\n notifier_call_chain+0x5a/0xd0\n blocking_notifier_call_chain+0x41/0x60\n bus_notify+0x34/0x50\n device_del+0x269/0x3d0\n pci_remove_bus_device+0x77/0x100\n p2sb_bar+0xae/0x1d0\n ...\n i801_probe+0x423/0x740\n\nUse the release_domain mechanism to fix it. The scalable mode context\nentry which is not part of release domain should be cleared in\nrelease_device().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27079",
"url": "https://www.suse.com/security/cve/CVE-2024-27079"
},
{
"category": "external",
"summary": "SUSE Bug 1223742 for CVE-2024-27079",
"url": "https://bugzilla.suse.com/1223742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-27079"
},
{
"cve": "CVE-2024-27403",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27403"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_flow_offload: reset dst in route object after setting up flow\n\ndst is transferred to the flow object, route object does not own it\nanymore. Reset dst in route object, otherwise if flow_offload_add()\nfails, error path releases dst twice, leading to a refcount underflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27403",
"url": "https://www.suse.com/security/cve/CVE-2024-27403"
},
{
"category": "external",
"summary": "SUSE Bug 1224415 for CVE-2024-27403",
"url": "https://bugzilla.suse.com/1224415"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-27403"
},
{
"cve": "CVE-2024-27433",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27433"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe()\n\n\u0027clk_data\u0027 is allocated with mtk_devm_alloc_clk_data(). So calling\nmtk_free_clk_data() explicitly in the remove function would lead to a\ndouble-free.\n\nRemove the redundant call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27433",
"url": "https://www.suse.com/security/cve/CVE-2024-27433"
},
{
"category": "external",
"summary": "SUSE Bug 1224711 for CVE-2024-27433",
"url": "https://bugzilla.suse.com/1224711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-27433"
},
{
"cve": "CVE-2024-27437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27437"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Disable auto-enable of exclusive INTx IRQ\n\nCurrently for devices requiring masking at the irqchip for INTx, ie.\ndevices without DisINTx support, the IRQ is enabled in request_irq()\nand subsequently disabled as necessary to align with the masked status\nflag. This presents a window where the interrupt could fire between\nthese events, resulting in the IRQ incrementing the disable depth twice.\nThis would be unrecoverable for a user since the masked flag prevents\nnested enables through vfio.\n\nInstead, invert the logic using IRQF_NO_AUTOEN such that exclusive INTx\nis never auto-enabled, then unmask as required.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27437",
"url": "https://www.suse.com/security/cve/CVE-2024-27437"
},
{
"category": "external",
"summary": "SUSE Bug 1222625 for CVE-2024-27437",
"url": "https://bugzilla.suse.com/1222625"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-27437"
},
{
"cve": "CVE-2024-31076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-31076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline\n\nThe absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of\ninterrupt affinity reconfiguration via procfs. Instead, the change is\ndeferred until the next instance of the interrupt being triggered on the\noriginal CPU.\n\nWhen the interrupt next triggers on the original CPU, the new affinity is\nenforced within __irq_move_irq(). A vector is allocated from the new CPU,\nbut the old vector on the original CPU remains and is not immediately\nreclaimed. Instead, apicd-\u003emove_in_progress is flagged, and the reclaiming\nprocess is delayed until the next trigger of the interrupt on the new CPU.\n\nUpon the subsequent triggering of the interrupt on the new CPU,\nirq_complete_move() adds a task to the old CPU\u0027s vector_cleanup list if it\nremains online. Subsequently, the timer on the old CPU iterates over its\nvector_cleanup list, reclaiming old vectors.\n\nHowever, a rare scenario arises if the old CPU is outgoing before the\ninterrupt triggers again on the new CPU.\n\nIn that case irq_force_complete_move() is not invoked on the outgoing CPU\nto reclaim the old apicd-\u003eprev_vector because the interrupt isn\u0027t currently\naffine to the outgoing CPU, and irq_needs_fixup() returns false. Even\nthough __vector_schedule_cleanup() is later called on the new CPU, it\ndoesn\u0027t reclaim apicd-\u003eprev_vector; instead, it simply resets both\napicd-\u003emove_in_progress and apicd-\u003eprev_vector to 0.\n\nAs a result, the vector remains unreclaimed in vector_matrix, leading to a\nCPU vector leak.\n\nTo address this issue, move the invocation of irq_force_complete_move()\nbefore the irq_needs_fixup() call to reclaim apicd-\u003eprev_vector, if the\ninterrupt is currently or used to be affine to the outgoing CPU.\n\nAdditionally, reclaim the vector in __vector_schedule_cleanup() as well,\nfollowing a warning message, although theoretically it should never see\napicd-\u003emove_in_progress with apicd-\u003eprev_cpu pointing to an offline CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-31076",
"url": "https://www.suse.com/security/cve/CVE-2024-31076"
},
{
"category": "external",
"summary": "SUSE Bug 1226765 for CVE-2024-31076",
"url": "https://bugzilla.suse.com/1226765"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-31076"
},
{
"cve": "CVE-2024-35855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update\n\nThe rule activity update delayed work periodically traverses the list of\nconfigured rules and queries their activity from the device.\n\nAs part of this task it accesses the entry pointed by \u0027ventry-\u003eentry\u0027,\nbut this entry can be changed concurrently by the rehash delayed work,\nleading to a use-after-free [1].\n\nFix by closing the race and perform the activity query under the\n\u0027vregion-\u003elock\u0027 mutex.\n\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_acl_tcam_flower_rule_activity_get+0x121/0x140\nRead of size 8 at addr ffff8881054ed808 by task kworker/0:18/181\n\nCPU: 0 PID: 181 Comm: kworker/0:18 Not tainted 6.9.0-rc2-custom-00781-gd5ab772d32f7 #2\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_rule_activity_update_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xc6/0x120\n print_report+0xce/0x670\n kasan_report+0xd7/0x110\n mlxsw_sp_acl_tcam_flower_rule_activity_get+0x121/0x140\n mlxsw_sp_acl_rule_activity_update_work+0x219/0x400\n process_one_work+0x8eb/0x19b0\n worker_thread+0x6c9/0xf70\n kthread+0x2c9/0x3b0\n ret_from_fork+0x4d/0x80\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 1039:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __kmalloc+0x19c/0x360\n mlxsw_sp_acl_tcam_entry_create+0x7b/0x1f0\n mlxsw_sp_acl_tcam_vchunk_migrate_all+0x30d/0xb50\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300\n process_one_work+0x8eb/0x19b0\n worker_thread+0x6c9/0xf70\n kthread+0x2c9/0x3b0\n ret_from_fork+0x4d/0x80\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 1039:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n poison_slab_object+0x102/0x170\n __kasan_slab_free+0x14/0x30\n kfree+0xc1/0x290\n mlxsw_sp_acl_tcam_vchunk_migrate_all+0x3d7/0xb50\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300\n process_one_work+0x8eb/0x19b0\n worker_thread+0x6c9/0xf70\n kthread+0x2c9/0x3b0\n ret_from_fork+0x4d/0x80\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35855",
"url": "https://www.suse.com/security/cve/CVE-2024-35855"
},
{
"category": "external",
"summary": "SUSE Bug 1224694 for CVE-2024-35855",
"url": "https://bugzilla.suse.com/1224694"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-35855"
},
{
"cve": "CVE-2024-35897",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35897"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: discard table flag update with pending basechain deletion\n\nHook unregistration is deferred to the commit phase, same occurs with\nhook updates triggered by the table dormant flag. When both commands are\ncombined, this results in deleting a basechain while leaving its hook\nstill registered in the core.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35897",
"url": "https://www.suse.com/security/cve/CVE-2024-35897"
},
{
"category": "external",
"summary": "SUSE Bug 1224510 for CVE-2024-35897",
"url": "https://bugzilla.suse.com/1224510"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-35897"
},
{
"cve": "CVE-2024-35902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: fix possible cp null dereference\n\ncp might be null, calling cp-\u003ecp_conn would produce null dereference\n\n[Simon Horman adds:]\n\nAnalysis:\n\n* cp is a parameter of __rds_rdma_map and is not reassigned.\n\n* The following call-sites pass a NULL cp argument to __rds_rdma_map()\n\n - rds_get_mr()\n - rds_get_mr_for_dest\n\n* Prior to the code above, the following assumes that cp may be NULL\n (which is indicative, but could itself be unnecessary)\n\n\ttrans_private = rs-\u003ers_transport-\u003eget_mr(\n\t\tsg, nents, rs, \u0026mr-\u003er_key, cp ? cp-\u003ecp_conn : NULL,\n\t\targs-\u003evec.addr, args-\u003evec.bytes,\n\t\tneed_odp ? ODP_ZEROBASED : ODP_NOT_NEEDED);\n\n* The code modified by this patch is guarded by IS_ERR(trans_private),\n where trans_private is assigned as per the previous point in this analysis.\n\n The only implementation of get_mr that I could locate is rds_ib_get_mr()\n which can return an ERR_PTR if the conn (4th) argument is NULL.\n\n* ret is set to PTR_ERR(trans_private).\n rds_ib_get_mr can return ERR_PTR(-ENODEV) if the conn (4th) argument is NULL.\n Thus ret may be -ENODEV in which case the code in question will execute.\n\nConclusion:\n* cp may be NULL at the point where this patch adds a check;\n this patch does seem to address a possible bug",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35902",
"url": "https://www.suse.com/security/cve/CVE-2024-35902"
},
{
"category": "external",
"summary": "SUSE Bug 1224496 for CVE-2024-35902",
"url": "https://bugzilla.suse.com/1224496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-35902"
},
{
"cve": "CVE-2024-35913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35913"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF\n\nWhen we want to know whether we should look for the mac_id or the\nlink_id in struct iwl_mvm_session_prot_notif, we should look at the\nversion of SESSION_PROTECTION_NOTIF.\n\nThis causes WARNINGs:\n\nWARNING: CPU: 0 PID: 11403 at drivers/net/wireless/intel/iwlwifi/mvm/time-event.c:959 iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm]\nRIP: 0010:iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm]\nCode: 00 49 c7 84 24 48 07 00 00 00 00 00 00 41 c6 84 24 78 07 00 00 ff 4c 89 f7 e8 e9 71 54 d9 e9 7d fd ff ff 0f 0b e9 23 fe ff ff \u003c0f\u003e 0b e9 1c fe ff ff 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90\nRSP: 0018:ffffb4bb00003d40 EFLAGS: 00010202\nRAX: 0000000000000000 RBX: ffff9ae63a361000 RCX: ffff9ae4a98b60d4\nRDX: ffff9ae4588499c0 RSI: 0000000000000305 RDI: ffff9ae4a98b6358\nRBP: ffffb4bb00003d68 R08: 0000000000000003 R09: 0000000000000010\nR10: ffffb4bb00003d00 R11: 000000000000000f R12: ffff9ae441399050\nR13: ffff9ae4761329e8 R14: 0000000000000001 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff9ae7af400000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055fb75680018 CR3: 00000003dae32006 CR4: 0000000000f70ef0\nPKRU: 55555554\nCall Trace:\n \u003cIRQ\u003e\n ? show_regs+0x69/0x80\n ? __warn+0x8d/0x150\n ? iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm]\n ? report_bug+0x196/0x1c0\n ? handle_bug+0x45/0x80\n ? exc_invalid_op+0x1c/0xb0\n ? asm_exc_invalid_op+0x1f/0x30\n ? iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm]\n iwl_mvm_rx_common+0x115/0x340 [iwlmvm]\n iwl_mvm_rx_mq+0xa6/0x100 [iwlmvm]\n iwl_pcie_rx_handle+0x263/0xa10 [iwlwifi]\n iwl_pcie_napi_poll_msix+0x32/0xd0 [iwlwifi]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35913",
"url": "https://www.suse.com/security/cve/CVE-2024-35913"
},
{
"category": "external",
"summary": "SUSE Bug 1224485 for CVE-2024-35913",
"url": "https://bugzilla.suse.com/1224485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-35913"
},
{
"cve": "CVE-2024-35939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35939"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-direct: Leak pages on dma_set_decrypted() failure\n\nOn TDX it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nDMA could free decrypted/shared pages if dma_set_decrypted() fails. This\nshould be a rare case. Just leak the pages in this case instead of\nfreeing them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35939",
"url": "https://www.suse.com/security/cve/CVE-2024-35939"
},
{
"category": "external",
"summary": "SUSE Bug 1224535 for CVE-2024-35939",
"url": "https://bugzilla.suse.com/1224535"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-35939"
},
{
"cve": "CVE-2024-35949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35949"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: make sure that WRITTEN is set on all metadata blocks\n\nWe previously would call btrfs_check_leaf() if we had the check\nintegrity code enabled, which meant that we could only run the extended\nleaf checks if we had WRITTEN set on the header flags.\n\nThis leaves a gap in our checking, because we could end up with\ncorruption on disk where WRITTEN isn\u0027t set on the leaf, and then the\nextended leaf checks don\u0027t get run which we rely on to validate all of\nthe item pointers to make sure we don\u0027t access memory outside of the\nextent buffer.\n\nHowever, since 732fab95abe2 (\"btrfs: check-integrity: remove\nCONFIG_BTRFS_FS_CHECK_INTEGRITY option\") we no longer call\nbtrfs_check_leaf() from btrfs_mark_buffer_dirty(), which means we only\never call it on blocks that are being written out, and thus have WRITTEN\nset, or that are being read in, which should have WRITTEN set.\n\nAdd checks to make sure we have WRITTEN set appropriately, and then make\nsure __btrfs_check_leaf() always does the item checking. This will\nprotect us from file systems that have been corrupted and no longer have\nWRITTEN set on some of the blocks.\n\nThis was hit on a crafted image tweaking the WRITTEN bit and reported by\nKASAN as out-of-bound access in the eb accessors. The example is a dir\nitem at the end of an eb.\n\n [2.042] BTRFS warning (device loop1): bad eb member start: ptr 0x3fff start 30572544 member offset 16410 size 2\n [2.040] general protection fault, probably for non-canonical address 0xe0009d1000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI\n [2.537] KASAN: maybe wild-memory-access in range [0x0005088000000018-0x000508800000001f]\n [2.729] CPU: 0 PID: 2587 Comm: mount Not tainted 6.8.2 #1\n [2.729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [2.621] RIP: 0010:btrfs_get_16+0x34b/0x6d0\n [2.621] RSP: 0018:ffff88810871fab8 EFLAGS: 00000206\n [2.621] RAX: 0000a11000000003 RBX: ffff888104ff8720 RCX: ffff88811b2288c0\n [2.621] RDX: dffffc0000000000 RSI: ffffffff81dd8aca RDI: ffff88810871f748\n [2.621] RBP: 000000000000401a R08: 0000000000000001 R09: ffffed10210e3ee9\n [2.621] R10: ffff88810871f74f R11: 205d323430333737 R12: 000000000000001a\n [2.621] R13: 000508800000001a R14: 1ffff110210e3f5d R15: ffffffff850011e8\n [2.621] FS: 00007f56ea275840(0000) GS:ffff88811b200000(0000) knlGS:0000000000000000\n [2.621] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [2.621] CR2: 00007febd13b75c0 CR3: 000000010bb50000 CR4: 00000000000006f0\n [2.621] Call Trace:\n [2.621] \u003cTASK\u003e\n [2.621] ? show_regs+0x74/0x80\n [2.621] ? die_addr+0x46/0xc0\n [2.621] ? exc_general_protection+0x161/0x2a0\n [2.621] ? asm_exc_general_protection+0x26/0x30\n [2.621] ? btrfs_get_16+0x33a/0x6d0\n [2.621] ? btrfs_get_16+0x34b/0x6d0\n [2.621] ? btrfs_get_16+0x33a/0x6d0\n [2.621] ? __pfx_btrfs_get_16+0x10/0x10\n [2.621] ? __pfx_mutex_unlock+0x10/0x10\n [2.621] btrfs_match_dir_item_name+0x101/0x1a0\n [2.621] btrfs_lookup_dir_item+0x1f3/0x280\n [2.621] ? __pfx_btrfs_lookup_dir_item+0x10/0x10\n [2.621] btrfs_get_tree+0xd25/0x1910\n\n[ copy more details from report ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35949",
"url": "https://www.suse.com/security/cve/CVE-2024-35949"
},
{
"category": "external",
"summary": "SUSE Bug 1224700 for CVE-2024-35949",
"url": "https://bugzilla.suse.com/1224700"
},
{
"category": "external",
"summary": "SUSE Bug 1229273 for CVE-2024-35949",
"url": "https://bugzilla.suse.com/1229273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-35949"
},
{
"cve": "CVE-2024-36270",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36270"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: tproxy: bail out if IP has been disabled on the device\n\nsyzbot reports:\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\n[..]\nRIP: 0010:nf_tproxy_laddr4+0xb7/0x340 net/ipv4/netfilter/nf_tproxy_ipv4.c:62\nCall Trace:\n nft_tproxy_eval_v4 net/netfilter/nft_tproxy.c:56 [inline]\n nft_tproxy_eval+0xa9a/0x1a00 net/netfilter/nft_tproxy.c:168\n\n__in_dev_get_rcu() can return NULL, so check for this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36270",
"url": "https://www.suse.com/security/cve/CVE-2024-36270"
},
{
"category": "external",
"summary": "SUSE Bug 1226798 for CVE-2024-36270",
"url": "https://bugzilla.suse.com/1226798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-36270"
},
{
"cve": "CVE-2024-36286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36286"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()\n\nsyzbot reported that nf_reinject() could be called without rcu_read_lock() :\n\nWARNING: suspicious RCU usage\n6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Not tainted\n\nnet/netfilter/nfnetlink_queue.c:263 suspicious rcu_dereference_check() usage!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n2 locks held by syz-executor.4/13427:\n #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]\n #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2190 [inline]\n #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_core+0xa86/0x1830 kernel/rcu/tree.c:2471\n #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: nfqnl_flush net/netfilter/nfnetlink_queue.c:405 [inline]\n #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: instance_destroy_rcu+0x30/0x220 net/netfilter/nfnetlink_queue.c:172\n\nstack backtrace:\nCPU: 0 PID: 13427 Comm: syz-executor.4 Not tainted 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712\n nf_reinject net/netfilter/nfnetlink_queue.c:323 [inline]\n nfqnl_reinject+0x6ec/0x1120 net/netfilter/nfnetlink_queue.c:397\n nfqnl_flush net/netfilter/nfnetlink_queue.c:410 [inline]\n instance_destroy_rcu+0x1ae/0x220 net/netfilter/nfnetlink_queue.c:172\n rcu_do_batch kernel/rcu/tree.c:2196 [inline]\n rcu_core+0xafd/0x1830 kernel/rcu/tree.c:2471\n handle_softirqs+0x2d6/0x990 kernel/softirq.c:554\n __do_softirq kernel/softirq.c:588 [inline]\n invoke_softirq kernel/softirq.c:428 [inline]\n __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:649\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043\n \u003c/IRQ\u003e\n \u003cTASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36286",
"url": "https://www.suse.com/security/cve/CVE-2024-36286"
},
{
"category": "external",
"summary": "SUSE Bug 1226801 for CVE-2024-36286",
"url": "https://bugzilla.suse.com/1226801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-36286"
},
{
"cve": "CVE-2024-36288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36288"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix loop termination condition in gss_free_in_token_pages()\n\nThe in_token-\u003epages[] array is not NULL terminated. This results in\nthe following KASAN splat:\n\n KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36288",
"url": "https://www.suse.com/security/cve/CVE-2024-36288"
},
{
"category": "external",
"summary": "SUSE Bug 1226834 for CVE-2024-36288",
"url": "https://bugzilla.suse.com/1226834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-36288"
},
{
"cve": "CVE-2024-36489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36489"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix missing memory barrier in tls_init\n\nIn tls_init(), a write memory barrier is missing, and store-store\nreordering may cause NULL dereference in tls_{setsockopt,getsockopt}.\n\nCPU0 CPU1\n----- -----\n// In tls_init()\n// In tls_ctx_create()\nctx = kzalloc()\nctx-\u003esk_proto = READ_ONCE(sk-\u003esk_prot) -(1)\n\n// In update_sk_prot()\nWRITE_ONCE(sk-\u003esk_prot, tls_prots) -(2)\n\n // In sock_common_setsockopt()\n READ_ONCE(sk-\u003esk_prot)-\u003esetsockopt()\n\n // In tls_{setsockopt,getsockopt}()\n ctx-\u003esk_proto-\u003esetsockopt() -(3)\n\nIn the above scenario, when (1) and (2) are reordered, (3) can observe\nthe NULL value of ctx-\u003esk_proto, causing NULL dereference.\n\nTo fix it, we rely on rcu_assign_pointer() which implies the release\nbarrier semantic. By moving rcu_assign_pointer() after ctx-\u003esk_proto is\ninitialized, we can ensure that ctx-\u003esk_proto are visible when\nchanging sk-\u003esk_prot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36489",
"url": "https://www.suse.com/security/cve/CVE-2024-36489"
},
{
"category": "external",
"summary": "SUSE Bug 1226874 for CVE-2024-36489",
"url": "https://bugzilla.suse.com/1226874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-36489"
},
{
"cve": "CVE-2024-36881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/userfaultfd: reset ptes when close() for wr-protected ones\n\nUserfaultfd unregister includes a step to remove wr-protect bits from all\nthe relevant pgtable entries, but that only covered an explicit\nUFFDIO_UNREGISTER ioctl, not a close() on the userfaultfd itself. Cover\nthat too. This fixes a WARN trace.\n\nThe only user visible side effect is the user can observe leftover\nwr-protect bits even if the user close()ed on an userfaultfd when\nreleasing the last reference of it. However hopefully that should be\nharmless, and nothing bad should happen even if so.\n\nThis change is now more important after the recent page-table-check\npatch we merged in mm-unstable (446dd9ad37d0 (\"mm/page_table_check:\nsupport userfault wr-protect entries\")), as we\u0027ll do sanity check on\nuffd-wp bits without vma context. So it\u0027s better if we can 100%\nguarantee no uffd-wp bit leftovers, to make sure each report will be\nvalid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36881",
"url": "https://www.suse.com/security/cve/CVE-2024-36881"
},
{
"category": "external",
"summary": "SUSE Bug 1225718 for CVE-2024-36881",
"url": "https://bugzilla.suse.com/1225718"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-36881"
},
{
"cve": "CVE-2024-36907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36907"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36907",
"url": "https://www.suse.com/security/cve/CVE-2024-36907"
},
{
"category": "external",
"summary": "SUSE Bug 1225751 for CVE-2024-36907",
"url": "https://bugzilla.suse.com/1225751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-36907"
},
{
"cve": "CVE-2024-36929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36929"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: core: reject skb_copy(_expand) for fraglist GSO skbs\n\nSKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become\ninvalid. Return NULL if such an skb is passed to skb_copy or\nskb_copy_expand, in order to prevent a crash on a potential later\ncall to skb_gso_segment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36929",
"url": "https://www.suse.com/security/cve/CVE-2024-36929"
},
{
"category": "external",
"summary": "SUSE Bug 1225814 for CVE-2024-36929",
"url": "https://bugzilla.suse.com/1225814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-36929"
},
{
"cve": "CVE-2024-36933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36933"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnsh: Restore skb-\u003e{protocol,data,mac_header} for outer header in nsh_gso_segment().\n\nsyzbot triggered various splats (see [0] and links) by a crafted GSO\npacket of VIRTIO_NET_HDR_GSO_UDP layering the following protocols:\n\n ETH_P_8021AD + ETH_P_NSH + ETH_P_IPV6 + IPPROTO_UDP\n\nNSH can encapsulate IPv4, IPv6, Ethernet, NSH, and MPLS. As the inner\nprotocol can be Ethernet, NSH GSO handler, nsh_gso_segment(), calls\nskb_mac_gso_segment() to invoke inner protocol GSO handlers.\n\nnsh_gso_segment() does the following for the original skb before\ncalling skb_mac_gso_segment()\n\n 1. reset skb-\u003enetwork_header\n 2. save the original skb-\u003e{mac_heaeder,mac_len} in a local variable\n 3. pull the NSH header\n 4. resets skb-\u003emac_header\n 5. set up skb-\u003emac_len and skb-\u003eprotocol for the inner protocol.\n\nand does the following for the segmented skb\n\n 6. set ntohs(ETH_P_NSH) to skb-\u003eprotocol\n 7. push the NSH header\n 8. restore skb-\u003emac_header\n 9. set skb-\u003emac_header + mac_len to skb-\u003enetwork_header\n 10. restore skb-\u003emac_len\n\nThere are two problems in 6-7 and 8-9.\n\n (a)\n After 6 \u0026 7, skb-\u003edata points to the NSH header, so the outer header\n (ETH_P_8021AD in this case) is stripped when skb is sent out of netdev.\n\n Also, if NSH is encapsulated by NSH + Ethernet (so NSH-Ethernet-NSH),\n skb_pull() in the first nsh_gso_segment() will make skb-\u003edata point\n to the middle of the outer NSH or Ethernet header because the Ethernet\n header is not pulled by the second nsh_gso_segment().\n\n (b)\n While restoring skb-\u003e{mac_header,network_header} in 8 \u0026 9,\n nsh_gso_segment() does not assume that the data in the linear\n buffer is shifted.\n\n However, udp6_ufo_fragment() could shift the data and change\n skb-\u003emac_header accordingly as demonstrated by syzbot.\n\n If this happens, even the restored skb-\u003emac_header points to\n the middle of the outer header.\n\nIt seems nsh_gso_segment() has never worked with outer headers so far.\n\nAt the end of nsh_gso_segment(), the outer header must be restored for\nthe segmented skb, instead of the NSH header.\n\nTo do that, let\u0027s calculate the outer header position relatively from\nthe inner header and set skb-\u003e{data,mac_header,protocol} properly.\n\n[0]:\nBUG: KMSAN: uninit-value in ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]\nBUG: KMSAN: uninit-value in ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]\nBUG: KMSAN: uninit-value in ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]\n ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668\n ipvlan_start_xmit+0x5c/0x1a0 drivers/net/ipvlan/ipvlan_main.c:222\n __netdev_start_xmit include/linux/netdevice.h:4989 [inline]\n netdev_start_xmit include/linux/netdevice.h:5003 [inline]\n xmit_one net/core/dev.c:3547 [inline]\n dev_hard_start_xmit+0x244/0xa10 net/core/dev.c:3563\n __dev_queue_xmit+0x33ed/0x51c0 net/core/dev.c:4351\n dev_queue_xmit include/linux/netdevice.h:3171 [inline]\n packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3081 [inline]\n packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3819 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n __do_kmalloc_node mm/slub.c:3980 [inline]\n __kmalloc_node_track_caller+0x705/0x1000 mm/slub.c:4001\n kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582\n __\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36933",
"url": "https://www.suse.com/security/cve/CVE-2024-36933"
},
{
"category": "external",
"summary": "SUSE Bug 1225832 for CVE-2024-36933",
"url": "https://bugzilla.suse.com/1225832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-36933"
},
{
"cve": "CVE-2024-36939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36939"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Handle error of rpc_proc_register() in nfs_net_init().\n\nsyzkaller reported a warning [0] triggered while destroying immature\nnetns.\n\nrpc_proc_register() was called in init_nfs_fs(), but its error\nhas been ignored since at least the initial commit 1da177e4c3f4\n(\"Linux-2.6.12-rc2\").\n\nRecently, commit d47151b79e32 (\"nfs: expose /proc/net/sunrpc/nfs\nin net namespaces\") converted the procfs to per-netns and made\nthe problem more visible.\n\nEven when rpc_proc_register() fails, nfs_net_init() could succeed,\nand thus nfs_net_exit() will be called while destroying the netns.\n\nThen, remove_proc_entry() will be called for non-existing proc\ndirectory and trigger the warning below.\n\nLet\u0027s handle the error of rpc_proc_register() properly in nfs_net_init().\n\n[0]:\nname \u0027nfs\u0027\nWARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nModules linked in:\nCPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nCode: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff \u003c0f\u003e 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb\nRSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c\nRDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc\nR13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8\nFS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310\n nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438\n ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170\n setup_net+0x46c/0x660 net/core/net_namespace.c:372\n copy_net_ns+0x244/0x590 net/core/net_namespace.c:505\n create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228\n ksys_unshare+0x342/0x760 kernel/fork.c:3322\n __do_sys_unshare kernel/fork.c:3393 [inline]\n __se_sys_unshare kernel/fork.c:3391 [inline]\n __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0x7f30d0febe5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600\nRBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002\nR13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36939",
"url": "https://www.suse.com/security/cve/CVE-2024-36939"
},
{
"category": "external",
"summary": "SUSE Bug 1225838 for CVE-2024-36939",
"url": "https://bugzilla.suse.com/1225838"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-36939"
},
{
"cve": "CVE-2024-36970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36970"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Use request_module_nowait\n\nThis appears to work around a deadlock regression that came in\nwith the LED merge in 6.9.\n\nThe deadlock happens on my system with 24 iwlwifi radios, so maybe\nit something like all worker threads are busy and some work that needs\nto complete cannot complete.\n\n[also remove unnecessary \"load_module\" var and now-wrong comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36970",
"url": "https://www.suse.com/security/cve/CVE-2024-36970"
},
{
"category": "external",
"summary": "SUSE Bug 1226127 for CVE-2024-36970",
"url": "https://bugzilla.suse.com/1226127"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-36970"
},
{
"cve": "CVE-2024-36979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mst: fix vlan use-after-free\n\nsyzbot reported a suspicious rcu usage[1] in bridge\u0027s mst code. While\nfixing it I noticed that nothing prevents a vlan to be freed while\nwalking the list from the same path (br forward delay timer). Fix the rcu\nusage and also make sure we are not accessing freed memory by making\nbr_mst_vlan_set_state use rcu read lock.\n\n[1]\n WARNING: suspicious RCU usage\n 6.9.0-rc6-syzkaller #0 Not tainted\n -----------------------------\n net/bridge/br_private.h:1599 suspicious rcu_dereference_protected() usage!\n ...\n stack backtrace:\n CPU: 1 PID: 8017 Comm: syz-executor.1 Not tainted 6.9.0-rc6-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\n Call Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712\n nbp_vlan_group net/bridge/br_private.h:1599 [inline]\n br_mst_set_state+0x1ea/0x650 net/bridge/br_mst.c:105\n br_set_state+0x28a/0x7b0 net/bridge/br_stp.c:47\n br_forward_delay_timer_expired+0x176/0x440 net/bridge/br_stp_timer.c:88\n call_timer_fn+0x18e/0x650 kernel/time/timer.c:1793\n expire_timers kernel/time/timer.c:1844 [inline]\n __run_timers kernel/time/timer.c:2418 [inline]\n __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2429\n run_timer_base kernel/time/timer.c:2438 [inline]\n run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2448\n __do_softirq+0x2c6/0x980 kernel/softirq.c:554\n invoke_softirq kernel/softirq.c:428 [inline]\n __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:645\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\n RIP: 0010:lock_acquire+0x264/0x550 kernel/locking/lockdep.c:5758\n Code: 2b 00 74 08 4c 89 f7 e8 ba d1 84 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 \u003c4b\u003e c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25\n RSP: 0018:ffffc90013657100 EFLAGS: 00000206\n RAX: 0000000000000001 RBX: 1ffff920026cae2c RCX: 0000000000000001\n RDX: dffffc0000000000 RSI: ffffffff8bcaca00 RDI: ffffffff8c1eaa60\n RBP: ffffc90013657260 R08: ffffffff92efe507 R09: 1ffffffff25dfca0\n R10: dffffc0000000000 R11: fffffbfff25dfca1 R12: 1ffff920026cae28\n R13: dffffc0000000000 R14: ffffc90013657160 R15: 0000000000000246",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36979",
"url": "https://www.suse.com/security/cve/CVE-2024-36979"
},
{
"category": "external",
"summary": "SUSE Bug 1226604 for CVE-2024-36979",
"url": "https://bugzilla.suse.com/1226604"
},
{
"category": "external",
"summary": "SUSE Bug 1227369 for CVE-2024-36979",
"url": "https://bugzilla.suse.com/1227369"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-36979"
},
{
"cve": "CVE-2024-38563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38563"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: fix potential memory leakage when reading chip temperature\n\nWithout this commit, reading chip temperature will cause memory leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38563",
"url": "https://www.suse.com/security/cve/CVE-2024-38563"
},
{
"category": "external",
"summary": "SUSE Bug 1226743 for CVE-2024-38563",
"url": "https://bugzilla.suse.com/1226743"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-38563"
},
{
"cve": "CVE-2024-38609",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38609"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: connac: check for null before dereferencing\n\nThe wcid can be NULL. It should be checked for validity before\ndereferencing it to avoid crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38609",
"url": "https://www.suse.com/security/cve/CVE-2024-38609"
},
{
"category": "external",
"summary": "SUSE Bug 1226751 for CVE-2024-38609",
"url": "https://bugzilla.suse.com/1226751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-38609"
},
{
"cve": "CVE-2024-38662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38662"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Allow delete from sockmap/sockhash only if update is allowed\n\nWe have seen an influx of syzkaller reports where a BPF program attached to\na tracepoint triggers a locking rule violation by performing a map_delete\non a sockmap/sockhash.\n\nWe don\u0027t intend to support this artificial use scenario. Extend the\nexisting verifier allowed-program-type check for updating sockmap/sockhash\nto also cover deleting from a map.\n\nFrom now on only BPF programs which were previously allowed to update\nsockmap/sockhash can delete from these map types.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38662",
"url": "https://www.suse.com/security/cve/CVE-2024-38662"
},
{
"category": "external",
"summary": "SUSE Bug 1226885 for CVE-2024-38662",
"url": "https://bugzilla.suse.com/1226885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-38662"
},
{
"cve": "CVE-2024-39476",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39476"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING\n\nXiao reported that lvm2 test lvconvert-raid-takeover.sh can hang with\nsmall possibility, the root cause is exactly the same as commit\nbed9e27baf52 (\"Revert \"md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d\"\")\n\nHowever, Dan reported another hang after that, and junxiao investigated\nthe problem and found out that this is caused by plugged bio can\u0027t issue\nfrom raid5d().\n\nCurrent implementation in raid5d() has a weird dependence:\n\n1) md_check_recovery() from raid5d() must hold \u0027reconfig_mutex\u0027 to clear\n MD_SB_CHANGE_PENDING;\n2) raid5d() handles IO in a deadloop, until all IO are issued;\n3) IO from raid5d() must wait for MD_SB_CHANGE_PENDING to be cleared;\n\nThis behaviour is introduce before v2.6, and for consequence, if other\ncontext hold \u0027reconfig_mutex\u0027, and md_check_recovery() can\u0027t update\nsuper_block, then raid5d() will waste one cpu 100% by the deadloop, until\n\u0027reconfig_mutex\u0027 is released.\n\nRefer to the implementation from raid1 and raid10, fix this problem by\nskipping issue IO if MD_SB_CHANGE_PENDING is still set after\nmd_check_recovery(), daemon thread will be woken up when \u0027reconfig_mutex\u0027\nis released. Meanwhile, the hang problem will be fixed as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39476",
"url": "https://www.suse.com/security/cve/CVE-2024-39476"
},
{
"category": "external",
"summary": "SUSE Bug 1227437 for CVE-2024-39476",
"url": "https://bugzilla.suse.com/1227437"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-39476"
},
{
"cve": "CVE-2024-39483",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39483"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked\n\nWhen requesting an NMI window, WARN on vNMI support being enabled if and\nonly if NMIs are actually masked, i.e. if the vCPU is already handling an\nNMI. KVM\u0027s ABI for NMIs that arrive simultanesouly (from KVM\u0027s point of\nview) is to inject one NMI and pend the other. When using vNMI, KVM pends\nthe second NMI simply by setting V_NMI_PENDING, and lets the CPU do the\nrest (hardware automatically sets V_NMI_BLOCKING when an NMI is injected).\n\nHowever, if KVM can\u0027t immediately inject an NMI, e.g. because the vCPU is\nin an STI shadow or is running with GIF=0, then KVM will request an NMI\nwindow and trigger the WARN (but still function correctly).\n\nWhether or not the GIF=0 case makes sense is debatable, as the intent of\nKVM\u0027s behavior is to provide functionality that is as close to real\nhardware as possible. E.g. if two NMIs are sent in quick succession, the\nprobability of both NMIs arriving in an STI shadow is infinitesimally low\non real hardware, but significantly larger in a virtual environment, e.g.\nif the vCPU is preempted in the STI shadow. For GIF=0, the argument isn\u0027t\nas clear cut, because the window where two NMIs can collide is much larger\nin bare metal (though still small).\n\nThat said, KVM should not have divergent behavior for the GIF=0 case based\non whether or not vNMI support is enabled. And KVM has allowed\nsimultaneous NMIs with GIF=0 for over a decade, since commit 7460fb4a3400\n(\"KVM: Fix simultaneous NMIs\"). I.e. KVM\u0027s GIF=0 handling shouldn\u0027t be\nmodified without a *really* good reason to do so, and if KVM\u0027s behavior\nwere to be modified, it should be done irrespective of vNMI support.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39483",
"url": "https://www.suse.com/security/cve/CVE-2024-39483"
},
{
"category": "external",
"summary": "SUSE Bug 1227494 for CVE-2024-39483",
"url": "https://bugzilla.suse.com/1227494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-39483"
},
{
"cve": "CVE-2024-39484",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39484"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: davinci: Don\u0027t strip remove function when driver is builtin\n\nUsing __exit for the remove function results in the remove callback being\ndiscarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g.\nusing sysfs or hotplug), the driver is just removed without the cleanup\nbeing performed. This results in resource leaks. Fix it by compiling in the\nremove callback unconditionally.\n\nThis also fixes a W=1 modpost warning:\n\nWARNING: modpost: drivers/mmc/host/davinci_mmc: section mismatch in\nreference: davinci_mmcsd_driver+0x10 (section: .data) -\u003e\ndavinci_mmcsd_remove (section: .exit.text)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39484",
"url": "https://www.suse.com/security/cve/CVE-2024-39484"
},
{
"category": "external",
"summary": "SUSE Bug 1227493 for CVE-2024-39484",
"url": "https://bugzilla.suse.com/1227493"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-39484"
},
{
"cve": "CVE-2024-39486",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39486"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/drm_file: Fix pid refcounting race\n\n\u003cmaarten.lankhorst@linux.intel.com\u003e, Maxime Ripard\n\u003cmripard@kernel.org\u003e, Thomas Zimmermann \u003ctzimmermann@suse.de\u003e\n\nfilp-\u003epid is supposed to be a refcounted pointer; however, before this\npatch, drm_file_update_pid() only increments the refcount of a struct\npid after storing a pointer to it in filp-\u003epid and dropping the\ndev-\u003efilelist_mutex, making the following race possible:\n\nprocess A process B\n========= =========\n begin drm_file_update_pid\n mutex_lock(\u0026dev-\u003efilelist_mutex)\n rcu_replace_pointer(filp-\u003epid, \u003cpid B\u003e, 1)\n mutex_unlock(\u0026dev-\u003efilelist_mutex)\nbegin drm_file_update_pid\nmutex_lock(\u0026dev-\u003efilelist_mutex)\nrcu_replace_pointer(filp-\u003epid, \u003cpid A\u003e, 1)\nmutex_unlock(\u0026dev-\u003efilelist_mutex)\nget_pid(\u003cpid A\u003e)\nsynchronize_rcu()\nput_pid(\u003cpid B\u003e) *** pid B reaches refcount 0 and is freed here ***\n get_pid(\u003cpid B\u003e) *** UAF ***\n synchronize_rcu()\n put_pid(\u003cpid A\u003e)\n\nAs far as I know, this race can only occur with CONFIG_PREEMPT_RCU=y\nbecause it requires RCU to detect a quiescent state in code that is not\nexplicitly calling into the scheduler.\n\nThis race leads to use-after-free of a \"struct pid\".\nIt is probably somewhat hard to hit because process A has to pass\nthrough a synchronize_rcu() operation while process B is between\nmutex_unlock() and get_pid().\n\nFix it by ensuring that by the time a pointer to the current task\u0027s pid\nis stored in the file, an extra reference to the pid has been taken.\n\nThis fix also removes the condition for synchronize_rcu(); I think\nthat optimization is unnecessary complexity, since in that case we\nwould usually have bailed out on the lockless check above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39486",
"url": "https://www.suse.com/security/cve/CVE-2024-39486"
},
{
"category": "external",
"summary": "SUSE Bug 1227492 for CVE-2024-39486",
"url": "https://bugzilla.suse.com/1227492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-39486"
},
{
"cve": "CVE-2024-39488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39488"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY\n\nWhen CONFIG_DEBUG_BUGVERBOSE=n, we fail to add necessary padding bytes\nto bug_table entries, and as a result the last entry in a bug table will\nbe ignored, potentially leading to an unexpected panic(). All prior\nentries in the table will be handled correctly.\n\nThe arm64 ABI requires that struct fields of up to 8 bytes are\nnaturally-aligned, with padding added within a struct such that struct\nare suitably aligned within arrays.\n\nWhen CONFIG_DEBUG_BUGVERPOSE=y, the layout of a bug_entry is:\n\n\tstruct bug_entry {\n\t\tsigned int bug_addr_disp;\t// 4 bytes\n\t\tsigned int file_disp;\t// 4 bytes\n\t\tunsigned short line;\t\t// 2 bytes\n\t\tunsigned short flags;\t\t// 2 bytes\n\t}\n\n... with 12 bytes total, requiring 4-byte alignment.\n\nWhen CONFIG_DEBUG_BUGVERBOSE=n, the layout of a bug_entry is:\n\n\tstruct bug_entry {\n\t\tsigned int bug_addr_disp;\t// 4 bytes\n\t\tunsigned short flags;\t\t// 2 bytes\n\t\t\u003c implicit padding \u003e\t\t// 2 bytes\n\t}\n\n... with 8 bytes total, with 6 bytes of data and 2 bytes of trailing\npadding, requiring 4-byte alginment.\n\nWhen we create a bug_entry in assembly, we align the start of the entry\nto 4 bytes, which implicitly handles padding for any prior entries.\nHowever, we do not align the end of the entry, and so when\nCONFIG_DEBUG_BUGVERBOSE=n, the final entry lacks the trailing padding\nbytes.\n\nFor the main kernel image this is not a problem as find_bug() doesn\u0027t\ndepend on the trailing padding bytes when searching for entries:\n\n\tfor (bug = __start___bug_table; bug \u003c __stop___bug_table; ++bug)\n\t\tif (bugaddr == bug_addr(bug))\n\t\t\treturn bug;\n\nHowever for modules, module_bug_finalize() depends on the trailing\nbytes when calculating the number of entries:\n\n\tmod-\u003enum_bugs = sechdrs[i].sh_size / sizeof(struct bug_entry);\n\n... and as the last bug_entry lacks the necessary padding bytes, this entry\nwill not be counted, e.g. in the case of a single entry:\n\n\tsechdrs[i].sh_size == 6\n\tsizeof(struct bug_entry) == 8;\n\n\tsechdrs[i].sh_size / sizeof(struct bug_entry) == 0;\n\nConsequently module_find_bug() will miss the last bug_entry when it does:\n\n\tfor (i = 0; i \u003c mod-\u003enum_bugs; ++i, ++bug)\n\t\tif (bugaddr == bug_addr(bug))\n\t\t\tgoto out;\n\n... which can lead to a kenrel panic due to an unhandled bug.\n\nThis can be demonstrated with the following module:\n\n\tstatic int __init buginit(void)\n\t{\n\t\tWARN(1, \"hello\\n\");\n\t\treturn 0;\n\t}\n\n\tstatic void __exit bugexit(void)\n\t{\n\t}\n\n\tmodule_init(buginit);\n\tmodule_exit(bugexit);\n\tMODULE_LICENSE(\"GPL\");\n\n... which will trigger a kernel panic when loaded:\n\n\t------------[ cut here ]------------\n\thello\n\tUnexpected kernel BRK exception at EL1\n\tInternal error: BRK handler: 00000000f2000800 [#1] PREEMPT SMP\n\tModules linked in: hello(O+)\n\tCPU: 0 PID: 50 Comm: insmod Tainted: G O 6.9.1 #8\n\tHardware name: linux,dummy-virt (DT)\n\tpstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n\tpc : buginit+0x18/0x1000 [hello]\n\tlr : buginit+0x18/0x1000 [hello]\n\tsp : ffff800080533ae0\n\tx29: ffff800080533ae0 x28: 0000000000000000 x27: 0000000000000000\n\tx26: ffffaba8c4e70510 x25: ffff800080533c30 x24: ffffaba8c4a28a58\n\tx23: 0000000000000000 x22: 0000000000000000 x21: ffff3947c0eab3c0\n\tx20: ffffaba8c4e3f000 x19: ffffaba846464000 x18: 0000000000000006\n\tx17: 0000000000000000 x16: ffffaba8c2492834 x15: 0720072007200720\n\tx14: 0720072007200720 x13: ffffaba8c49b27c8 x12: 0000000000000312\n\tx11: 0000000000000106 x10: ffffaba8c4a0a7c8 x9 : ffffaba8c49b27c8\n\tx8 : 00000000ffffefff x7 : ffffaba8c4a0a7c8 x6 : 80000000fffff000\n\tx5 : 0000000000000107 x4 : 0000000000000000 x3 : 0000000000000000\n\tx2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff3947c0eab3c0\n\tCall trace:\n\t buginit+0x18/0x1000 [hello]\n\t do_one_initcall+0x80/0x1c8\n\t do_init_module+0x60/0x218\n\t load_module+0x1ba4/0x1d70\n\t __do_sys_init_module+0x198/0x1d0\n\t __arm64_sys_init_module+0x1c/0x28\n\t invoke_syscall+0x48/0x114\n\t el0_svc\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39488",
"url": "https://www.suse.com/security/cve/CVE-2024-39488"
},
{
"category": "external",
"summary": "SUSE Bug 1227618 for CVE-2024-39488",
"url": "https://bugzilla.suse.com/1227618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-39488"
},
{
"cve": "CVE-2024-39489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39489"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix memleak in seg6_hmac_init_algo\n\nseg6_hmac_init_algo returns without cleaning up the previous allocations\nif one fails, so it\u0027s going to leak all that memory and the crypto tfms.\n\nUpdate seg6_hmac_exit to only free the memory when allocated, so we can\nreuse the code directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39489",
"url": "https://www.suse.com/security/cve/CVE-2024-39489"
},
{
"category": "external",
"summary": "SUSE Bug 1227623 for CVE-2024-39489",
"url": "https://bugzilla.suse.com/1227623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-39489"
},
{
"cve": "CVE-2024-39491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39491"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: cs35l56: Fix lifetime of cs_dsp instance\n\nThe cs_dsp instance is initialized in the driver probe() so it\nshould be freed in the driver remove(). Also fix a missing call\nto cs_dsp_remove() in the error path of cs35l56_hda_common_probe().\n\nThe call to cs_dsp_remove() was being done in the component unbind\ncallback cs35l56_hda_unbind(). This meant that if the driver was\nunbound and then re-bound it would be using an uninitialized cs_dsp\ninstance.\n\nIt is best to initialize the cs_dsp instance in probe() so that it\ncan return an error if it fails. The component binding API doesn\u0027t\nhave any error handling so there\u0027s no way to handle a failure if\ncs_dsp was initialized in the bind.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39491",
"url": "https://www.suse.com/security/cve/CVE-2024-39491"
},
{
"category": "external",
"summary": "SUSE Bug 1227627 for CVE-2024-39491",
"url": "https://bugzilla.suse.com/1227627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-39491"
},
{
"cve": "CVE-2024-39493",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39493"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - Fix ADF_DEV_RESET_SYNC memory leak\n\nUsing completion_done to determine whether the caller has gone\naway only works after a complete call. Furthermore it\u0027s still\npossible that the caller has not yet called wait_for_completion,\nresulting in another potential UAF.\n\nFix this by making the caller use cancel_work_sync and then freeing\nthe memory safely.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39493",
"url": "https://www.suse.com/security/cve/CVE-2024-39493"
},
{
"category": "external",
"summary": "SUSE Bug 1227620 for CVE-2024-39493",
"url": "https://bugzilla.suse.com/1227620"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-39493"
},
{
"cve": "CVE-2024-39497",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39497"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)\n\nLack of check for copy-on-write (COW) mapping in drm_gem_shmem_mmap\nallows users to call mmap with PROT_WRITE and MAP_PRIVATE flag\ncausing a kernel panic due to BUG_ON in vmf_insert_pfn_prot:\nBUG_ON((vma-\u003evm_flags \u0026 VM_PFNMAP) \u0026\u0026 is_cow_mapping(vma-\u003evm_flags));\n\nReturn -EINVAL early if COW mapping is detected.\n\nThis bug affects all drm drivers using default shmem helpers.\nIt can be reproduced by this simple example:\nvoid *ptr = mmap(0, size, PROT_WRITE, MAP_PRIVATE, fd, mmap_offset);\nptr[0] = 0;",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39497",
"url": "https://www.suse.com/security/cve/CVE-2024-39497"
},
{
"category": "external",
"summary": "SUSE Bug 1227722 for CVE-2024-39497",
"url": "https://bugzilla.suse.com/1227722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-39497"
},
{
"cve": "CVE-2024-39499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39499"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmci: prevent speculation leaks by sanitizing event in event_deliver()\n\nCoverity spotted that event_msg is controlled by user-space,\nevent_msg-\u003eevent_data.event is passed to event_deliver() and used\nas an index without sanitization.\n\nThis change ensures that the event index is sanitized to mitigate any\npossibility of speculative information leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.\n\nOnly compile tested, no access to HW.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39499",
"url": "https://www.suse.com/security/cve/CVE-2024-39499"
},
{
"category": "external",
"summary": "SUSE Bug 1227725 for CVE-2024-39499",
"url": "https://bugzilla.suse.com/1227725"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-39499"
},
{
"cve": "CVE-2024-39500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39500"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsock_map: avoid race between sock_map_close and sk_psock_put\n\nsk_psock_get will return NULL if the refcount of psock has gone to 0, which\nwill happen when the last call of sk_psock_put is done. However,\nsk_psock_drop may not have finished yet, so the close callback will still\npoint to sock_map_close despite psock being NULL.\n\nThis can be reproduced with a thread deleting an element from the sock map,\nwhile the second one creates a socket, adds it to the map and closes it.\n\nThat will trigger the WARN_ON_ONCE:\n\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 7220 at net/core/sock_map.c:1701 sock_map_close+0x2a2/0x2d0 net/core/sock_map.c:1701\nModules linked in:\nCPU: 1 PID: 7220 Comm: syz-executor380 Not tainted 6.9.0-syzkaller-07726-g3c999d1ae3c7 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nRIP: 0010:sock_map_close+0x2a2/0x2d0 net/core/sock_map.c:1701\nCode: df e8 92 29 88 f8 48 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 79 29 88 f8 4c 8b 23 eb 89 e8 4f 15 23 f8 90 \u003c0f\u003e 0b 90 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 13 26 3d 02\nRSP: 0018:ffffc9000441fda8 EFLAGS: 00010293\nRAX: ffffffff89731ae1 RBX: ffffffff94b87540 RCX: ffff888029470000\nRDX: 0000000000000000 RSI: ffffffff8bcab5c0 RDI: ffffffff8c1faba0\nRBP: 0000000000000000 R08: ffffffff92f9b61f R09: 1ffffffff25f36c3\nR10: dffffc0000000000 R11: fffffbfff25f36c4 R12: ffffffff89731840\nR13: ffff88804b587000 R14: ffff88804b587000 R15: ffffffff89731870\nFS: 000055555e080380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 00000000207d4000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n unix_release+0x87/0xc0 net/unix/af_unix.c:1048\n __sock_release net/socket.c:659 [inline]\n sock_close+0xbe/0x240 net/socket.c:1421\n __fput+0x42b/0x8a0 fs/file_table.c:422\n __do_sys_close fs/open.c:1556 [inline]\n __se_sys_close fs/open.c:1541 [inline]\n __x64_sys_close+0x7f/0x110 fs/open.c:1541\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fb37d618070\nCode: 00 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d4 e8 10 2c 00 00 80 3d 31 f0 07 00 00 74 17 b8 03 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c\nRSP: 002b:00007ffcd4a525d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000003\nRAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fb37d618070\nRDX: 0000000000000010 RSI: 00000000200001c0 RDI: 0000000000000004\nRBP: 0000000000000000 R08: 0000000100000000 R09: 0000000100000000\nR10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nUse sk_psock, which will only check that the pointer is not been set to\nNULL yet, which should only happen after the callbacks are restored. If,\nthen, a reference can still be gotten, we may call sk_psock_stop and cancel\npsock-\u003ework.\n\nAs suggested by Paolo Abeni, reorder the condition so the control flow is\nless convoluted.\n\nAfter that change, the reproducer does not trigger the WARN_ON_ONCE\nanymore.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39500",
"url": "https://www.suse.com/security/cve/CVE-2024-39500"
},
{
"category": "external",
"summary": "SUSE Bug 1227724 for CVE-2024-39500",
"url": "https://bugzilla.suse.com/1227724"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-39500"
},
{
"cve": "CVE-2024-39501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39501"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39501",
"url": "https://www.suse.com/security/cve/CVE-2024-39501"
},
{
"category": "external",
"summary": "SUSE Bug 1227754 for CVE-2024-39501",
"url": "https://bugzilla.suse.com/1227754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-39501"
},
{
"cve": "CVE-2024-39505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39505"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/komeda: check for error-valued pointer\n\nkomeda_pipeline_get_state() may return an error-valued pointer, thus\ncheck the pointer for negative or null value before dereferencing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39505",
"url": "https://www.suse.com/security/cve/CVE-2024-39505"
},
{
"category": "external",
"summary": "SUSE Bug 1227728 for CVE-2024-39505",
"url": "https://bugzilla.suse.com/1227728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-39505"
},
{
"cve": "CVE-2024-39506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39506"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nliquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet\n\nIn lio_vf_rep_copy_packet() pg_info-\u003epage is compared to a NULL value,\nbut then it is unconditionally passed to skb_add_rx_frag() which looks\nstrange and could lead to null pointer dereference.\n\nlio_vf_rep_copy_packet() call trace looks like:\n\tocteon_droq_process_packets\n\t octeon_droq_fast_process_packets\n\t octeon_droq_dispatch_pkt\n\t octeon_create_recv_info\n\t ...search in the dispatch_list...\n\t -\u003edisp_fn(rdisp-\u003erinfo, ...)\n\t lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...)\nIn this path there is no code which sets pg_info-\u003epage to NULL.\nSo this check looks unneeded and doesn\u0027t solve potential problem.\nBut I guess the author had reason to add a check and I have no such card\nand can\u0027t do real test.\nIn addition, the code in the function liquidio_push_packet() in\nliquidio/lio_core.c does exactly the same.\n\nBased on this, I consider the most acceptable compromise solution to\nadjust this issue by moving skb_add_rx_frag() into conditional scope.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39506",
"url": "https://www.suse.com/security/cve/CVE-2024-39506"
},
{
"category": "external",
"summary": "SUSE Bug 1227729 for CVE-2024-39506",
"url": "https://bugzilla.suse.com/1227729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-39506"
},
{
"cve": "CVE-2024-39508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39508"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/io-wq: Use set_bit() and test_bit() at worker-\u003eflags\n\nUtilize set_bit() and test_bit() on worker-\u003eflags within io_uring/io-wq\nto address potential data races.\n\nThe structure io_worker-\u003eflags may be accessed through various data\npaths, leading to concurrency issues. When KCSAN is enabled, it reveals\ndata races occurring in io_worker_handle_work and\nio_wq_activate_free_worker functions.\n\n\t BUG: KCSAN: data-race in io_worker_handle_work / io_wq_activate_free_worker\n\t write to 0xffff8885c4246404 of 4 bytes by task 49071 on cpu 28:\n\t io_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569)\n\t io_wq_worker (io_uring/io-wq.c:?)\n\u003csnip\u003e\n\n\t read to 0xffff8885c4246404 of 4 bytes by task 49024 on cpu 5:\n\t io_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285)\n\t io_wq_enqueue (io_uring/io-wq.c:947)\n\t io_queue_iowq (io_uring/io_uring.c:524)\n\t io_req_task_submit (io_uring/io_uring.c:1511)\n\t io_handle_tw_list (io_uring/io_uring.c:1198)\n\u003csnip\u003e\n\nLine numbers against commit 18daea77cca6 (\"Merge tag \u0027for-linus\u0027 of\ngit://git.kernel.org/pub/scm/virt/kvm/kvm\").\n\nThese races involve writes and reads to the same memory location by\ndifferent tasks running on different CPUs. To mitigate this, refactor\nthe code to use atomic operations such as set_bit(), test_bit(), and\nclear_bit() instead of basic \"and\" and \"or\" operations. This ensures\nthread-safe manipulation of worker flags.\n\nAlso, move `create_index` to avoid holes in the structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39508",
"url": "https://www.suse.com/security/cve/CVE-2024-39508"
},
{
"category": "external",
"summary": "SUSE Bug 1227732 for CVE-2024-39508",
"url": "https://bugzilla.suse.com/1227732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-39508"
},
{
"cve": "CVE-2024-39509",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39509"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: remove unnecessary WARN_ON() in implement()\n\nSyzkaller hit a warning [1] in a call to implement() when trying\nto write a value into a field of smaller size in an output report.\n\nSince implement() already has a warn message printed out with the\nhelp of hid_warn() and value in question gets trimmed with:\n\t...\n\tvalue \u0026= m;\n\t...\nWARN_ON may be considered superfluous. Remove it to suppress future\nsyzkaller triggers.\n\n[1]\nWARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 implement drivers/hid/hid-core.c:1451 [inline]\nWARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863\nModules linked in:\nCPU: 0 PID: 5084 Comm: syz-executor424 Not tainted 6.9.0-rc7-syzkaller-00183-gcf87f46fd34d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nRIP: 0010:implement drivers/hid/hid-core.c:1451 [inline]\nRIP: 0010:hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863\n...\nCall Trace:\n \u003cTASK\u003e\n __usbhid_submit_report drivers/hid/usbhid/hid-core.c:591 [inline]\n usbhid_submit_report+0x43d/0x9e0 drivers/hid/usbhid/hid-core.c:636\n hiddev_ioctl+0x138b/0x1f00 drivers/hid/usbhid/hiddev.c:726\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39509",
"url": "https://www.suse.com/security/cve/CVE-2024-39509"
},
{
"category": "external",
"summary": "SUSE Bug 1227733 for CVE-2024-39509",
"url": "https://bugzilla.suse.com/1227733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-39509"
},
{
"cve": "CVE-2024-39510",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39510"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read()\n\nWe got the following issue in a fuzz test of randomly issuing the restore\ncommand:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in cachefiles_ondemand_daemon_read+0xb41/0xb60\nRead of size 8 at addr ffff888122e84088 by task ondemand-04-dae/963\n\nCPU: 13 PID: 963 Comm: ondemand-04-dae Not tainted 6.8.0-dirty #564\nCall Trace:\n kasan_report+0x93/0xc0\n cachefiles_ondemand_daemon_read+0xb41/0xb60\n vfs_read+0x169/0xb50\n ksys_read+0xf5/0x1e0\n\nAllocated by task 116:\n kmem_cache_alloc+0x140/0x3a0\n cachefiles_lookup_cookie+0x140/0xcd0\n fscache_cookie_state_machine+0x43c/0x1230\n [...]\n\nFreed by task 792:\n kmem_cache_free+0xfe/0x390\n cachefiles_put_object+0x241/0x480\n fscache_cookie_state_machine+0x5c8/0x1230\n [...]\n==================================================================\n\nFollowing is the process that triggers the issue:\n\n mount | daemon_thread1 | daemon_thread2\n------------------------------------------------------------\ncachefiles_withdraw_cookie\n cachefiles_ondemand_clean_object(object)\n cachefiles_ondemand_send_req\n REQ_A = kzalloc(sizeof(*req) + data_len)\n wait_for_completion(\u0026REQ_A-\u003edone)\n\n cachefiles_daemon_read\n cachefiles_ondemand_daemon_read\n REQ_A = cachefiles_ondemand_select_req\n msg-\u003eobject_id = req-\u003eobject-\u003eondemand-\u003eondemand_id\n ------ restore ------\n cachefiles_ondemand_restore\n xas_for_each(\u0026xas, req, ULONG_MAX)\n xas_set_mark(\u0026xas, CACHEFILES_REQ_NEW)\n\n cachefiles_daemon_read\n cachefiles_ondemand_daemon_read\n REQ_A = cachefiles_ondemand_select_req\n copy_to_user(_buffer, msg, n)\n xa_erase(\u0026cache-\u003ereqs, id)\n complete(\u0026REQ_A-\u003edone)\n ------ close(fd) ------\n cachefiles_ondemand_fd_release\n cachefiles_put_object\n cachefiles_put_object\n kmem_cache_free(cachefiles_object_jar, object)\n REQ_A-\u003eobject-\u003eondemand-\u003eondemand_id\n // object UAF !!!\n\nWhen we see the request within xa_lock, req-\u003eobject must not have been\nfreed yet, so grab the reference count of object before xa_unlock to\navoid the above issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39510",
"url": "https://www.suse.com/security/cve/CVE-2024-39510"
},
{
"category": "external",
"summary": "SUSE Bug 1227734 for CVE-2024-39510",
"url": "https://bugzilla.suse.com/1227734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-39510"
},
{
"cve": "CVE-2024-40899",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40899"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd()\n\nWe got the following issue in a fuzz test of randomly issuing the restore\ncommand:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in cachefiles_ondemand_daemon_read+0x609/0xab0\nWrite of size 4 at addr ffff888109164a80 by task ondemand-04-dae/4962\n\nCPU: 11 PID: 4962 Comm: ondemand-04-dae Not tainted 6.8.0-rc7-dirty #542\nCall Trace:\n kasan_report+0x94/0xc0\n cachefiles_ondemand_daemon_read+0x609/0xab0\n vfs_read+0x169/0xb50\n ksys_read+0xf5/0x1e0\n\nAllocated by task 626:\n __kmalloc+0x1df/0x4b0\n cachefiles_ondemand_send_req+0x24d/0x690\n cachefiles_create_tmpfile+0x249/0xb30\n cachefiles_create_file+0x6f/0x140\n cachefiles_look_up_object+0x29c/0xa60\n cachefiles_lookup_cookie+0x37d/0xca0\n fscache_cookie_state_machine+0x43c/0x1230\n [...]\n\nFreed by task 626:\n kfree+0xf1/0x2c0\n cachefiles_ondemand_send_req+0x568/0x690\n cachefiles_create_tmpfile+0x249/0xb30\n cachefiles_create_file+0x6f/0x140\n cachefiles_look_up_object+0x29c/0xa60\n cachefiles_lookup_cookie+0x37d/0xca0\n fscache_cookie_state_machine+0x43c/0x1230\n [...]\n==================================================================\n\nFollowing is the process that triggers the issue:\n\n mount | daemon_thread1 | daemon_thread2\n------------------------------------------------------------\n cachefiles_ondemand_init_object\n cachefiles_ondemand_send_req\n REQ_A = kzalloc(sizeof(*req) + data_len)\n wait_for_completion(\u0026REQ_A-\u003edone)\n\n cachefiles_daemon_read\n cachefiles_ondemand_daemon_read\n REQ_A = cachefiles_ondemand_select_req\n cachefiles_ondemand_get_fd\n copy_to_user(_buffer, msg, n)\n process_open_req(REQ_A)\n ------ restore ------\n cachefiles_ondemand_restore\n xas_for_each(\u0026xas, req, ULONG_MAX)\n xas_set_mark(\u0026xas, CACHEFILES_REQ_NEW);\n\n cachefiles_daemon_read\n cachefiles_ondemand_daemon_read\n REQ_A = cachefiles_ondemand_select_req\n\n write(devfd, (\"copen %u,%llu\", msg-\u003emsg_id, size));\n cachefiles_ondemand_copen\n xa_erase(\u0026cache-\u003ereqs, id)\n complete(\u0026REQ_A-\u003edone)\n kfree(REQ_A)\n cachefiles_ondemand_get_fd(REQ_A)\n fd = get_unused_fd_flags\n file = anon_inode_getfile\n fd_install(fd, file)\n load = (void *)REQ_A-\u003emsg.data;\n load-\u003efd = fd;\n // load UAF !!!\n\nThis issue is caused by issuing a restore command when the daemon is still\nalive, which results in a request being processed multiple times thus\ntriggering a UAF. So to avoid this problem, add an additional reference\ncount to cachefiles_req, which is held while waiting and reading, and then\nreleased when the waiting and reading is over.\n\nNote that since there is only one reference count for waiting, we need to\navoid the same request being completed multiple times, so we can only\ncomplete the request if it is successfully removed from the xarray.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40899",
"url": "https://www.suse.com/security/cve/CVE-2024-40899"
},
{
"category": "external",
"summary": "SUSE Bug 1227758 for CVE-2024-40899",
"url": "https://bugzilla.suse.com/1227758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40899"
},
{
"cve": "CVE-2024-40900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: remove requests from xarray during flushing requests\n\nEven with CACHEFILES_DEAD set, we can still read the requests, so in the\nfollowing concurrency the request may be used after it has been freed:\n\n mount | daemon_thread1 | daemon_thread2\n------------------------------------------------------------\n cachefiles_ondemand_init_object\n cachefiles_ondemand_send_req\n REQ_A = kzalloc(sizeof(*req) + data_len)\n wait_for_completion(\u0026REQ_A-\u003edone)\n cachefiles_daemon_read\n cachefiles_ondemand_daemon_read\n // close dev fd\n cachefiles_flush_reqs\n complete(\u0026REQ_A-\u003edone)\n kfree(REQ_A)\n xa_lock(\u0026cache-\u003ereqs);\n cachefiles_ondemand_select_req\n req-\u003emsg.opcode != CACHEFILES_OP_READ\n // req use-after-free !!!\n xa_unlock(\u0026cache-\u003ereqs);\n xa_destroy(\u0026cache-\u003ereqs)\n\nHence remove requests from cache-\u003ereqs when flushing them to avoid\naccessing freed requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40900",
"url": "https://www.suse.com/security/cve/CVE-2024-40900"
},
{
"category": "external",
"summary": "SUSE Bug 1227760 for CVE-2024-40900",
"url": "https://bugzilla.suse.com/1227760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40900"
},
{
"cve": "CVE-2024-40902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: xattr: fix buffer overflow for invalid xattr\n\nWhen an xattr size is not what is expected, it is printed out to the\nkernel log in hex format as a form of debugging. But when that xattr\nsize is bigger than the expected size, printing it out can cause an\naccess off the end of the buffer.\n\nFix this all up by properly restricting the size of the debug hex dump\nin the kernel log.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40902",
"url": "https://www.suse.com/security/cve/CVE-2024-40902"
},
{
"category": "external",
"summary": "SUSE Bug 1227764 for CVE-2024-40902",
"url": "https://bugzilla.suse.com/1227764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40902"
},
{
"cve": "CVE-2024-40903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40903"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps\n\nThere could be a potential use-after-free case in\ntcpm_register_source_caps(). This could happen when:\n * new (say invalid) source caps are advertised\n * the existing source caps are unregistered\n * tcpm_register_source_caps() returns with an error as\n usb_power_delivery_register_capabilities() fails\n\nThis causes port-\u003epartner_source_caps to hold on to the now freed source\ncaps.\n\nReset port-\u003epartner_source_caps value to NULL after unregistering\nexisting source caps.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40903",
"url": "https://www.suse.com/security/cve/CVE-2024-40903"
},
{
"category": "external",
"summary": "SUSE Bug 1227766 for CVE-2024-40903",
"url": "https://bugzilla.suse.com/1227766"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40903"
},
{
"cve": "CVE-2024-40904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40904"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages\n\nThe syzbot fuzzer found that the interrupt-URB completion callback in\nthe cdc-wdm driver was taking too long, and the driver\u0027s immediate\nresubmission of interrupt URBs with -EPROTO status combined with the\ndummy-hcd emulation to cause a CPU lockup:\n\ncdc_wdm 1-1:1.0: nonzero urb status received: -71\ncdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes\nwatchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]\nCPU#0 Utilization every 4s during lockup:\n\t#1: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#2: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#3: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#4: 98% system,\t 0% softirq,\t 3% hardirq,\t 0% idle\n\t#5: 98% system,\t 1% softirq,\t 3% hardirq,\t 0% idle\nModules linked in:\nirq event stamp: 73096\nhardirqs last enabled at (73095): [\u003cffff80008037bc00\u003e] console_emit_next_record kernel/printk/printk.c:2935 [inline]\nhardirqs last enabled at (73095): [\u003cffff80008037bc00\u003e] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994\nhardirqs last disabled at (73096): [\u003cffff80008af10b00\u003e] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\nhardirqs last disabled at (73096): [\u003cffff80008af10b00\u003e] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\nsoftirqs last enabled at (73048): [\u003cffff8000801ea530\u003e] softirq_handle_end kernel/softirq.c:400 [inline]\nsoftirqs last enabled at (73048): [\u003cffff8000801ea530\u003e] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582\nsoftirqs last disabled at (73043): [\u003cffff800080020de8\u003e] __do_softirq+0x14/0x20 kernel/softirq.c:588\nCPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n\nTesting showed that the problem did not occur if the two error\nmessages -- the first two lines above -- were removed; apparently adding\nmaterial to the kernel log takes a surprisingly large amount of time.\n\nIn any case, the best approach for preventing these lockups and to\navoid spamming the log with thousands of error messages per second is\nto ratelimit the two dev_err() calls. Therefore we replace them with\ndev_err_ratelimited().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40904",
"url": "https://www.suse.com/security/cve/CVE-2024-40904"
},
{
"category": "external",
"summary": "SUSE Bug 1227772 for CVE-2024-40904",
"url": "https://bugzilla.suse.com/1227772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40904"
},
{
"cve": "CVE-2024-40905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible race in __fib6_drop_pcpu_from()\n\nsyzbot found a race in __fib6_drop_pcpu_from() [1]\n\nIf compiler reads more than once (*ppcpu_rt),\nsecond read could read NULL, if another cpu clears\nthe value in rt6_get_pcpu_route().\n\nAdd a READ_ONCE() to prevent this race.\n\nAlso add rcu_read_lock()/rcu_read_unlock() because\nwe rely on RCU protection while dereferencing pcpu_rt.\n\n[1]\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]\nCPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nWorkqueue: netns cleanup_net\n RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984\nCode: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 \u003c80\u003e 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48\nRSP: 0018:ffffc900040df070 EFLAGS: 00010206\nRAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16\nRDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091\nRBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007\nR10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8\nR13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001\nFS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline]\n fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline]\n fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038\n fib6_del_route net/ipv6/ip6_fib.c:1998 [inline]\n fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043\n fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205\n fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127\n fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175\n fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255\n __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271\n rt6_sync_down_dev net/ipv6/route.c:4906 [inline]\n rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911\n addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855\n addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778\n notifier_call_chain+0xb9/0x410 kernel/notifier.c:93\n call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992\n call_netdevice_notifiers_extack net/core/dev.c:2030 [inline]\n call_netdevice_notifiers net/core/dev.c:2044 [inline]\n dev_close_many+0x333/0x6a0 net/core/dev.c:1585\n unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193\n unregister_netdevice_many net/core/dev.c:11276 [inline]\n default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40905",
"url": "https://www.suse.com/security/cve/CVE-2024-40905"
},
{
"category": "external",
"summary": "SUSE Bug 1227761 for CVE-2024-40905",
"url": "https://bugzilla.suse.com/1227761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40905"
},
{
"cve": "CVE-2024-40909",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40909"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a potential use-after-free in bpf_link_free()\n\nAfter commit 1a80dbcb2dba, bpf_link can be freed by\nlink-\u003eops-\u003edealloc_deferred, but the code still tests and uses\nlink-\u003eops-\u003edealloc afterward, which leads to a use-after-free as\nreported by syzbot. Actually, one of them should be sufficient, so\njust call one of them instead of both. Also add a WARN_ON() in case\nof any problematic implementation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40909",
"url": "https://www.suse.com/security/cve/CVE-2024-40909"
},
{
"category": "external",
"summary": "SUSE Bug 1227798 for CVE-2024-40909",
"url": "https://bugzilla.suse.com/1227798"
},
{
"category": "external",
"summary": "SUSE Bug 1228349 for CVE-2024-40909",
"url": "https://bugzilla.suse.com/1228349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-40909"
},
{
"cve": "CVE-2024-40910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix refcount imbalance on inbound connections\n\nWhen releasing a socket in ax25_release(), we call netdev_put() to\ndecrease the refcount on the associated ax.25 device. However, the\nexecution path for accepting an incoming connection never calls\nnetdev_hold(). This imbalance leads to refcount errors, and ultimately\nto kernel crashes.\n\nA typical call trace for the above situation will start with one of the\nfollowing errors:\n\n refcount_t: decrement hit 0; leaking memory.\n refcount_t: underflow; use-after-free.\n\nAnd will then have a trace like:\n\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x64/0x70\n ? __warn+0x83/0x120\n ? refcount_warn_saturate+0xb2/0x100\n ? report_bug+0x158/0x190\n ? prb_read_valid+0x20/0x30\n ? handle_bug+0x3e/0x70\n ? exc_invalid_op+0x1c/0x70\n ? asm_exc_invalid_op+0x1f/0x30\n ? refcount_warn_saturate+0xb2/0x100\n ? refcount_warn_saturate+0xb2/0x100\n ax25_release+0x2ad/0x360\n __sock_release+0x35/0xa0\n sock_close+0x19/0x20\n [...]\n\nOn reboot (or any attempt to remove the interface), the kernel gets\nstuck in an infinite loop:\n\n unregister_netdevice: waiting for ax0 to become free. Usage count = 0\n\nThis patch corrects these issues by ensuring that we call netdev_hold()\nand ax25_dev_hold() for new connections in ax25_accept(). This makes the\nlogic leading to ax25_accept() match the logic for ax25_bind(): in both\ncases we increment the refcount, which is ultimately decremented in\nax25_release().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40910",
"url": "https://www.suse.com/security/cve/CVE-2024-40910"
},
{
"category": "external",
"summary": "SUSE Bug 1227832 for CVE-2024-40910",
"url": "https://bugzilla.suse.com/1227832"
},
{
"category": "external",
"summary": "SUSE Bug 1227902 for CVE-2024-40910",
"url": "https://bugzilla.suse.com/1227902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-40910"
},
{
"cve": "CVE-2024-40911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: Lock wiphy in cfg80211_get_station\n\nWiphy should be locked before calling rdev_get_station() (see lockdep\nassert in ieee80211_get_station()).\n\nThis fixes the following kernel NULL dereference:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050\n Mem abort info:\n ESR = 0x0000000096000006\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x06: level 2 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000006\n CM = 0, WnR = 0\n user pgtable: 4k pages, 48-bit VAs, pgdp=0000000003001000\n [0000000000000050] pgd=0800000002dca003, p4d=0800000002dca003, pud=08000000028e9003, pmd=0000000000000000\n Internal error: Oops: 0000000096000006 [#1] SMP\n Modules linked in: netconsole dwc3_meson_g12a dwc3_of_simple dwc3 ip_gre gre ath10k_pci ath10k_core ath9k ath9k_common ath9k_hw ath\n CPU: 0 PID: 1091 Comm: kworker/u8:0 Not tainted 6.4.0-02144-g565f9a3a7911-dirty #705\n Hardware name: RPT (r1) (DT)\n Workqueue: bat_events batadv_v_elp_throughput_metric_update\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : ath10k_sta_statistics+0x10/0x2dc [ath10k_core]\n lr : sta_set_sinfo+0xcc/0xbd4\n sp : ffff000007b43ad0\n x29: ffff000007b43ad0 x28: ffff0000071fa900 x27: ffff00000294ca98\n x26: ffff000006830880 x25: ffff000006830880 x24: ffff00000294c000\n x23: 0000000000000001 x22: ffff000007b43c90 x21: ffff800008898acc\n x20: ffff00000294c6e8 x19: ffff000007b43c90 x18: 0000000000000000\n x17: 445946354d552d78 x16: 62661f7200000000 x15: 57464f445946354d\n x14: 0000000000000000 x13: 00000000000000e3 x12: d5f0acbcebea978e\n x11: 00000000000000e3 x10: 000000010048fe41 x9 : 0000000000000000\n x8 : ffff000007b43d90 x7 : 000000007a1e2125 x6 : 0000000000000000\n x5 : ffff0000024e0900 x4 : ffff800000a0250c x3 : ffff000007b43c90\n x2 : ffff00000294ca98 x1 : ffff000006831920 x0 : 0000000000000000\n Call trace:\n ath10k_sta_statistics+0x10/0x2dc [ath10k_core]\n sta_set_sinfo+0xcc/0xbd4\n ieee80211_get_station+0x2c/0x44\n cfg80211_get_station+0x80/0x154\n batadv_v_elp_get_throughput+0x138/0x1fc\n batadv_v_elp_throughput_metric_update+0x1c/0xa4\n process_one_work+0x1ec/0x414\n worker_thread+0x70/0x46c\n kthread+0xdc/0xe0\n ret_from_fork+0x10/0x20\n Code: a9bb7bfd 910003fd a90153f3 f9411c40 (f9402814)\n\nThis happens because STA has time to disconnect and reconnect before\nbatadv_v_elp_throughput_metric_update() delayed work gets scheduled. In\nthis situation, ath10k_sta_state() can be in the middle of resetting\narsta data when the work queue get chance to be scheduled and ends up\naccessing it. Locking wiphy prevents that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40911",
"url": "https://www.suse.com/security/cve/CVE-2024-40911"
},
{
"category": "external",
"summary": "SUSE Bug 1227792 for CVE-2024-40911",
"url": "https://bugzilla.suse.com/1227792"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40911"
},
{
"cve": "CVE-2024-40912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40912"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()\n\nThe ieee80211_sta_ps_deliver_wakeup() function takes sta-\u003eps_lock to\nsynchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from\nsoftirq context. However using only spin_lock() to get sta-\u003eps_lock in\nieee80211_sta_ps_deliver_wakeup() does not prevent softirq to execute\non this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try to\ntake this same lock ending in deadlock. Below is an example of rcu stall\nthat arises in such situation.\n\n rcu: INFO: rcu_sched self-detected stall on CPU\n rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996\n rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4)\n CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742\n Hardware name: RPT (r1) (DT)\n pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : queued_spin_lock_slowpath+0x58/0x2d0\n lr : invoke_tx_handlers_early+0x5b4/0x5c0\n sp : ffff00001ef64660\n x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8\n x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000\n x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000\n x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000\n x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80\n x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da\n x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440\n x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880\n x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8\n Call trace:\n queued_spin_lock_slowpath+0x58/0x2d0\n ieee80211_tx+0x80/0x12c\n ieee80211_tx_pending+0x110/0x278\n tasklet_action_common.constprop.0+0x10c/0x144\n tasklet_action+0x20/0x28\n _stext+0x11c/0x284\n ____do_softirq+0xc/0x14\n call_on_irq_stack+0x24/0x34\n do_softirq_own_stack+0x18/0x20\n do_softirq+0x74/0x7c\n __local_bh_enable_ip+0xa0/0xa4\n _ieee80211_wake_txqs+0x3b0/0x4b8\n __ieee80211_wake_queue+0x12c/0x168\n ieee80211_add_pending_skbs+0xec/0x138\n ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480\n ieee80211_mps_sta_status_update.part.0+0xd8/0x11c\n ieee80211_mps_sta_status_update+0x18/0x24\n sta_apply_parameters+0x3bc/0x4c0\n ieee80211_change_station+0x1b8/0x2dc\n nl80211_set_station+0x444/0x49c\n genl_family_rcv_msg_doit.isra.0+0xa4/0xfc\n genl_rcv_msg+0x1b0/0x244\n netlink_rcv_skb+0x38/0x10c\n genl_rcv+0x34/0x48\n netlink_unicast+0x254/0x2bc\n netlink_sendmsg+0x190/0x3b4\n ____sys_sendmsg+0x1e8/0x218\n ___sys_sendmsg+0x68/0x8c\n __sys_sendmsg+0x44/0x84\n __arm64_sys_sendmsg+0x20/0x28\n do_el0_svc+0x6c/0xe8\n el0_svc+0x14/0x48\n el0t_64_sync_handler+0xb0/0xb4\n el0t_64_sync+0x14c/0x150\n\nUsing spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raise\non the same CPU that is holding the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40912",
"url": "https://www.suse.com/security/cve/CVE-2024-40912"
},
{
"category": "external",
"summary": "SUSE Bug 1227790 for CVE-2024-40912",
"url": "https://bugzilla.suse.com/1227790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40912"
},
{
"cve": "CVE-2024-40913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40913"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: defer exposing anon_fd until after copy_to_user() succeeds\n\nAfter installing the anonymous fd, we can now see it in userland and close\nit. However, at this point we may not have gotten the reference count of\nthe cache, but we will put it during colse fd, so this may cause a cache\nUAF.\n\nSo grab the cache reference count before fd_install(). In addition, by\nkernel convention, fd is taken over by the user land after fd_install(),\nand the kernel should not call close_fd() after that, i.e., it should call\nfd_install() after everything is ready, thus fd_install() is called after\ncopy_to_user() succeeds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40913",
"url": "https://www.suse.com/security/cve/CVE-2024-40913"
},
{
"category": "external",
"summary": "SUSE Bug 1227839 for CVE-2024-40913",
"url": "https://bugzilla.suse.com/1227839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40913"
},
{
"cve": "CVE-2024-40916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40916"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found\n\nWhen reading EDID fails and driver reports no modes available, the DRM\ncore adds an artificial 1024x786 mode to the connector. Unfortunately\nsome variants of the Exynos HDMI (like the one in Exynos4 SoCs) are not\nable to drive such mode, so report a safe 640x480 mode instead of nothing\nin case of the EDID reading failure.\n\nThis fixes the following issue observed on Trats2 board since commit\n13d5b040363c (\"drm/exynos: do not return negative values from .get_modes()\"):\n\n[drm] Exynos DRM: using 11c00000.fimd device for DMA mapping operations\nexynos-drm exynos-drm: bound 11c00000.fimd (ops fimd_component_ops)\nexynos-drm exynos-drm: bound 12c10000.mixer (ops mixer_component_ops)\nexynos-dsi 11c80000.dsi: [drm:samsung_dsim_host_attach] Attached s6e8aa0 device (lanes:4 bpp:24 mode-flags:0x10b)\nexynos-drm exynos-drm: bound 11c80000.dsi (ops exynos_dsi_component_ops)\nexynos-drm exynos-drm: bound 12d00000.hdmi (ops hdmi_component_ops)\n[drm] Initialized exynos 1.1.0 20180330 for exynos-drm on minor 1\nexynos-hdmi 12d00000.hdmi: [drm:hdmiphy_enable.part.0] *ERROR* PLL could not reach steady state\npanel-samsung-s6e8aa0 11c80000.dsi.0: ID: 0xa2, 0x20, 0x8c\nexynos-mixer 12c10000.mixer: timeout waiting for VSYNC\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 11 at drivers/gpu/drm/drm_atomic_helper.c:1682 drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8\n[CRTC:70:crtc-1] vblank wait timed out\nModules linked in:\nCPU: 1 PID: 11 Comm: kworker/u16:0 Not tainted 6.9.0-rc5-next-20240424 #14913\nHardware name: Samsung Exynos (Flattened Device Tree)\nWorkqueue: events_unbound deferred_probe_work_func\nCall trace:\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x68/0x88\n dump_stack_lvl from __warn+0x7c/0x1c4\n __warn from warn_slowpath_fmt+0x11c/0x1a8\n warn_slowpath_fmt from drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8\n drm_atomic_helper_wait_for_vblanks.part.0 from drm_atomic_helper_commit_tail_rpm+0x7c/0x8c\n drm_atomic_helper_commit_tail_rpm from commit_tail+0x9c/0x184\n commit_tail from drm_atomic_helper_commit+0x168/0x190\n drm_atomic_helper_commit from drm_atomic_commit+0xb4/0xe0\n drm_atomic_commit from drm_client_modeset_commit_atomic+0x23c/0x27c\n drm_client_modeset_commit_atomic from drm_client_modeset_commit_locked+0x60/0x1cc\n drm_client_modeset_commit_locked from drm_client_modeset_commit+0x24/0x40\n drm_client_modeset_commit from __drm_fb_helper_restore_fbdev_mode_unlocked+0x9c/0xc4\n __drm_fb_helper_restore_fbdev_mode_unlocked from drm_fb_helper_set_par+0x2c/0x3c\n drm_fb_helper_set_par from fbcon_init+0x3d8/0x550\n fbcon_init from visual_init+0xc0/0x108\n visual_init from do_bind_con_driver+0x1b8/0x3a4\n do_bind_con_driver from do_take_over_console+0x140/0x1ec\n do_take_over_console from do_fbcon_takeover+0x70/0xd0\n do_fbcon_takeover from fbcon_fb_registered+0x19c/0x1ac\n fbcon_fb_registered from register_framebuffer+0x190/0x21c\n register_framebuffer from __drm_fb_helper_initial_config_and_unlock+0x350/0x574\n __drm_fb_helper_initial_config_and_unlock from exynos_drm_fbdev_client_hotplug+0x6c/0xb0\n exynos_drm_fbdev_client_hotplug from drm_client_register+0x58/0x94\n drm_client_register from exynos_drm_bind+0x160/0x190\n exynos_drm_bind from try_to_bring_up_aggregate_device+0x200/0x2d8\n try_to_bring_up_aggregate_device from __component_add+0xb0/0x170\n __component_add from mixer_probe+0x74/0xcc\n mixer_probe from platform_probe+0x5c/0xb8\n platform_probe from really_probe+0xe0/0x3d8\n really_probe from __driver_probe_device+0x9c/0x1e4\n __driver_probe_device from driver_probe_device+0x30/0xc0\n driver_probe_device from __device_attach_driver+0xa8/0x120\n __device_attach_driver from bus_for_each_drv+0x80/0xcc\n bus_for_each_drv from __device_attach+0xac/0x1fc\n __device_attach from bus_probe_device+0x8c/0x90\n bus_probe_device from deferred_probe_work_func+0\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40916",
"url": "https://www.suse.com/security/cve/CVE-2024-40916"
},
{
"category": "external",
"summary": "SUSE Bug 1227846 for CVE-2024-40916",
"url": "https://bugzilla.suse.com/1227846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40916"
},
{
"cve": "CVE-2024-40920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40920"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mst: fix suspicious rcu usage in br_mst_set_state\n\nI converted br_mst_set_state to RCU to avoid a vlan use-after-free\nbut forgot to change the vlan group dereference helper. Switch to vlan\ngroup RCU deref helper to fix the suspicious rcu usage warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40920",
"url": "https://www.suse.com/security/cve/CVE-2024-40920"
},
{
"category": "external",
"summary": "SUSE Bug 1227781 for CVE-2024-40920",
"url": "https://bugzilla.suse.com/1227781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40920"
},
{
"cve": "CVE-2024-40921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40921"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mst: pass vlan group directly to br_mst_vlan_set_state\n\nPass the already obtained vlan group pointer to br_mst_vlan_set_state()\ninstead of dereferencing it again. Each caller has already correctly\ndereferenced it for their context. This change is required for the\nfollowing suspicious RCU dereference fix. No functional changes\nintended.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40921",
"url": "https://www.suse.com/security/cve/CVE-2024-40921"
},
{
"category": "external",
"summary": "SUSE Bug 1227784 for CVE-2024-40921",
"url": "https://bugzilla.suse.com/1227784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40921"
},
{
"cve": "CVE-2024-40922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40922"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rsrc: don\u0027t lock while !TASK_RUNNING\n\nThere is a report of io_rsrc_ref_quiesce() locking a mutex while not\nTASK_RUNNING, which is due to forgetting restoring the state back after\nio_run_task_work_sig() and attempts to break out of the waiting loop.\n\ndo not call blocking ops when !TASK_RUNNING; state=1 set at\n[\u003cffffffff815d2494\u003e] prepare_to_wait+0xa4/0x380\nkernel/sched/wait.c:237\nWARNING: CPU: 2 PID: 397056 at kernel/sched/core.c:10099\n__might_sleep+0x114/0x160 kernel/sched/core.c:10099\nRIP: 0010:__might_sleep+0x114/0x160 kernel/sched/core.c:10099\nCall Trace:\n \u003cTASK\u003e\n __mutex_lock_common kernel/locking/mutex.c:585 [inline]\n __mutex_lock+0xb4/0x940 kernel/locking/mutex.c:752\n io_rsrc_ref_quiesce+0x590/0x940 io_uring/rsrc.c:253\n io_sqe_buffers_unregister+0xa2/0x340 io_uring/rsrc.c:799\n __io_uring_register io_uring/register.c:424 [inline]\n __do_sys_io_uring_register+0x5b9/0x2400 io_uring/register.c:613\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd8/0x270 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6f/0x77",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40922",
"url": "https://www.suse.com/security/cve/CVE-2024-40922"
},
{
"category": "external",
"summary": "SUSE Bug 1227785 for CVE-2024-40922",
"url": "https://bugzilla.suse.com/1227785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "low"
}
],
"title": "CVE-2024-40922"
},
{
"cve": "CVE-2024-40924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/dpt: Make DPT object unshrinkable\n\nIn some scenarios, the DPT object gets shrunk but\nthe actual framebuffer did not and thus its still\nthere on the DPT\u0027s vm-\u003ebound_list. Then it tries to\nrewrite the PTEs via a stale CPU mapping. This causes panic.\n\n[vsyrjala: Add TODO comment]\n(cherry picked from commit 51064d471c53dcc8eddd2333c3f1c1d9131ba36c)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40924",
"url": "https://www.suse.com/security/cve/CVE-2024-40924"
},
{
"category": "external",
"summary": "SUSE Bug 1227787 for CVE-2024-40924",
"url": "https://bugzilla.suse.com/1227787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40924"
},
{
"cve": "CVE-2024-40926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40926"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: don\u0027t attempt to schedule hpd_work on headless cards\n\nIf the card doesn\u0027t have display hardware, hpd_work and hpd_lock are\nleft uninitialized which causes BUG when attempting to schedule hpd_work\non runtime PM resume.\n\nFix it by adding headless flag to DRM and skip any hpd if it\u0027s set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40926",
"url": "https://www.suse.com/security/cve/CVE-2024-40926"
},
{
"category": "external",
"summary": "SUSE Bug 1227791 for CVE-2024-40926",
"url": "https://bugzilla.suse.com/1227791"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40926"
},
{
"cve": "CVE-2024-40927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Handle TD clearing for multiple streams case\n\nWhen multiple streams are in use, multiple TDs might be in flight when\nan endpoint is stopped. We need to issue a Set TR Dequeue Pointer for\neach, to ensure everything is reset properly and the caches cleared.\nChange the logic so that any N\u003e1 TDs found active for different streams\nare deferred until after the first one is processed, calling\nxhci_invalidate_cancelled_tds() again from xhci_handle_cmd_set_deq() to\nqueue another command until we are done with all of them. Also change\nthe error/\"should never happen\" paths to ensure we at least clear any\naffected TDs, even if we can\u0027t issue a command to clear the hardware\ncache, and complain loudly with an xhci_warn() if this ever happens.\n\nThis problem case dates back to commit e9df17eb1408 (\"USB: xhci: Correct\nassumptions about number of rings per endpoint.\") early on in the XHCI\ndriver\u0027s life, when stream support was first added.\nIt was then identified but not fixed nor made into a warning in commit\n674f8438c121 (\"xhci: split handling halted endpoints into two steps\"),\nwhich added a FIXME comment for the problem case (without materially\nchanging the behavior as far as I can tell, though the new logic made\nthe problem more obvious).\n\nThen later, in commit 94f339147fc3 (\"xhci: Fix failure to give back some\ncached cancelled URBs.\"), it was acknowledged again.\n\n[Mathias: commit 94f339147fc3 (\"xhci: Fix failure to give back some cached\ncancelled URBs.\") was a targeted regression fix to the previously mentioned\npatch. Users reported issues with usb stuck after unmounting/disconnecting\nUAS devices. This rolled back the TD clearing of multiple streams to its\noriginal state.]\n\nApparently the commit author was aware of the problem (yet still chose\nto submit it): It was still mentioned as a FIXME, an xhci_dbg() was\nadded to log the problem condition, and the remaining issue was mentioned\nin the commit description. The choice of making the log type xhci_dbg()\nfor what is, at this point, a completely unhandled and known broken\ncondition is puzzling and unfortunate, as it guarantees that no actual\nusers would see the log in production, thereby making it nigh\nundebuggable (indeed, even if you turn on DEBUG, the message doesn\u0027t\nreally hint at there being a problem at all).\n\nIt took me *months* of random xHC crashes to finally find a reliable\nrepro and be able to do a deep dive debug session, which could all have\nbeen avoided had this unhandled, broken condition been actually reported\nwith a warning, as it should have been as a bug intentionally left in\nunfixed (never mind that it shouldn\u0027t have been left in at all).\n\n\u003e Another fix to solve clearing the caches of all stream rings with\n\u003e cancelled TDs is needed, but not as urgent.\n\n3 years after that statement and 14 years after the original bug was\nintroduced, I think it\u0027s finally time to fix it. And maybe next time\nlet\u0027s not leave bugs unfixed (that are actually worse than the original\nbug), and let\u0027s actually get people to review kernel commits please.\n\nFixes xHC crashes and IOMMU faults with UAS devices when handling\nerrors/faults. Easiest repro is to use `hdparm` to mark an early sector\n(e.g. 1024) on a disk as bad, then `cat /dev/sdX \u003e /dev/null` in a loop.\nAt least in the case of JMicron controllers, the read errors end up\nhaving to cancel two TDs (for two queued requests to different streams)\nand the one that didn\u0027t get cleared properly ends up faulting the xHC\nentirely when it tries to access DMA pages that have since been unmapped,\nreferred to by the stale TDs. This normally happens quickly (after two\nor three loops). After this fix, I left the `cat` in a loop running\novernight and experienced no xHC failures, with all read errors\nrecovered properly. Repro\u0027d and tested on an Apple M1 Mac Mini\n(dwc3 host).\n\nOn systems without an IOMMU, this bug would instead silently corrupt\nfreed memory, making this a\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40927",
"url": "https://www.suse.com/security/cve/CVE-2024-40927"
},
{
"category": "external",
"summary": "SUSE Bug 1227816 for CVE-2024-40927",
"url": "https://bugzilla.suse.com/1227816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40927"
},
{
"cve": "CVE-2024-40929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40929"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: check n_ssids before accessing the ssids\n\nIn some versions of cfg80211, the ssids poinet might be a valid one even\nthough n_ssids is 0. Accessing the pointer in this case will cuase an\nout-of-bound access. Fix this by checking n_ssids first.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40929",
"url": "https://www.suse.com/security/cve/CVE-2024-40929"
},
{
"category": "external",
"summary": "SUSE Bug 1227774 for CVE-2024-40929",
"url": "https://bugzilla.suse.com/1227774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40929"
},
{
"cve": "CVE-2024-40930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40930"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: validate HE operation element parsing\n\nValidate that the HE operation element has the correct\nlength before parsing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40930",
"url": "https://www.suse.com/security/cve/CVE-2024-40930"
},
{
"category": "external",
"summary": "SUSE Bug 1228236 for CVE-2024-40930",
"url": "https://bugzilla.suse.com/1228236"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40930"
},
{
"cve": "CVE-2024-40932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40932"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos/vidi: fix memory leak in .get_modes()\n\nThe duplicated EDID is never freed. Fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40932",
"url": "https://www.suse.com/security/cve/CVE-2024-40932"
},
{
"category": "external",
"summary": "SUSE Bug 1227828 for CVE-2024-40932",
"url": "https://bugzilla.suse.com/1227828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40932"
},
{
"cve": "CVE-2024-40934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()\n\nFix a memory leak on logi_dj_recv_send_report() error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40934",
"url": "https://www.suse.com/security/cve/CVE-2024-40934"
},
{
"category": "external",
"summary": "SUSE Bug 1227796 for CVE-2024-40934",
"url": "https://bugzilla.suse.com/1227796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40934"
},
{
"cve": "CVE-2024-40936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40936"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Fix memregion leaks in devm_cxl_add_region()\n\nMove the mode verification to __create_region() before allocating the\nmemregion to avoid the memregion leaks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40936",
"url": "https://www.suse.com/security/cve/CVE-2024-40936"
},
{
"category": "external",
"summary": "SUSE Bug 1227833 for CVE-2024-40936",
"url": "https://bugzilla.suse.com/1227833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40936"
},
{
"cve": "CVE-2024-40938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40938"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Fix d_parent walk\n\nThe WARN_ON_ONCE() in collect_domain_accesses() can be triggered when\ntrying to link a root mount point. This cannot work in practice because\nthis directory is mounted, but the VFS check is done after the call to\nsecurity_path_link().\n\nDo not use source directory\u0027s d_parent when the source directory is the\nmount point.\n\n[mic: Fix commit message]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40938",
"url": "https://www.suse.com/security/cve/CVE-2024-40938"
},
{
"category": "external",
"summary": "SUSE Bug 1227840 for CVE-2024-40938",
"url": "https://bugzilla.suse.com/1227840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40938"
},
{
"cve": "CVE-2024-40939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40939"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: iosm: Fix tainted pointer delete is case of region creation fail\n\nIn case of region creation fail in ipc_devlink_create_region(), previously\ncreated regions delete process starts from tainted pointer which actually\nholds error code value.\nFix this bug by decreasing region index before delete.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40939",
"url": "https://www.suse.com/security/cve/CVE-2024-40939"
},
{
"category": "external",
"summary": "SUSE Bug 1227799 for CVE-2024-40939",
"url": "https://bugzilla.suse.com/1227799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40939"
},
{
"cve": "CVE-2024-40941",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40941"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don\u0027t read past the mfuart notifcation\n\nIn case the firmware sends a notification that claims it has more data\nthan it has, we will read past that was allocated for the notification.\nRemove the print of the buffer, we won\u0027t see it by default. If needed,\nwe can see the content with tracing.\n\nThis was reported by KFENCE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40941",
"url": "https://www.suse.com/security/cve/CVE-2024-40941"
},
{
"category": "external",
"summary": "SUSE Bug 1227771 for CVE-2024-40941",
"url": "https://bugzilla.suse.com/1227771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40941"
},
{
"cve": "CVE-2024-40942",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40942"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: mesh: Fix leak of mesh_preq_queue objects\n\nThe hwmp code use objects of type mesh_preq_queue, added to a list in\nieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath\ngets deleted, ex mesh interface is removed, the entries in that list will\nnever get cleaned. Fix this by flushing all corresponding items of the\npreq_queue in mesh_path_flush_pending().\n\nThis should take care of KASAN reports like this:\n\nunreferenced object 0xffff00000668d800 (size 128):\n comm \"kworker/u8:4\", pid 67, jiffies 4295419552 (age 1836.444s)\n hex dump (first 32 bytes):\n 00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h.....\n 8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....\u003e...........\n backtrace:\n [\u003c000000007302a0b6\u003e] __kmem_cache_alloc_node+0x1e0/0x35c\n [\u003c00000000049bd418\u003e] kmalloc_trace+0x34/0x80\n [\u003c0000000000d792bb\u003e] mesh_queue_preq+0x44/0x2a8\n [\u003c00000000c99c3696\u003e] mesh_nexthop_resolve+0x198/0x19c\n [\u003c00000000926bf598\u003e] ieee80211_xmit+0x1d0/0x1f4\n [\u003c00000000fc8c2284\u003e] __ieee80211_subif_start_xmit+0x30c/0x764\n [\u003c000000005926ee38\u003e] ieee80211_subif_start_xmit+0x9c/0x7a4\n [\u003c000000004c86e916\u003e] dev_hard_start_xmit+0x174/0x440\n [\u003c0000000023495647\u003e] __dev_queue_xmit+0xe24/0x111c\n [\u003c00000000cfe9ca78\u003e] batadv_send_skb_packet+0x180/0x1e4\n [\u003c000000007bacc5d5\u003e] batadv_v_elp_periodic_work+0x2f4/0x508\n [\u003c00000000adc3cd94\u003e] process_one_work+0x4b8/0xa1c\n [\u003c00000000b36425d1\u003e] worker_thread+0x9c/0x634\n [\u003c0000000005852dd5\u003e] kthread+0x1bc/0x1c4\n [\u003c000000005fccd770\u003e] ret_from_fork+0x10/0x20\nunreferenced object 0xffff000009051f00 (size 128):\n comm \"kworker/u8:4\", pid 67, jiffies 4295419553 (age 1836.440s)\n hex dump (first 32 bytes):\n 90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h.....\n 36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6\u0027.......Xy.....\n backtrace:\n [\u003c000000007302a0b6\u003e] __kmem_cache_alloc_node+0x1e0/0x35c\n [\u003c00000000049bd418\u003e] kmalloc_trace+0x34/0x80\n [\u003c0000000000d792bb\u003e] mesh_queue_preq+0x44/0x2a8\n [\u003c00000000c99c3696\u003e] mesh_nexthop_resolve+0x198/0x19c\n [\u003c00000000926bf598\u003e] ieee80211_xmit+0x1d0/0x1f4\n [\u003c00000000fc8c2284\u003e] __ieee80211_subif_start_xmit+0x30c/0x764\n [\u003c000000005926ee38\u003e] ieee80211_subif_start_xmit+0x9c/0x7a4\n [\u003c000000004c86e916\u003e] dev_hard_start_xmit+0x174/0x440\n [\u003c0000000023495647\u003e] __dev_queue_xmit+0xe24/0x111c\n [\u003c00000000cfe9ca78\u003e] batadv_send_skb_packet+0x180/0x1e4\n [\u003c000000007bacc5d5\u003e] batadv_v_elp_periodic_work+0x2f4/0x508\n [\u003c00000000adc3cd94\u003e] process_one_work+0x4b8/0xa1c\n [\u003c00000000b36425d1\u003e] worker_thread+0x9c/0x634\n [\u003c0000000005852dd5\u003e] kthread+0x1bc/0x1c4\n [\u003c000000005fccd770\u003e] ret_from_fork+0x10/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40942",
"url": "https://www.suse.com/security/cve/CVE-2024-40942"
},
{
"category": "external",
"summary": "SUSE Bug 1227770 for CVE-2024-40942",
"url": "https://bugzilla.suse.com/1227770"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40942"
},
{
"cve": "CVE-2024-40943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40943"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix races between hole punching and AIO+DIO\n\nAfter commit \"ocfs2: return real error code in ocfs2_dio_wr_get_block\",\nfstests/generic/300 become from always failed to sometimes failed:\n\n========================================================================\n[ 473.293420 ] run fstests generic/300\n\n[ 475.296983 ] JBD2: Ignoring recovery information on journal\n[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.\n[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found\n[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.\n[ 494.292018 ] OCFS2: File system is now read-only.\n[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30\n[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3\nfio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072\n=========================================================================\n\nIn __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten\nextents to a list. extents are also inserted into extent tree in\nocfs2_write_begin_nolock. Then another thread call fallocate to puch a\nhole at one of the unwritten extent. The extent at cpos was removed by\nocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list\nfound there is no such extent at the cpos.\n\n T1 T2 T3\n inode lock\n ...\n insert extents\n ...\n inode unlock\nocfs2_fallocate\n __ocfs2_change_file_space\n inode lock\n lock ip_alloc_sem\n ocfs2_remove_inode_range inode\n ocfs2_remove_btree_range\n ocfs2_remove_extent\n ^---remove the extent at cpos 78723\n ...\n unlock ip_alloc_sem\n inode unlock\n ocfs2_dio_end_io\n ocfs2_dio_end_io_write\n lock ip_alloc_sem\n ocfs2_mark_extent_written\n ocfs2_change_extent_flag\n ocfs2_search_extent_list\n ^---failed to find extent\n ...\n unlock ip_alloc_sem\n\nIn most filesystems, fallocate is not compatible with racing with AIO+DIO,\nso fix it by adding to wait for all dio before fallocate/punch_hole like\next4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40943",
"url": "https://www.suse.com/security/cve/CVE-2024-40943"
},
{
"category": "external",
"summary": "SUSE Bug 1227849 for CVE-2024-40943",
"url": "https://bugzilla.suse.com/1227849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40943"
},
{
"cve": "CVE-2024-40944",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40944"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/kexec: Fix bug with call depth tracking\n\nThe call to cc_platform_has() triggers a fault and system crash if call depth\ntracking is active because the GS segment has been reset by load_segments() and\nGS_BASE is now 0 but call depth tracking uses per-CPU variables to operate.\n\nCall cc_platform_has() earlier in the function when GS is still valid.\n\n [ bp: Massage. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40944",
"url": "https://www.suse.com/security/cve/CVE-2024-40944"
},
{
"category": "external",
"summary": "SUSE Bug 1227883 for CVE-2024-40944",
"url": "https://bugzilla.suse.com/1227883"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40944"
},
{
"cve": "CVE-2024-40945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40945"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Return right value in iommu_sva_bind_device()\n\niommu_sva_bind_device() should return either a sva bond handle or an\nERR_PTR value in error cases. Existing drivers (idxd and uacce) only\ncheck the return value with IS_ERR(). This could potentially lead to\na kernel NULL pointer dereference issue if the function returns NULL\ninstead of an error pointer.\n\nIn reality, this doesn\u0027t cause any problems because iommu_sva_bind_device()\nonly returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA.\nIn this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will\nreturn an error, and the device drivers won\u0027t call iommu_sva_bind_device()\nat all.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40945",
"url": "https://www.suse.com/security/cve/CVE-2024-40945"
},
{
"category": "external",
"summary": "SUSE Bug 1227802 for CVE-2024-40945",
"url": "https://bugzilla.suse.com/1227802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40945"
},
{
"cve": "CVE-2024-40954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40954"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not leave a dangling sk pointer, when socket creation fails\n\nIt is possible to trigger a use-after-free by:\n * attaching an fentry probe to __sock_release() and the probe calling the\n bpf_get_socket_cookie() helper\n * running traceroute -I 1.1.1.1 on a freshly booted VM\n\nA KASAN enabled kernel will log something like below (decoded and stripped):\n==================================================================\nBUG: KASAN: slab-use-after-free in __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nRead of size 8 at addr ffff888007110dd8 by task traceroute/299\n\nCPU: 2 PID: 299 Comm: traceroute Tainted: G E 6.10.0-rc2+ #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\ndump_stack_lvl (lib/dump_stack.c:117 (discriminator 1))\nprint_report (mm/kasan/report.c:378 mm/kasan/report.c:488)\n? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nkasan_report (mm/kasan/report.c:603)\n? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nkasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)\n__sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nbpf_get_socket_ptr_cookie (./arch/x86/include/asm/preempt.h:94 ./include/linux/sock_diag.h:42 net/core/filter.c:5094 net/core/filter.c:5092)\nbpf_prog_875642cf11f1d139___sock_release+0x6e/0x8e\nbpf_trampoline_6442506592+0x47/0xaf\n__sock_release (net/socket.c:652)\n__sock_create (net/socket.c:1601)\n...\nAllocated by task 299 on cpu 2 at 78.328492s:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (mm/kasan/common.c:68)\n__kasan_slab_alloc (mm/kasan/common.c:312 mm/kasan/common.c:338)\nkmem_cache_alloc_noprof (mm/slub.c:3941 mm/slub.c:4000 mm/slub.c:4007)\nsk_prot_alloc (net/core/sock.c:2075)\nsk_alloc (net/core/sock.c:2134)\ninet_create (net/ipv4/af_inet.c:327 net/ipv4/af_inet.c:252)\n__sock_create (net/socket.c:1572)\n__sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706)\n__x64_sys_socket (net/socket.c:1718)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nFreed by task 299 on cpu 2 at 78.328502s:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (mm/kasan/common.c:68)\nkasan_save_free_info (mm/kasan/generic.c:582)\npoison_slab_object (mm/kasan/common.c:242)\n__kasan_slab_free (mm/kasan/common.c:256)\nkmem_cache_free (mm/slub.c:4437 mm/slub.c:4511)\n__sk_destruct (net/core/sock.c:2117 net/core/sock.c:2208)\ninet_create (net/ipv4/af_inet.c:397 net/ipv4/af_inet.c:252)\n__sock_create (net/socket.c:1572)\n__sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706)\n__x64_sys_socket (net/socket.c:1718)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nFix this by clearing the struct socket reference in sk_common_release() to cover\nall protocol families create functions, which may already attached the\nreference to the sk object with sock_init_data().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40954",
"url": "https://www.suse.com/security/cve/CVE-2024-40954"
},
{
"category": "external",
"summary": "SUSE Bug 1227808 for CVE-2024-40954",
"url": "https://bugzilla.suse.com/1227808"
},
{
"category": "external",
"summary": "SUSE Bug 1228786 for CVE-2024-40954",
"url": "https://bugzilla.suse.com/1228786"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-40954"
},
{
"cve": "CVE-2024-40956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40956"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list\n\nUse list_for_each_entry_safe() to allow iterating through the list and\ndeleting the entry in the iteration process. The descriptor is freed via\nidxd_desc_complete() and there\u0027s a slight chance may cause issue for\nthe list iterator when the descriptor is reused by another thread\nwithout it being deleted from the list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40956",
"url": "https://www.suse.com/security/cve/CVE-2024-40956"
},
{
"category": "external",
"summary": "SUSE Bug 1227810 for CVE-2024-40956",
"url": "https://bugzilla.suse.com/1227810"
},
{
"category": "external",
"summary": "SUSE Bug 1228585 for CVE-2024-40956",
"url": "https://bugzilla.suse.com/1228585"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-40956"
},
{
"cve": "CVE-2024-40957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nseg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors\n\ninput_action_end_dx4() and input_action_end_dx6() are called NF_HOOK() for\nPREROUTING hook, in PREROUTING hook, we should passing a valid indev,\nand a NULL outdev to NF_HOOK(), otherwise may trigger a NULL pointer\ndereference, as below:\n\n [74830.647293] BUG: kernel NULL pointer dereference, address: 0000000000000090\n [74830.655633] #PF: supervisor read access in kernel mode\n [74830.657888] #PF: error_code(0x0000) - not-present page\n [74830.659500] PGD 0 P4D 0\n [74830.660450] Oops: 0000 [#1] PREEMPT SMP PTI\n ...\n [74830.664953] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\n [74830.666569] RIP: 0010:rpfilter_mt+0x44/0x15e [ipt_rpfilter]\n ...\n [74830.689725] Call Trace:\n [74830.690402] \u003cIRQ\u003e\n [74830.690953] ? show_trace_log_lvl+0x1c4/0x2df\n [74830.692020] ? show_trace_log_lvl+0x1c4/0x2df\n [74830.693095] ? ipt_do_table+0x286/0x710 [ip_tables]\n [74830.694275] ? __die_body.cold+0x8/0xd\n [74830.695205] ? page_fault_oops+0xac/0x140\n [74830.696244] ? exc_page_fault+0x62/0x150\n [74830.697225] ? asm_exc_page_fault+0x22/0x30\n [74830.698344] ? rpfilter_mt+0x44/0x15e [ipt_rpfilter]\n [74830.699540] ipt_do_table+0x286/0x710 [ip_tables]\n [74830.700758] ? ip6_route_input+0x19d/0x240\n [74830.701752] nf_hook_slow+0x3f/0xb0\n [74830.702678] input_action_end_dx4+0x19b/0x1e0\n [74830.703735] ? input_action_end_t+0xe0/0xe0\n [74830.704734] seg6_local_input_core+0x2d/0x60\n [74830.705782] lwtunnel_input+0x5b/0xb0\n [74830.706690] __netif_receive_skb_one_core+0x63/0xa0\n [74830.707825] process_backlog+0x99/0x140\n [74830.709538] __napi_poll+0x2c/0x160\n [74830.710673] net_rx_action+0x296/0x350\n [74830.711860] __do_softirq+0xcb/0x2ac\n [74830.713049] do_softirq+0x63/0x90\n\ninput_action_end_dx4() passing a NULL indev to NF_HOOK(), and finally\ntrigger a NULL dereference in rpfilter_mt()-\u003erpfilter_is_loopback():\n\n static bool\n rpfilter_is_loopback(const struct sk_buff *skb,\n \t const struct net_device *in)\n {\n // in is NULL\n return skb-\u003epkt_type == PACKET_LOOPBACK ||\n \t in-\u003eflags \u0026 IFF_LOOPBACK;\n }",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40957",
"url": "https://www.suse.com/security/cve/CVE-2024-40957"
},
{
"category": "external",
"summary": "SUSE Bug 1227811 for CVE-2024-40957",
"url": "https://bugzilla.suse.com/1227811"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40957"
},
{
"cve": "CVE-2024-40958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40958"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetns: Make get_net_ns() handle zero refcount net\n\nSyzkaller hit a warning:\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 3 PID: 7890 at lib/refcount.c:25 refcount_warn_saturate+0xdf/0x1d0\nModules linked in:\nCPU: 3 PID: 7890 Comm: tun Not tainted 6.10.0-rc3-00100-gcaa4f9578aba-dirty #310\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xdf/0x1d0\nCode: 41 49 04 31 ff 89 de e8 9f 1e cd fe 84 db 75 9c e8 76 26 cd fe c6 05 b6 41 49 04 01 90 48 c7 c7 b8 8e 25 86 e8 d2 05 b5 fe 90 \u003c0f\u003e 0b 90 90 e9 79 ff ff ff e8 53 26 cd fe 0f b6 1\nRSP: 0018:ffff8881067b7da0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff811c72ac\nRDX: ffff8881026a2140 RSI: ffffffff811c72b5 RDI: 0000000000000001\nRBP: ffff8881067b7db0 R08: 0000000000000000 R09: 205b5d3730353139\nR10: 0000000000000000 R11: 205d303938375420 R12: ffff8881086500c4\nR13: ffff8881086500c4 R14: ffff8881086500b0 R15: ffff888108650040\nFS: 00007f5b2961a4c0(0000) GS:ffff88823bd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055d7ed36fd18 CR3: 00000001482f6000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0xa3/0xc0\n ? __warn+0xa5/0x1c0\n ? refcount_warn_saturate+0xdf/0x1d0\n ? report_bug+0x1fc/0x2d0\n ? refcount_warn_saturate+0xdf/0x1d0\n ? handle_bug+0xa1/0x110\n ? exc_invalid_op+0x3c/0xb0\n ? asm_exc_invalid_op+0x1f/0x30\n ? __warn_printk+0xcc/0x140\n ? __warn_printk+0xd5/0x140\n ? refcount_warn_saturate+0xdf/0x1d0\n get_net_ns+0xa4/0xc0\n ? __pfx_get_net_ns+0x10/0x10\n open_related_ns+0x5a/0x130\n __tun_chr_ioctl+0x1616/0x2370\n ? __sanitizer_cov_trace_switch+0x58/0xa0\n ? __sanitizer_cov_trace_const_cmp2+0x1c/0x30\n ? __pfx_tun_chr_ioctl+0x10/0x10\n tun_chr_ioctl+0x2f/0x40\n __x64_sys_ioctl+0x11b/0x160\n x64_sys_call+0x1211/0x20d0\n do_syscall_64+0x9e/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f5b28f165d7\nCode: b3 66 90 48 8b 05 b1 48 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 48 2d 00 8\nRSP: 002b:00007ffc2b59c5e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5b28f165d7\nRDX: 0000000000000000 RSI: 00000000000054e3 RDI: 0000000000000003\nRBP: 00007ffc2b59c650 R08: 00007f5b291ed8c0 R09: 00007f5b2961a4c0\nR10: 0000000029690010 R11: 0000000000000246 R12: 0000000000400730\nR13: 00007ffc2b59cf40 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\n\nThis is trigger as below:\n ns0 ns1\ntun_set_iff() //dev is tun0\n tun-\u003edev = dev\n//ip link set tun0 netns ns1\n put_net() //ref is 0\n__tun_chr_ioctl() //TUNGETDEVNETNS\n net = dev_net(tun-\u003edev);\n open_related_ns(\u0026net-\u003ens, get_net_ns); //ns1\n get_net_ns()\n get_net() //addition on 0\n\nUse maybe_get_net() in get_net_ns in case net\u0027s ref is zero to fix this",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40958",
"url": "https://www.suse.com/security/cve/CVE-2024-40958"
},
{
"category": "external",
"summary": "SUSE Bug 1227812 for CVE-2024-40958",
"url": "https://bugzilla.suse.com/1227812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40958"
},
{
"cve": "CVE-2024-40959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40959"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()\n\nip6_dst_idev() can return NULL, xfrm6_get_saddr() must act accordingly.\n\nsyzbot reported:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 1 PID: 12 Comm: kworker/u8:1 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nWorkqueue: wg-kex-wg1 wg_packet_handshake_send_worker\n RIP: 0010:xfrm6_get_saddr+0x93/0x130 net/ipv6/xfrm6_policy.c:64\nCode: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 97 00 00 00 4c 8b ab d8 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 86 00 00 00 4d 8b 6d 00 e8 ca 13 47 01 48 b8 00\nRSP: 0018:ffffc90000117378 EFLAGS: 00010246\nRAX: dffffc0000000000 RBX: ffff88807b079dc0 RCX: ffffffff89a0d6d7\nRDX: 0000000000000000 RSI: ffffffff89a0d6e9 RDI: ffff88807b079e98\nRBP: ffff88807ad73248 R08: 0000000000000007 R09: fffffffffffff000\nR10: ffff88807b079dc0 R11: 0000000000000007 R12: ffffc90000117480\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f4586d00440 CR3: 0000000079042000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n xfrm_get_saddr net/xfrm/xfrm_policy.c:2452 [inline]\n xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2481 [inline]\n xfrm_tmpl_resolve+0xa26/0xf10 net/xfrm/xfrm_policy.c:2541\n xfrm_resolve_and_create_bundle+0x140/0x2570 net/xfrm/xfrm_policy.c:2835\n xfrm_bundle_lookup net/xfrm/xfrm_policy.c:3070 [inline]\n xfrm_lookup_with_ifid+0x4d1/0x1e60 net/xfrm/xfrm_policy.c:3201\n xfrm_lookup net/xfrm/xfrm_policy.c:3298 [inline]\n xfrm_lookup_route+0x3b/0x200 net/xfrm/xfrm_policy.c:3309\n ip6_dst_lookup_flow+0x15c/0x1d0 net/ipv6/ip6_output.c:1256\n send6+0x611/0xd20 drivers/net/wireguard/socket.c:139\n wg_socket_send_skb_to_peer+0xf9/0x220 drivers/net/wireguard/socket.c:178\n wg_socket_send_buffer_to_peer+0x12b/0x190 drivers/net/wireguard/socket.c:200\n wg_packet_send_handshake_initiation+0x227/0x360 drivers/net/wireguard/send.c:40\n wg_packet_handshake_send_worker+0x1c/0x30 drivers/net/wireguard/send.c:51\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40959",
"url": "https://www.suse.com/security/cve/CVE-2024-40959"
},
{
"category": "external",
"summary": "SUSE Bug 1227884 for CVE-2024-40959",
"url": "https://bugzilla.suse.com/1227884"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40959"
},
{
"cve": "CVE-2024-40962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40962"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: allocate dummy checksums for zoned NODATASUM writes\n\nShin\u0027ichiro reported that when he\u0027s running fstests\u0027 test-case\nbtrfs/167 on emulated zoned devices, he\u0027s seeing the following NULL\npointer dereference in \u0027btrfs_zone_finish_endio()\u0027:\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000011: 0000 [#1] PREEMPT SMP KASAN NOPTI\n KASAN: null-ptr-deref in range [0x0000000000000088-0x000000000000008f]\n CPU: 4 PID: 2332440 Comm: kworker/u80:15 Tainted: G W 6.10.0-rc2-kts+ #4\n Hardware name: Supermicro Super Server/X11SPi-TF, BIOS 3.3 02/21/2020\n Workqueue: btrfs-endio-write btrfs_work_helper [btrfs]\n RIP: 0010:btrfs_zone_finish_endio.part.0+0x34/0x160 [btrfs]\n\n RSP: 0018:ffff88867f107a90 EFLAGS: 00010206\n RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff893e5534\n RDX: 0000000000000011 RSI: 0000000000000004 RDI: 0000000000000088\n RBP: 0000000000000002 R08: 0000000000000001 R09: ffffed1081696028\n R10: ffff88840b4b0143 R11: ffff88834dfff600 R12: ffff88840b4b0000\n R13: 0000000000020000 R14: 0000000000000000 R15: ffff888530ad5210\n FS: 0000000000000000(0000) GS:ffff888e3f800000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f87223fff38 CR3: 00000007a7c6a002 CR4: 00000000007706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die_addr+0x46/0x70\n ? exc_general_protection+0x14f/0x250\n ? asm_exc_general_protection+0x26/0x30\n ? do_raw_read_unlock+0x44/0x70\n ? btrfs_zone_finish_endio.part.0+0x34/0x160 [btrfs]\n btrfs_finish_one_ordered+0x5d9/0x19a0 [btrfs]\n ? __pfx_lock_release+0x10/0x10\n ? do_raw_write_lock+0x90/0x260\n ? __pfx_do_raw_write_lock+0x10/0x10\n ? __pfx_btrfs_finish_one_ordered+0x10/0x10 [btrfs]\n ? _raw_write_unlock+0x23/0x40\n ? btrfs_finish_ordered_zoned+0x5a9/0x850 [btrfs]\n ? lock_acquire+0x435/0x500\n btrfs_work_helper+0x1b1/0xa70 [btrfs]\n ? __schedule+0x10a8/0x60b0\n ? __pfx___might_resched+0x10/0x10\n process_one_work+0x862/0x1410\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x16c/0x240\n worker_thread+0x5e6/0x1010\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x2c3/0x3a0\n ? trace_irq_enable.constprop.0+0xce/0x110\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nEnabling CONFIG_BTRFS_ASSERT revealed the following assertion to\ntrigger:\n\n assertion failed: !list_empty(\u0026ordered-\u003elist), in fs/btrfs/zoned.c:1815\n\nThis indicates, that we\u0027re missing the checksums list on the\nordered_extent. As btrfs/167 is doing a NOCOW write this is to be\nexpected.\n\nFurther analysis with drgn confirmed the assumption:\n\n \u003e\u003e\u003e inode = prog.crashed_thread().stack_trace()[11][\u0027ordered\u0027].inode\n \u003e\u003e\u003e btrfs_inode = drgn.container_of(inode, \"struct btrfs_inode\", \\\n \t\t\t\t\"vfs_inode\")\n \u003e\u003e\u003e print(btrfs_inode.flags)\n (u32)1\n\nAs zoned emulation mode simulates conventional zones on regular devices,\nwe cannot use zone-append for writing. But we\u0027re only attaching dummy\nchecksums if we\u0027re doing a zone-append write.\n\nSo for NOCOW zoned data writes on conventional zones, also attach a\ndummy checksum.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40962",
"url": "https://www.suse.com/security/cve/CVE-2024-40962"
},
{
"category": "external",
"summary": "SUSE Bug 1227815 for CVE-2024-40962",
"url": "https://bugzilla.suse.com/1227815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40962"
},
{
"cve": "CVE-2024-40964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40964"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind()\n\nThe cs35l41_hda_unbind() function clears the hda_component entry\nmatching it\u0027s index and then dereferences the codec pointer held in the\nfirst element of the hda_component array, this is an issue when the\ndevice index was 0.\n\nInstead use the codec pointer stashed in the cs35l41_hda structure as it\nwill still be valid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40964",
"url": "https://www.suse.com/security/cve/CVE-2024-40964"
},
{
"category": "external",
"summary": "SUSE Bug 1227818 for CVE-2024-40964",
"url": "https://bugzilla.suse.com/1227818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40964"
},
{
"cve": "CVE-2024-40967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40967"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: imx: Introduce timeout when waiting on transmitter empty\n\nBy waiting at most 1 second for USR2_TXDC to be set, we avoid a potential\ndeadlock.\n\nIn case of the timeout, there is not much we can do, so we simply ignore\nthe transmitter state and optimistically try to continue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40967",
"url": "https://www.suse.com/security/cve/CVE-2024-40967"
},
{
"category": "external",
"summary": "SUSE Bug 1227891 for CVE-2024-40967",
"url": "https://bugzilla.suse.com/1227891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40967"
},
{
"cve": "CVE-2024-40976",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40976"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/lima: mask irqs in timeout path before hard reset\n\nThere is a race condition in which a rendering job might take just long\nenough to trigger the drm sched job timeout handler but also still\ncomplete before the hard reset is done by the timeout handler.\nThis runs into race conditions not expected by the timeout handler.\nIn some very specific cases it currently may result in a refcount\nimbalance on lima_pm_idle, with a stack dump such as:\n\n[10136.669170] WARNING: CPU: 0 PID: 0 at drivers/gpu/drm/lima/lima_devfreq.c:205 lima_devfreq_record_idle+0xa0/0xb0\n...\n[10136.669459] pc : lima_devfreq_record_idle+0xa0/0xb0\n...\n[10136.669628] Call trace:\n[10136.669634] lima_devfreq_record_idle+0xa0/0xb0\n[10136.669646] lima_sched_pipe_task_done+0x5c/0xb0\n[10136.669656] lima_gp_irq_handler+0xa8/0x120\n[10136.669666] __handle_irq_event_percpu+0x48/0x160\n[10136.669679] handle_irq_event+0x4c/0xc0\n\nWe can prevent that race condition entirely by masking the irqs at the\nbeginning of the timeout handler, at which point we give up on waiting\nfor that job entirely.\nThe irqs will be enabled again at the next hard reset which is already\ndone as a recovery by the timeout handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40976",
"url": "https://www.suse.com/security/cve/CVE-2024-40976"
},
{
"category": "external",
"summary": "SUSE Bug 1227893 for CVE-2024-40976",
"url": "https://bugzilla.suse.com/1227893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40976"
},
{
"cve": "CVE-2024-40977",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40977"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921s: fix potential hung tasks during chip recovery\n\nDuring chip recovery (e.g. chip reset), there is a possible situation that\nkernel worker reset_work is holding the lock and waiting for kernel thread\nstat_worker to be parked, while stat_worker is waiting for the release of\nthe same lock.\nIt causes a deadlock resulting in the dumping of hung tasks messages and\npossible rebooting of the device.\n\nThis patch prevents the execution of stat_worker during the chip recovery.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40977",
"url": "https://www.suse.com/security/cve/CVE-2024-40977"
},
{
"category": "external",
"summary": "SUSE Bug 1227950 for CVE-2024-40977",
"url": "https://bugzilla.suse.com/1227950"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40977"
},
{
"cve": "CVE-2024-40978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedi: Fix crash while reading debugfs attribute\n\nThe qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly\non a __user pointer, which results into the crash.\n\nTo fix this issue, use a small local stack buffer for sprintf() and then\ncall simple_read_from_buffer(), which in turns make the copy_to_user()\ncall.\n\nBUG: unable to handle page fault for address: 00007f4801111000\nPGD 8000000864df6067 P4D 8000000864df6067 PUD 864df7067 PMD 846028067 PTE 0\nOops: 0002 [#1] PREEMPT SMP PTI\nHardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 06/15/2023\nRIP: 0010:memcpy_orig+0xcd/0x130\nRSP: 0018:ffffb7a18c3ffc40 EFLAGS: 00010202\nRAX: 00007f4801111000 RBX: 00007f4801111000 RCX: 000000000000000f\nRDX: 000000000000000f RSI: ffffffffc0bfd7a0 RDI: 00007f4801111000\nRBP: ffffffffc0bfd7a0 R08: 725f746f6e5f6f64 R09: 3d7265766f636572\nR10: ffffb7a18c3ffd08 R11: 0000000000000000 R12: 00007f4881110fff\nR13: 000000007fffffff R14: ffffb7a18c3ffca0 R15: ffffffffc0bfd7af\nFS: 00007f480118a740(0000) GS:ffff98e38af00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f4801111000 CR3: 0000000864b8e001 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x183/0x510\n ? exc_page_fault+0x69/0x150\n ? asm_exc_page_fault+0x22/0x30\n ? memcpy_orig+0xcd/0x130\n vsnprintf+0x102/0x4c0\n sprintf+0x51/0x80\n qedi_dbg_do_not_recover_cmd_read+0x2f/0x50 [qedi 6bcfdeeecdea037da47069eca2ba717c84a77324]\n full_proxy_read+0x50/0x80\n vfs_read+0xa5/0x2e0\n ? folio_add_new_anon_rmap+0x44/0xa0\n ? set_pte_at+0x15/0x30\n ? do_pte_missing+0x426/0x7f0\n ksys_read+0xa5/0xe0\n do_syscall_64+0x58/0x80\n ? __count_memcg_events+0x46/0x90\n ? count_memcg_event_mm+0x3d/0x60\n ? handle_mm_fault+0x196/0x2f0\n ? do_user_addr_fault+0x267/0x890\n ? exc_page_fault+0x69/0x150\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7f4800f20b4d",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40978",
"url": "https://www.suse.com/security/cve/CVE-2024-40978"
},
{
"category": "external",
"summary": "SUSE Bug 1227929 for CVE-2024-40978",
"url": "https://bugzilla.suse.com/1227929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40978"
},
{
"cve": "CVE-2024-40981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: bypass empty buckets in batadv_purge_orig_ref()\n\nMany syzbot reports are pointing to soft lockups in\nbatadv_purge_orig_ref() [1]\n\nRoot cause is unknown, but we can avoid spending too much\ntime there and perhaps get more interesting reports.\n\n[1]\n\nwatchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621]\nModules linked in:\nirq event stamp: 6182794\n hardirqs last enabled at (6182793): [\u003cffff8000801dae10\u003e] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\n hardirqs last disabled at (6182794): [\u003cffff80008ad66a78\u003e] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\n hardirqs last disabled at (6182794): [\u003cffff80008ad66a78\u003e] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\n softirqs last enabled at (6182792): [\u003cffff80008aab71c4\u003e] spin_unlock_bh include/linux/spinlock.h:396 [inline]\n softirqs last enabled at (6182792): [\u003cffff80008aab71c4\u003e] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\n softirqs last disabled at (6182790): [\u003cffff80008aab61dc\u003e] spin_lock_bh include/linux/spinlock.h:356 [inline]\n softirqs last disabled at (6182790): [\u003cffff80008aab61dc\u003e] batadv_purge_orig_ref+0x164/0x1228 net/batman-adv/originator.c:1271\nCPU: 0 PID: 621 Comm: kworker/u4:6 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\nWorkqueue: bat_events batadv_purge_orig\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : should_resched arch/arm64/include/asm/preempt.h:79 [inline]\n pc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:388\n lr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\nsp : ffff800099007970\nx29: ffff800099007980 x28: 1fffe00018fce1bd x27: dfff800000000000\nx26: ffff0000d2620008 x25: ffff0000c7e70de8 x24: 0000000000000001\nx23: 1fffe00018e57781 x22: dfff800000000000 x21: ffff80008aab71c4\nx20: ffff0001b40136c0 x19: ffff0000c72bbc08 x18: 1fffe0001a817bb0\nx17: ffff800125414000 x16: ffff80008032116c x15: 0000000000000001\nx14: 1fffe0001ee9d610 x13: 0000000000000000 x12: 0000000000000003\nx11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000\nx8 : 00000000005e5789 x7 : ffff80008aab61dc x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000\nx2 : 0000000000000006 x1 : 0000000000000080 x0 : ffff800125414000\nCall trace:\n __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline]\n arch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline]\n __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:386\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]\n _raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\n batadv_purge_orig+0x20/0x70 net/batman-adv/originator.c:1300\n process_one_work+0x694/0x1204 kernel/workqueue.c:2633\n process_scheduled_works kernel/workqueue.c:2706 [inline]\n worker_thread+0x938/0xef4 kernel/workqueue.c:2787\n kthread+0x288/0x310 kernel/kthread.c:388\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860\nSending NMI from CPU 0 to CPUs 1:\nNMI backtrace for cpu 1\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:51\n lr : default_idle_call+0xf8/0x128 kernel/sched/idle.c:103\nsp : ffff800093a17d30\nx29: ffff800093a17d30 x28: dfff800000000000 x27: 1ffff00012742fb4\nx26: ffff80008ec9d000 x25: 0000000000000000 x24: 0000000000000002\nx23: 1ffff00011d93a74 x22: ffff80008ec9d3a0 x21: 0000000000000000\nx20: ffff0000c19dbc00 x19: ffff8000802d0fd8 x18: 1fffe00036804396\nx17: ffff80008ec9d000 x16: ffff8000802d089c x15: 0000000000000001\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40981",
"url": "https://www.suse.com/security/cve/CVE-2024-40981"
},
{
"category": "external",
"summary": "SUSE Bug 1227864 for CVE-2024-40981",
"url": "https://bugzilla.suse.com/1227864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "low"
}
],
"title": "CVE-2024-40981"
},
{
"cve": "CVE-2024-40982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40982"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40982",
"url": "https://www.suse.com/security/cve/CVE-2024-40982"
},
{
"category": "external",
"summary": "SUSE Bug 1227865 for CVE-2024-40982",
"url": "https://bugzilla.suse.com/1227865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40982"
},
{
"cve": "CVE-2024-40984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40984"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"\n\nUndo the modifications made in commit d410ee5109a1 (\"ACPICA: avoid\n\"Info: mapping multiple BARs. Your kernel is fine.\"\"). The initial\npurpose of this commit was to stop memory mappings for operation\nregions from overlapping page boundaries, as it can trigger warnings\nif different page attributes are present.\n\nHowever, it was found that when this situation arises, mapping\ncontinues until the boundary\u0027s end, but there is still an attempt to\nread/write the entire length of the map, leading to a NULL pointer\ndeference. For example, if a four-byte mapping request is made but\nonly one byte is mapped because it hits the current page boundary\u0027s\nend, a four-byte read/write attempt is still made, resulting in a NULL\npointer deference.\n\nInstead, map the entire length, as the ACPI specification does not\nmandate that it must be within the same page boundary. It is\npermissible for it to be mapped across different regions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40984",
"url": "https://www.suse.com/security/cve/CVE-2024-40984"
},
{
"category": "external",
"summary": "SUSE Bug 1227820 for CVE-2024-40984",
"url": "https://bugzilla.suse.com/1227820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40984"
},
{
"cve": "CVE-2024-40987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40987"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix UBSAN warning in kv_dpm.c\n\nAdds bounds check for sumo_vid_mapping_entry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40987",
"url": "https://www.suse.com/security/cve/CVE-2024-40987"
},
{
"category": "external",
"summary": "SUSE Bug 1228235 for CVE-2024-40987",
"url": "https://bugzilla.suse.com/1228235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40987"
},
{
"cve": "CVE-2024-40988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40988"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: fix UBSAN warning in kv_dpm.c\n\nAdds bounds check for sumo_vid_mapping_entry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40988",
"url": "https://www.suse.com/security/cve/CVE-2024-40988"
},
{
"category": "external",
"summary": "SUSE Bug 1227957 for CVE-2024-40988",
"url": "https://bugzilla.suse.com/1227957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40988"
},
{
"cve": "CVE-2024-40989",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40989"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Disassociate vcpus from redistributor region on teardown\n\nWhen tearing down a redistributor region, make sure we don\u0027t have\nany dangling pointer to that region stored in a vcpu.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40989",
"url": "https://www.suse.com/security/cve/CVE-2024-40989"
},
{
"category": "external",
"summary": "SUSE Bug 1227823 for CVE-2024-40989",
"url": "https://bugzilla.suse.com/1227823"
},
{
"category": "external",
"summary": "SUSE Bug 1228589 for CVE-2024-40989",
"url": "https://bugzilla.suse.com/1228589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-40989"
},
{
"cve": "CVE-2024-40990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40990"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Add check for srq max_sge attribute\n\nmax_sge attribute is passed by the user, and is inserted and used\nunchecked, so verify that the value doesn\u0027t exceed maximum allowed value\nbefore using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40990",
"url": "https://www.suse.com/security/cve/CVE-2024-40990"
},
{
"category": "external",
"summary": "SUSE Bug 1227824 for CVE-2024-40990",
"url": "https://bugzilla.suse.com/1227824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40990"
},
{
"cve": "CVE-2024-40992",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40992"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix responder length checking for UD request packets\n\nAccording to the IBA specification:\nIf a UD request packet is detected with an invalid length, the request\nshall be an invalid request and it shall be silently dropped by\nthe responder. The responder then waits for a new request packet.\n\ncommit 689c5421bfe0 (\"RDMA/rxe: Fix incorrect responder length checking\")\ndefers responder length check for UD QPs in function `copy_data`.\nBut it introduces a regression issue for UD QPs.\n\nWhen the packet size is too large to fit in the receive buffer.\n`copy_data` will return error code -EINVAL. Then `send_data_in`\nwill return RESPST_ERR_MALFORMED_WQE. UD QP will transfer into\nERROR state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40992",
"url": "https://www.suse.com/security/cve/CVE-2024-40992"
},
{
"category": "external",
"summary": "SUSE Bug 1227826 for CVE-2024-40992",
"url": "https://bugzilla.suse.com/1227826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40992"
},
{
"cve": "CVE-2024-40994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: fix integer overflow in max_vclocks_store\n\nOn 32bit systems, the \"4 * max\" multiply can overflow. Use kcalloc()\nto do the allocation to prevent this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40994",
"url": "https://www.suse.com/security/cve/CVE-2024-40994"
},
{
"category": "external",
"summary": "SUSE Bug 1227829 for CVE-2024-40994",
"url": "https://bugzilla.suse.com/1227829"
},
{
"category": "external",
"summary": "SUSE Bug 1228587 for CVE-2024-40994",
"url": "https://bugzilla.suse.com/1228587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-40994"
},
{
"cve": "CVE-2024-40995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()\n\nsyzbot found hanging tasks waiting on rtnl_lock [1]\n\nA reproducer is available in the syzbot bug.\n\nWhen a request to add multiple actions with the same index is sent, the\nsecond request will block forever on the first request. This holds\nrtnl_lock, and causes tasks to hang.\n\nReturn -EAGAIN to prevent infinite looping, while keeping documented\nbehavior.\n\n[1]\n\nINFO: task kworker/1:0:5088 blocked for more than 143 seconds.\nNot tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:kworker/1:0 state:D stack:23744 pid:5088 tgid:5088 ppid:2 flags:0x00004000\nWorkqueue: events_power_efficient reg_check_chans_work\nCall Trace:\n\u003cTASK\u003e\ncontext_switch kernel/sched/core.c:5409 [inline]\n__schedule+0xf15/0x5d00 kernel/sched/core.c:6746\n__schedule_loop kernel/sched/core.c:6823 [inline]\nschedule+0xe7/0x350 kernel/sched/core.c:6838\nschedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895\n__mutex_lock_common kernel/locking/mutex.c:684 [inline]\n__mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752\nwiphy_lock include/net/cfg80211.h:5953 [inline]\nreg_leave_invalid_chans net/wireless/reg.c:2466 [inline]\nreg_check_chans_work+0x10a/0x10e0 net/wireless/reg.c:2481",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40995",
"url": "https://www.suse.com/security/cve/CVE-2024-40995"
},
{
"category": "external",
"summary": "SUSE Bug 1227830 for CVE-2024-40995",
"url": "https://bugzilla.suse.com/1227830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40995"
},
{
"cve": "CVE-2024-40997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: fix memory leak on CPU EPP exit\n\nThe cpudata memory from kzalloc() in amd_pstate_epp_cpu_init() is\nnot freed in the analogous exit function, so fix that.\n\n[ rjw: Subject and changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40997",
"url": "https://www.suse.com/security/cve/CVE-2024-40997"
},
{
"category": "external",
"summary": "SUSE Bug 1227853 for CVE-2024-40997",
"url": "https://bugzilla.suse.com/1227853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-40997"
},
{
"cve": "CVE-2024-41000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41000"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock/ioctl: prefer different overflow check\n\nRunning syzkaller with the newly reintroduced signed integer overflow\nsanitizer shows this report:\n\n[ 62.982337] ------------[ cut here ]------------\n[ 62.985692] cgroup: Invalid name\n[ 62.986211] UBSAN: signed-integer-overflow in ../block/ioctl.c:36:46\n[ 62.989370] 9pnet_fd: p9_fd_create_tcp (7343): problem connecting socket to 127.0.0.1\n[ 62.992992] 9223372036854775807 + 4095 cannot be represented in type \u0027long long\u0027\n[ 62.997827] 9pnet_fd: p9_fd_create_tcp (7345): problem connecting socket to 127.0.0.1\n[ 62.999369] random: crng reseeded on system resumption\n[ 63.000634] GUP no longer grows the stack in syz-executor.2 (7353): 20002000-20003000 (20001000)\n[ 63.000668] CPU: 0 PID: 7353 Comm: syz-executor.2 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1\n[ 63.000677] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 63.000682] Call Trace:\n[ 63.000686] \u003cTASK\u003e\n[ 63.000731] dump_stack_lvl+0x93/0xd0\n[ 63.000919] __get_user_pages+0x903/0xd30\n[ 63.001030] __gup_longterm_locked+0x153e/0x1ba0\n[ 63.001041] ? _raw_read_unlock_irqrestore+0x17/0x50\n[ 63.001072] ? try_get_folio+0x29c/0x2d0\n[ 63.001083] internal_get_user_pages_fast+0x1119/0x1530\n[ 63.001109] iov_iter_extract_pages+0x23b/0x580\n[ 63.001206] bio_iov_iter_get_pages+0x4de/0x1220\n[ 63.001235] iomap_dio_bio_iter+0x9b6/0x1410\n[ 63.001297] __iomap_dio_rw+0xab4/0x1810\n[ 63.001316] iomap_dio_rw+0x45/0xa0\n[ 63.001328] ext4_file_write_iter+0xdde/0x1390\n[ 63.001372] vfs_write+0x599/0xbd0\n[ 63.001394] ksys_write+0xc8/0x190\n[ 63.001403] do_syscall_64+0xd4/0x1b0\n[ 63.001421] ? arch_exit_to_user_mode_prepare+0x3a/0x60\n[ 63.001479] entry_SYSCALL_64_after_hwframe+0x6f/0x77\n[ 63.001535] RIP: 0033:0x7f7fd3ebf539\n[ 63.001551] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\n[ 63.001562] RSP: 002b:00007f7fd32570c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 63.001584] RAX: ffffffffffffffda RBX: 00007f7fd3ff3f80 RCX: 00007f7fd3ebf539\n[ 63.001590] RDX: 4db6d1e4f7e43360 RSI: 0000000020000000 RDI: 0000000000000004\n[ 63.001595] RBP: 00007f7fd3f1e496 R08: 0000000000000000 R09: 0000000000000000\n[ 63.001599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n[ 63.001604] R13: 0000000000000006 R14: 00007f7fd3ff3f80 R15: 00007ffd415ad2b8\n...\n[ 63.018142] ---[ end trace ]---\n\nHistorically, the signed integer overflow sanitizer did not work in the\nkernel due to its interaction with `-fwrapv` but this has since been\nchanged [1] in the newest version of Clang; It was re-enabled in the\nkernel with Commit 557f8c582a9ba8ab (\"ubsan: Reintroduce signed overflow\nsanitizer\").\n\nLet\u0027s rework this overflow checking logic to not actually perform an\noverflow during the check itself, thus avoiding the UBSAN splat.\n\n[1]: https://github.com/llvm/llvm-project/pull/82432",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41000",
"url": "https://www.suse.com/security/cve/CVE-2024-41000"
},
{
"category": "external",
"summary": "SUSE Bug 1227867 for CVE-2024-41000",
"url": "https://bugzilla.suse.com/1227867"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41000"
},
{
"cve": "CVE-2024-41001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41001"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/sqpoll: work around a potential audit memory leak\n\nkmemleak complains that there\u0027s a memory leak related to connect\nhandling:\n\nunreferenced object 0xffff0001093bdf00 (size 128):\ncomm \"iou-sqp-455\", pid 457, jiffies 4294894164\nhex dump (first 32 bytes):\n02 00 fa ea 7f 00 00 01 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace (crc 2e481b1a):\n[\u003c00000000c0a26af4\u003e] kmemleak_alloc+0x30/0x38\n[\u003c000000009c30bb45\u003e] kmalloc_trace+0x228/0x358\n[\u003c000000009da9d39f\u003e] __audit_sockaddr+0xd0/0x138\n[\u003c0000000089a93e34\u003e] move_addr_to_kernel+0x1a0/0x1f8\n[\u003c000000000b4e80e6\u003e] io_connect_prep+0x1ec/0x2d4\n[\u003c00000000abfbcd99\u003e] io_submit_sqes+0x588/0x1e48\n[\u003c00000000e7c25e07\u003e] io_sq_thread+0x8a4/0x10e4\n[\u003c00000000d999b491\u003e] ret_from_fork+0x10/0x20\n\nwhich can can happen if:\n\n1) The command type does something on the prep side that triggers an\n audit call.\n2) The thread hasn\u0027t done any operations before this that triggered\n an audit call inside -\u003eissue(), where we have audit_uring_entry()\n and audit_uring_exit().\n\nWork around this by issuing a blanket NOP operation before the SQPOLL\ndoes anything.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41001",
"url": "https://www.suse.com/security/cve/CVE-2024-41001"
},
{
"category": "external",
"summary": "SUSE Bug 1227869 for CVE-2024-41001",
"url": "https://bugzilla.suse.com/1227869"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41001"
},
{
"cve": "CVE-2024-41002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41002"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/sec - Fix memory leak for sec resource release\n\nThe AIV is one of the SEC resources. When releasing resources,\nit need to release the AIV resources at the same time.\nOtherwise, memory leakage occurs.\n\nThe aiv resource release is added to the sec resource release\nfunction.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41002",
"url": "https://www.suse.com/security/cve/CVE-2024-41002"
},
{
"category": "external",
"summary": "SUSE Bug 1227870 for CVE-2024-41002",
"url": "https://bugzilla.suse.com/1227870"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41002"
},
{
"cve": "CVE-2024-41004",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41004"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Build event generation tests only as modules\n\nThe kprobes and synth event generation test modules add events and lock\n(get a reference) those event file reference in module init function,\nand unlock and delete it in module exit function. This is because those\nare designed for playing as modules.\n\nIf we make those modules as built-in, those events are left locked in the\nkernel, and never be removed. This causes kprobe event self-test failure\nas below.\n\n[ 97.349708] ------------[ cut here ]------------\n[ 97.353453] WARNING: CPU: 3 PID: 1 at kernel/trace/trace_kprobe.c:2133 kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.357106] Modules linked in:\n[ 97.358488] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 6.9.0-g699646734ab5-dirty #14\n[ 97.361556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n[ 97.363880] RIP: 0010:kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.365538] Code: a8 24 08 82 e9 ae fd ff ff 90 0f 0b 90 48 c7 c7 e5 aa 0b 82 e9 ee fc ff ff 90 0f 0b 90 48 c7 c7 2d 61 06 82 e9 8e fd ff ff 90 \u003c0f\u003e 0b 90 48 c7 c7 33 0b 0c 82 89 c6 e8 6e 03 1f ff 41 ff c7 e9 90\n[ 97.370429] RSP: 0000:ffffc90000013b50 EFLAGS: 00010286\n[ 97.371852] RAX: 00000000fffffff0 RBX: ffff888005919c00 RCX: 0000000000000000\n[ 97.373829] RDX: ffff888003f40000 RSI: ffffffff8236a598 RDI: ffff888003f40a68\n[ 97.375715] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n[ 97.377675] R10: ffffffff811c9ae5 R11: ffffffff8120c4e0 R12: 0000000000000000\n[ 97.379591] R13: 0000000000000001 R14: 0000000000000015 R15: 0000000000000000\n[ 97.381536] FS: 0000000000000000(0000) GS:ffff88807dcc0000(0000) knlGS:0000000000000000\n[ 97.383813] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 97.385449] CR2: 0000000000000000 CR3: 0000000002244000 CR4: 00000000000006b0\n[ 97.387347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 97.389277] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 97.391196] Call Trace:\n[ 97.391967] \u003cTASK\u003e\n[ 97.392647] ? __warn+0xcc/0x180\n[ 97.393640] ? kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.395181] ? report_bug+0xbd/0x150\n[ 97.396234] ? handle_bug+0x3e/0x60\n[ 97.397311] ? exc_invalid_op+0x1a/0x50\n[ 97.398434] ? asm_exc_invalid_op+0x1a/0x20\n[ 97.399652] ? trace_kprobe_is_busy+0x20/0x20\n[ 97.400904] ? tracing_reset_all_online_cpus+0x15/0x90\n[ 97.402304] ? kprobe_trace_self_tests_init+0x3f1/0x480\n[ 97.403773] ? init_kprobe_trace+0x50/0x50\n[ 97.404972] do_one_initcall+0x112/0x240\n[ 97.406113] do_initcall_level+0x95/0xb0\n[ 97.407286] ? kernel_init+0x1a/0x1a0\n[ 97.408401] do_initcalls+0x3f/0x70\n[ 97.409452] kernel_init_freeable+0x16f/0x1e0\n[ 97.410662] ? rest_init+0x1f0/0x1f0\n[ 97.411738] kernel_init+0x1a/0x1a0\n[ 97.412788] ret_from_fork+0x39/0x50\n[ 97.413817] ? rest_init+0x1f0/0x1f0\n[ 97.414844] ret_from_fork_asm+0x11/0x20\n[ 97.416285] \u003c/TASK\u003e\n[ 97.417134] irq event stamp: 13437323\n[ 97.418376] hardirqs last enabled at (13437337): [\u003cffffffff8110bc0c\u003e] console_unlock+0x11c/0x150\n[ 97.421285] hardirqs last disabled at (13437370): [\u003cffffffff8110bbf1\u003e] console_unlock+0x101/0x150\n[ 97.423838] softirqs last enabled at (13437366): [\u003cffffffff8108e17f\u003e] handle_softirqs+0x23f/0x2a0\n[ 97.426450] softirqs last disabled at (13437393): [\u003cffffffff8108e346\u003e] __irq_exit_rcu+0x66/0xd0\n[ 97.428850] ---[ end trace 0000000000000000 ]---\n\nAnd also, since we can not cleanup dynamic_event file, ftracetest are\nfailed too.\n\nTo avoid these issues, build these tests only as modules.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41004",
"url": "https://www.suse.com/security/cve/CVE-2024-41004"
},
{
"category": "external",
"summary": "SUSE Bug 1227851 for CVE-2024-41004",
"url": "https://bugzilla.suse.com/1227851"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41004"
},
{
"cve": "CVE-2024-41007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: avoid too many retransmit packets\n\nIf a TCP socket is using TCP_USER_TIMEOUT, and the other peer\nretracted its window to zero, tcp_retransmit_timer() can\nretransmit a packet every two jiffies (2 ms for HZ=1000),\nfor about 4 minutes after TCP_USER_TIMEOUT has \u0027expired\u0027.\n\nThe fix is to make sure tcp_rtx_probe0_timed_out() takes\nicsk-\u003eicsk_user_timeout into account.\n\nBefore blamed commit, the socket would not timeout after\nicsk-\u003eicsk_user_timeout, but would use standard exponential\nbackoff for the retransmits.\n\nAlso worth noting that before commit e89688e3e978 (\"net: tcp:\nfix unexcepted socket die when snd_wnd is 0\"), the issue\nwould last 2 minutes instead of 4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41007",
"url": "https://www.suse.com/security/cve/CVE-2024-41007"
},
{
"category": "external",
"summary": "SUSE Bug 1227863 for CVE-2024-41007",
"url": "https://bugzilla.suse.com/1227863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "low"
}
],
"title": "CVE-2024-41007"
},
{
"cve": "CVE-2024-41009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overrunning reservations in ringbuf\n\nThe BPF ring buffer internally is implemented as a power-of-2 sized circular\nbuffer, with two logical and ever-increasing counters: consumer_pos is the\nconsumer counter to show which logical position the consumer consumed the\ndata, and producer_pos which is the producer counter denoting the amount of\ndata reserved by all producers.\n\nEach time a record is reserved, the producer that \"owns\" the record will\nsuccessfully advance producer counter. In user space each time a record is\nread, the consumer of the data advanced the consumer counter once it finished\nprocessing. Both counters are stored in separate pages so that from user\nspace, the producer counter is read-only and the consumer counter is read-write.\n\nOne aspect that simplifies and thus speeds up the implementation of both\nproducers and consumers is how the data area is mapped twice contiguously\nback-to-back in the virtual memory, allowing to not take any special measures\nfor samples that have to wrap around at the end of the circular buffer data\narea, because the next page after the last data page would be first data page\nagain, and thus the sample will still appear completely contiguous in virtual\nmemory.\n\nEach record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for\nbook-keeping the length and offset, and is inaccessible to the BPF program.\nHelpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`\nfor the BPF program to use. Bing-Jhong and Muhammad reported that it is however\npossible to make a second allocated memory chunk overlapping with the first\nchunk and as a result, the BPF program is now able to edit first chunk\u0027s\nheader.\n\nFor example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size\nof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to\nbpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in\n[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets\nallocate a chunk B with size 0x3000. This will succeed because consumer_pos\nwas edited ahead of time to pass the `new_prod_pos - cons_pos \u003e rb-\u003emask`\ncheck. Chunk B will be in range [0x3008,0x6010], and the BPF program is able\nto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned\nearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data\npages. This means that chunk B at [0x4000,0x4008] is chunk A\u0027s header.\nbpf_ringbuf_submit() / bpf_ringbuf_discard() use the header\u0027s pg_off to then\nlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk\nB modified chunk A\u0027s header, then bpf_ringbuf_commit() refers to the wrong\npage and could cause a crash.\n\nFix it by calculating the oldest pending_pos and check whether the range\nfrom the oldest outstanding record to the newest would span beyond the ring\nbuffer size. If that is the case, then reject the request. We\u0027ve tested with\nthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)\nbefore/after the fix and while it seems a bit slower on some benchmarks, it\nis still not significantly enough to matter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41009",
"url": "https://www.suse.com/security/cve/CVE-2024-41009"
},
{
"category": "external",
"summary": "SUSE Bug 1228020 for CVE-2024-41009",
"url": "https://bugzilla.suse.com/1228020"
},
{
"category": "external",
"summary": "SUSE Bug 1245988 for CVE-2024-41009",
"url": "https://bugzilla.suse.com/1245988"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-41009"
},
{
"cve": "CVE-2024-41010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix too early release of tcx_entry\n\nPedro Pinto and later independently also Hyunwoo Kim and Wongi Lee reported\nan issue that the tcx_entry can be released too early leading to a use\nafter free (UAF) when an active old-style ingress or clsact qdisc with a\nshared tc block is later replaced by another ingress or clsact instance.\n\nEssentially, the sequence to trigger the UAF (one example) can be as follows:\n\n 1. A network namespace is created\n 2. An ingress qdisc is created. This allocates a tcx_entry, and\n \u0026tcx_entry-\u003eminiq is stored in the qdisc\u0027s miniqp-\u003ep_miniq. At the\n same time, a tcf block with index 1 is created.\n 3. chain0 is attached to the tcf block. chain0 must be connected to\n the block linked to the ingress qdisc to later reach the function\n tcf_chain0_head_change_cb_del() which triggers the UAF.\n 4. Create and graft a clsact qdisc. This causes the ingress qdisc\n created in step 1 to be removed, thus freeing the previously linked\n tcx_entry:\n\n rtnetlink_rcv_msg()\n =\u003e tc_modify_qdisc()\n =\u003e qdisc_create()\n =\u003e clsact_init() [a]\n =\u003e qdisc_graft()\n =\u003e qdisc_destroy()\n =\u003e __qdisc_destroy()\n =\u003e ingress_destroy() [b]\n =\u003e tcx_entry_free()\n =\u003e kfree_rcu() // tcx_entry freed\n\n 5. Finally, the network namespace is closed. This registers the\n cleanup_net worker, and during the process of releasing the\n remaining clsact qdisc, it accesses the tcx_entry that was\n already freed in step 4, causing the UAF to occur:\n\n cleanup_net()\n =\u003e ops_exit_list()\n =\u003e default_device_exit_batch()\n =\u003e unregister_netdevice_many()\n =\u003e unregister_netdevice_many_notify()\n =\u003e dev_shutdown()\n =\u003e qdisc_put()\n =\u003e clsact_destroy() [c]\n =\u003e tcf_block_put_ext()\n =\u003e tcf_chain0_head_change_cb_del()\n =\u003e tcf_chain_head_change_item()\n =\u003e clsact_chain_head_change()\n =\u003e mini_qdisc_pair_swap() // UAF\n\nThere are also other variants, the gist is to add an ingress (or clsact)\nqdisc with a specific shared block, then to replace that qdisc, waiting\nfor the tcx_entry kfree_rcu() to be executed and subsequently accessing\nthe current active qdisc\u0027s miniq one way or another.\n\nThe correct fix is to turn the miniq_active boolean into a counter. What\ncan be observed, at step 2 above, the counter transitions from 0-\u003e1, at\nstep [a] from 1-\u003e2 (in order for the miniq object to remain active during\nthe replacement), then in [b] from 2-\u003e1 and finally [c] 1-\u003e0 with the\neventual release. The reference counter in general ranges from [0,2] and\nit does not need to be atomic since all access to the counter is protected\nby the rtnl mutex. With this in place, there is no longer a UAF happening\nand the tcx_entry is freed at the correct time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41010",
"url": "https://www.suse.com/security/cve/CVE-2024-41010"
},
{
"category": "external",
"summary": "SUSE Bug 1228021 for CVE-2024-41010",
"url": "https://bugzilla.suse.com/1228021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41010"
},
{
"cve": "CVE-2024-41012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41012"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: Remove locks reliably when fcntl/close race is detected\n\nWhen fcntl_setlk() races with close(), it removes the created lock with\ndo_lock_file_wait().\nHowever, LSMs can allow the first do_lock_file_wait() that created the lock\nwhile denying the second do_lock_file_wait() that tries to remove the lock.\nSeparately, posix_lock_file() could also fail to\nremove a lock due to GFP_KERNEL allocation failure (when splitting a range\nin the middle).\n\nAfter the bug has been triggered, use-after-free reads will occur in\nlock_get_status() when userspace reads /proc/locks. This can likely be used\nto read arbitrary kernel memory, but can\u0027t corrupt kernel memory.\n\nFix it by calling locks_remove_posix() instead, which is designed to\nreliably get rid of POSIX locks associated with the given file and\nfiles_struct and is also used by filp_flush().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41012",
"url": "https://www.suse.com/security/cve/CVE-2024-41012"
},
{
"category": "external",
"summary": "SUSE Bug 1228247 for CVE-2024-41012",
"url": "https://bugzilla.suse.com/1228247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41012"
},
{
"cve": "CVE-2024-41015",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41015"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: add bounds checking to ocfs2_check_dir_entry()\n\nThis adds sanity checks for ocfs2_dir_entry to make sure all members of\nocfs2_dir_entry don\u0027t stray beyond valid memory region.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41015",
"url": "https://www.suse.com/security/cve/CVE-2024-41015"
},
{
"category": "external",
"summary": "SUSE Bug 1228409 for CVE-2024-41015",
"url": "https://bugzilla.suse.com/1228409"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41015"
},
{
"cve": "CVE-2024-41016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n\nxattr in ocfs2 maybe \u0027non-indexed\u0027, which saved with additional space\nrequested. It\u0027s better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41016",
"url": "https://www.suse.com/security/cve/CVE-2024-41016"
},
{
"category": "external",
"summary": "SUSE Bug 1228410 for CVE-2024-41016",
"url": "https://bugzilla.suse.com/1228410"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41016"
},
{
"cve": "CVE-2024-41020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: Fix fcntl/close race recovery compat path\n\nWhen I wrote commit 3cad1bc01041 (\"filelock: Remove locks reliably when\nfcntl/close race is detected\"), I missed that there are two copies of the\ncode I was patching: The normal version, and the version for 64-bit offsets\non 32-bit kernels.\nThanks to Greg KH for stumbling over this while doing the stable\nbackport...\n\nApply exactly the same fix to the compat path for 32-bit kernels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41020",
"url": "https://www.suse.com/security/cve/CVE-2024-41020"
},
{
"category": "external",
"summary": "SUSE Bug 1228427 for CVE-2024-41020",
"url": "https://bugzilla.suse.com/1228427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41020"
},
{
"cve": "CVE-2024-41022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41022"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()\n\nThe \"instance\" variable needs to be signed for the error handling to work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41022",
"url": "https://www.suse.com/security/cve/CVE-2024-41022"
},
{
"category": "external",
"summary": "SUSE Bug 1228429 for CVE-2024-41022",
"url": "https://bugzilla.suse.com/1228429"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41022"
},
{
"cve": "CVE-2024-41024",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41024"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41024",
"url": "https://www.suse.com/security/cve/CVE-2024-41024"
},
{
"category": "external",
"summary": "SUSE Bug 1228525 for CVE-2024-41024",
"url": "https://bugzilla.suse.com/1228525"
},
{
"category": "external",
"summary": "SUSE Bug 1229274 for CVE-2024-41024",
"url": "https://bugzilla.suse.com/1229274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-41024"
},
{
"cve": "CVE-2024-41025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41025"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix memory leak in audio daemon attach operation\n\nAudio PD daemon send the name as part of the init IOCTL call. This\nname needs to be copied to kernel for which memory is allocated.\nThis memory is never freed which might result in memory leak. Free\nthe memory when it is not needed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41025",
"url": "https://www.suse.com/security/cve/CVE-2024-41025"
},
{
"category": "external",
"summary": "SUSE Bug 1228527 for CVE-2024-41025",
"url": "https://bugzilla.suse.com/1228527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41025"
},
{
"cve": "CVE-2024-41028",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41028"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: toshiba_acpi: Fix array out-of-bounds access\n\nIn order to use toshiba_dmi_quirks[] together with the standard DMI\nmatching functions, it must be terminated by a empty entry.\n\nSince this entry is missing, an array out-of-bounds access occurs\nevery time the quirk list is processed.\n\nFix this by adding the terminating empty entry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41028",
"url": "https://www.suse.com/security/cve/CVE-2024-41028"
},
{
"category": "external",
"summary": "SUSE Bug 1228539 for CVE-2024-41028",
"url": "https://bugzilla.suse.com/1228539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41028"
},
{
"cve": "CVE-2024-41032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41032"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: vmalloc: check if a hash-index is in cpu_possible_mask\n\nThe problem is that there are systems where cpu_possible_mask has gaps\nbetween set CPUs, for example SPARC. In this scenario addr_to_vb_xa()\nhash function can return an index which accesses to not-possible and not\nsetup CPU area using per_cpu() macro. This results in an oops on SPARC.\n\nA per-cpu vmap_block_queue is also used as hash table, incorrectly\nassuming the cpu_possible_mask has no gaps. Fix it by adjusting an index\nto a next possible CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41032",
"url": "https://www.suse.com/security/cve/CVE-2024-41032"
},
{
"category": "external",
"summary": "SUSE Bug 1228460 for CVE-2024-41032",
"url": "https://bugzilla.suse.com/1228460"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41032"
},
{
"cve": "CVE-2024-41035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor\n\nSyzbot has identified a bug in usbcore (see the Closes: tag below)\ncaused by our assumption that the reserved bits in an endpoint\ndescriptor\u0027s bEndpointAddress field will always be 0. As a result of\nthe bug, the endpoint_is_duplicate() routine in config.c (and possibly\nother routines as well) may believe that two descriptors are for\ndistinct endpoints, even though they have the same direction and\nendpoint number. This can lead to confusion, including the bug\nidentified by syzbot (two descriptors with matching endpoint numbers\nand directions, where one was interrupt and the other was bulk).\n\nTo fix the bug, we will clear the reserved bits in bEndpointAddress\nwhen we parse the descriptor. (Note that both the USB-2.0 and USB-3.1\nspecs say these bits are \"Reserved, reset to zero\".) This requires us\nto make a copy of the descriptor earlier in usb_parse_endpoint() and\nuse the copy instead of the original when checking for duplicates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41035",
"url": "https://www.suse.com/security/cve/CVE-2024-41035"
},
{
"category": "external",
"summary": "SUSE Bug 1228485 for CVE-2024-41035",
"url": "https://bugzilla.suse.com/1228485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41035"
},
{
"cve": "CVE-2024-41036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ks8851: Fix deadlock with the SPI chip variant\n\nWhen SMP is enabled and spinlocks are actually functional then there is\na deadlock with the \u0027statelock\u0027 spinlock between ks8851_start_xmit_spi\nand ks8851_irq:\n\n watchdog: BUG: soft lockup - CPU#0 stuck for 27s!\n call trace:\n queued_spin_lock_slowpath+0x100/0x284\n do_raw_spin_lock+0x34/0x44\n ks8851_start_xmit_spi+0x30/0xb8\n ks8851_start_xmit+0x14/0x20\n netdev_start_xmit+0x40/0x6c\n dev_hard_start_xmit+0x6c/0xbc\n sch_direct_xmit+0xa4/0x22c\n __qdisc_run+0x138/0x3fc\n qdisc_run+0x24/0x3c\n net_tx_action+0xf8/0x130\n handle_softirqs+0x1ac/0x1f0\n __do_softirq+0x14/0x20\n ____do_softirq+0x10/0x1c\n call_on_irq_stack+0x3c/0x58\n do_softirq_own_stack+0x1c/0x28\n __irq_exit_rcu+0x54/0x9c\n irq_exit_rcu+0x10/0x1c\n el1_interrupt+0x38/0x50\n el1h_64_irq_handler+0x18/0x24\n el1h_64_irq+0x64/0x68\n __netif_schedule+0x6c/0x80\n netif_tx_wake_queue+0x38/0x48\n ks8851_irq+0xb8/0x2c8\n irq_thread_fn+0x2c/0x74\n irq_thread+0x10c/0x1b0\n kthread+0xc8/0xd8\n ret_from_fork+0x10/0x20\n\nThis issue has not been identified earlier because tests were done on\na device with SMP disabled and so spinlocks were actually NOPs.\n\nNow use spin_(un)lock_bh for TX queue related locking to avoid execution\nof softirq work synchronously that would lead to a deadlock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41036",
"url": "https://www.suse.com/security/cve/CVE-2024-41036"
},
{
"category": "external",
"summary": "SUSE Bug 1228496 for CVE-2024-41036",
"url": "https://bugzilla.suse.com/1228496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41036"
},
{
"cve": "CVE-2024-41037",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41037"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda: fix null deref on system suspend entry\n\nWhen system enters suspend with an active stream, SOF core\ncalls hw_params_upon_resume(). On Intel platforms with HDA DMA used\nto manage the link DMA, this leads to call chain of\n\n hda_dsp_set_hw_params_upon_resume()\n -\u003e hda_dsp_dais_suspend()\n -\u003e hda_dai_suspend()\n -\u003e hda_ipc4_post_trigger()\n\nA bug is hit in hda_dai_suspend() as hda_link_dma_cleanup() is run first,\nwhich clears hext_stream-\u003elink_substream, and then hda_ipc4_post_trigger()\nis called with a NULL snd_pcm_substream pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41037",
"url": "https://www.suse.com/security/cve/CVE-2024-41037"
},
{
"category": "external",
"summary": "SUSE Bug 1228508 for CVE-2024-41037",
"url": "https://bugzilla.suse.com/1228508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41037"
},
{
"cve": "CVE-2024-41038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41038"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers\n\nCheck that all fields of a V2 algorithm header fit into the available\nfirmware data buffer.\n\nThe wmfw V2 format introduced variable-length strings in the algorithm\nblock header. This means the overall header length is variable, and the\nposition of most fields varies depending on the length of the string\nfields. Each field must be checked to ensure that it does not overflow\nthe firmware data buffer.\n\nAs this ia bugfix patch, the fixes avoid making any significant change to\nthe existing code. This makes it easier to review and less likely to\nintroduce new bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41038",
"url": "https://www.suse.com/security/cve/CVE-2024-41038"
},
{
"category": "external",
"summary": "SUSE Bug 1228509 for CVE-2024-41038",
"url": "https://bugzilla.suse.com/1228509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41038"
},
{
"cve": "CVE-2024-41039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41039"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Fix overflow checking of wmfw header\n\nFix the checking that firmware file buffer is large enough for the\nwmfw header, to prevent overrunning the buffer.\n\nThe original code tested that the firmware data buffer contained\nenough bytes for the sums of the size of the structs\n\n\twmfw_header + wmfw_adsp1_sizes + wmfw_footer\n\nBut wmfw_adsp1_sizes is only used on ADSP1 firmware. For ADSP2 and\nHalo Core the equivalent struct is wmfw_adsp2_sizes, which is\n4 bytes longer. So the length check didn\u0027t guarantee that there\nare enough bytes in the firmware buffer for a header with\nwmfw_adsp2_sizes.\n\nThis patch splits the length check into three separate parts. Each\nof the wmfw_header, wmfw_adsp?_sizes and wmfw_footer are checked\nseparately before they are used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41039",
"url": "https://www.suse.com/security/cve/CVE-2024-41039"
},
{
"category": "external",
"summary": "SUSE Bug 1228515 for CVE-2024-41039",
"url": "https://bugzilla.suse.com/1228515"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41039"
},
{
"cve": "CVE-2024-41040",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41040"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Fix UAF when resolving a clash\n\nKASAN reports the following UAF:\n\n BUG: KASAN: slab-use-after-free in tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct]\n Read of size 1 at addr ffff888c07603600 by task handler130/6469\n\n Call Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x48/0x70\n print_address_description.constprop.0+0x33/0x3d0\n print_report+0xc0/0x2b0\n kasan_report+0xd0/0x120\n __asan_load1+0x6c/0x80\n tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct]\n tcf_ct_act+0x886/0x1350 [act_ct]\n tcf_action_exec+0xf8/0x1f0\n fl_classify+0x355/0x360 [cls_flower]\n __tcf_classify+0x1fd/0x330\n tcf_classify+0x21c/0x3c0\n sch_handle_ingress.constprop.0+0x2c5/0x500\n __netif_receive_skb_core.constprop.0+0xb25/0x1510\n __netif_receive_skb_list_core+0x220/0x4c0\n netif_receive_skb_list_internal+0x446/0x620\n napi_complete_done+0x157/0x3d0\n gro_cell_poll+0xcf/0x100\n __napi_poll+0x65/0x310\n net_rx_action+0x30c/0x5c0\n __do_softirq+0x14f/0x491\n __irq_exit_rcu+0x82/0xc0\n irq_exit_rcu+0xe/0x20\n common_interrupt+0xa1/0xb0\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_common_interrupt+0x27/0x40\n\n Allocated by task 6469:\n kasan_save_stack+0x38/0x70\n kasan_set_track+0x25/0x40\n kasan_save_alloc_info+0x1e/0x40\n __kasan_krealloc+0x133/0x190\n krealloc+0xaa/0x130\n nf_ct_ext_add+0xed/0x230 [nf_conntrack]\n tcf_ct_act+0x1095/0x1350 [act_ct]\n tcf_action_exec+0xf8/0x1f0\n fl_classify+0x355/0x360 [cls_flower]\n __tcf_classify+0x1fd/0x330\n tcf_classify+0x21c/0x3c0\n sch_handle_ingress.constprop.0+0x2c5/0x500\n __netif_receive_skb_core.constprop.0+0xb25/0x1510\n __netif_receive_skb_list_core+0x220/0x4c0\n netif_receive_skb_list_internal+0x446/0x620\n napi_complete_done+0x157/0x3d0\n gro_cell_poll+0xcf/0x100\n __napi_poll+0x65/0x310\n net_rx_action+0x30c/0x5c0\n __do_softirq+0x14f/0x491\n\n Freed by task 6469:\n kasan_save_stack+0x38/0x70\n kasan_set_track+0x25/0x40\n kasan_save_free_info+0x2b/0x60\n ____kasan_slab_free+0x180/0x1f0\n __kasan_slab_free+0x12/0x30\n slab_free_freelist_hook+0xd2/0x1a0\n __kmem_cache_free+0x1a2/0x2f0\n kfree+0x78/0x120\n nf_conntrack_free+0x74/0x130 [nf_conntrack]\n nf_ct_destroy+0xb2/0x140 [nf_conntrack]\n __nf_ct_resolve_clash+0x529/0x5d0 [nf_conntrack]\n nf_ct_resolve_clash+0xf6/0x490 [nf_conntrack]\n __nf_conntrack_confirm+0x2c6/0x770 [nf_conntrack]\n tcf_ct_act+0x12ad/0x1350 [act_ct]\n tcf_action_exec+0xf8/0x1f0\n fl_classify+0x355/0x360 [cls_flower]\n __tcf_classify+0x1fd/0x330\n tcf_classify+0x21c/0x3c0\n sch_handle_ingress.constprop.0+0x2c5/0x500\n __netif_receive_skb_core.constprop.0+0xb25/0x1510\n __netif_receive_skb_list_core+0x220/0x4c0\n netif_receive_skb_list_internal+0x446/0x620\n napi_complete_done+0x157/0x3d0\n gro_cell_poll+0xcf/0x100\n __napi_poll+0x65/0x310\n net_rx_action+0x30c/0x5c0\n __do_softirq+0x14f/0x491\n\nThe ct may be dropped if a clash has been resolved but is still passed to\nthe tcf_ct_flow_table_process_conn function for further usage. This issue\ncan be fixed by retrieving ct from skb again after confirming conntrack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41040",
"url": "https://www.suse.com/security/cve/CVE-2024-41040"
},
{
"category": "external",
"summary": "SUSE Bug 1228518 for CVE-2024-41040",
"url": "https://bugzilla.suse.com/1228518"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41040"
},
{
"cve": "CVE-2024-41041",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41041"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().\n\nsyzkaller triggered the warning [0] in udp_v4_early_demux().\n\nIn udp_v[46]_early_demux() and sk_lookup(), we do not touch the refcount\nof the looked-up sk and use sock_pfree() as skb-\u003edestructor, so we check\nSOCK_RCU_FREE to ensure that the sk is safe to access during the RCU grace\nperiod.\n\nCurrently, SOCK_RCU_FREE is flagged for a bound socket after being put\ninto the hash table. Moreover, the SOCK_RCU_FREE check is done too early\nin udp_v[46]_early_demux() and sk_lookup(), so there could be a small race\nwindow:\n\n CPU1 CPU2\n ---- ----\n udp_v4_early_demux() udp_lib_get_port()\n | |- hlist_add_head_rcu()\n |- sk = __udp4_lib_demux_lookup() |\n |- DEBUG_NET_WARN_ON_ONCE(sk_is_refcounted(sk));\n `- sock_set_flag(sk, SOCK_RCU_FREE)\n\nWe had the same bug in TCP and fixed it in commit 871019b22d1b (\"net:\nset SOCK_RCU_FREE before inserting socket into hashtable\").\n\nLet\u0027s apply the same fix for UDP.\n\n[0]:\nWARNING: CPU: 0 PID: 11198 at net/ipv4/udp.c:2599 udp_v4_early_demux+0x481/0xb70 net/ipv4/udp.c:2599\nModules linked in:\nCPU: 0 PID: 11198 Comm: syz-executor.1 Not tainted 6.9.0-g93bda33046e7 #13\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:udp_v4_early_demux+0x481/0xb70 net/ipv4/udp.c:2599\nCode: c5 7a 15 fe bb 01 00 00 00 44 89 e9 31 ff d3 e3 81 e3 bf ef ff ff 89 de e8 2c 74 15 fe 85 db 0f 85 02 06 00 00 e8 9f 7a 15 fe \u003c0f\u003e 0b e8 98 7a 15 fe 49 8d 7e 60 e8 4f 39 2f fe 49 c7 46 60 20 52\nRSP: 0018:ffffc9000ce3fa58 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8318c92c\nRDX: ffff888036ccde00 RSI: ffffffff8318c2f1 RDI: 0000000000000001\nRBP: ffff88805a2dd6e0 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0001ffffffffffff R12: ffff88805a2dd680\nR13: 0000000000000007 R14: ffff88800923f900 R15: ffff88805456004e\nFS: 00007fc449127640(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fc449126e38 CR3: 000000003de4b002 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ip_rcv_finish_core.constprop.0+0xbdd/0xd20 net/ipv4/ip_input.c:349\n ip_rcv_finish+0xda/0x150 net/ipv4/ip_input.c:447\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n ip_rcv+0x16c/0x180 net/ipv4/ip_input.c:569\n __netif_receive_skb_one_core+0xb3/0xe0 net/core/dev.c:5624\n __netif_receive_skb+0x21/0xd0 net/core/dev.c:5738\n netif_receive_skb_internal net/core/dev.c:5824 [inline]\n netif_receive_skb+0x271/0x300 net/core/dev.c:5884\n tun_rx_batched drivers/net/tun.c:1549 [inline]\n tun_get_user+0x24db/0x2c50 drivers/net/tun.c:2002\n tun_chr_write_iter+0x107/0x1a0 drivers/net/tun.c:2048\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x76f/0x8d0 fs/read_write.c:590\n ksys_write+0xbf/0x190 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x41/0x50 fs/read_write.c:652\n x64_sys_call+0xe66/0x1990 arch/x86/include/generated/asm/syscalls_64.h:2\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x4b/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\nRIP: 0033:0x7fc44a68bc1f\nCode: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 e9 cf f5 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 3c d0 f5 ff 48\nRSP: 002b:00007fc449126c90 EFLAGS: 00000293 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00000000004bc050 RCX: 00007fc44a68bc1f\nR\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41041",
"url": "https://www.suse.com/security/cve/CVE-2024-41041"
},
{
"category": "external",
"summary": "SUSE Bug 1228520 for CVE-2024-41041",
"url": "https://bugzilla.suse.com/1228520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41041"
},
{
"cve": "CVE-2024-41044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41044"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: reject claimed-as-LCP but actually malformed packets\n\nSince \u0027ppp_async_encode()\u0027 assumes valid LCP packets (with code\nfrom 1 to 7 inclusive), add \u0027ppp_check_packet()\u0027 to ensure that\nLCP packet has an actual body beyond PPP_LCP header bytes, and\nreject claimed-as-LCP but actually malformed data otherwise.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41044",
"url": "https://www.suse.com/security/cve/CVE-2024-41044"
},
{
"category": "external",
"summary": "SUSE Bug 1228530 for CVE-2024-41044",
"url": "https://bugzilla.suse.com/1228530"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41044"
},
{
"cve": "CVE-2024-41045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41045"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Defer work in bpf_timer_cancel_and_free\n\nCurrently, the same case as previous patch (two timer callbacks trying\nto cancel each other) can be invoked through bpf_map_update_elem as\nwell, or more precisely, freeing map elements containing timers. Since\nthis relies on hrtimer_cancel as well, it is prone to the same deadlock\nsituation as the previous patch.\n\nIt would be sufficient to use hrtimer_try_to_cancel to fix this problem,\nas the timer cannot be enqueued after async_cancel_and_free. Once\nasync_cancel_and_free has been done, the timer must be reinitialized\nbefore it can be armed again. The callback running in parallel trying to\narm the timer will fail, and freeing bpf_hrtimer without waiting is\nsufficient (given kfree_rcu), and bpf_timer_cb will return\nHRTIMER_NORESTART, preventing the timer from being rearmed again.\n\nHowever, there exists a UAF scenario where the callback arms the timer\nbefore entering this function, such that if cancellation fails (due to\ntimer callback invoking this routine, or the target timer callback\nrunning concurrently). In such a case, if the timer expiration is\nsignificantly far in the future, the RCU grace period expiration\nhappening before it will free the bpf_hrtimer state and along with it\nthe struct hrtimer, that is enqueued.\n\nHence, it is clear cancellation needs to occur after\nasync_cancel_and_free, and yet it cannot be done inline due to deadlock\nissues. We thus modify bpf_timer_cancel_and_free to defer work to the\nglobal workqueue, adding a work_struct alongside rcu_head (both used at\n_different_ points of time, so can share space).\n\nUpdate existing code comments to reflect the new state of affairs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41045",
"url": "https://www.suse.com/security/cve/CVE-2024-41045"
},
{
"category": "external",
"summary": "SUSE Bug 1228531 for CVE-2024-41045",
"url": "https://bugzilla.suse.com/1228531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41045"
},
{
"cve": "CVE-2024-41048",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41048"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nskmsg: Skip zero length skb in sk_msg_recvmsg\n\nWhen running BPF selftests (./test_progs -t sockmap_basic) on a Loongarch\nplatform, the following kernel panic occurs:\n\n [...]\n Oops[#1]:\n CPU: 22 PID: 2824 Comm: test_progs Tainted: G OE 6.10.0-rc2+ #18\n Hardware name: LOONGSON Dabieshan/Loongson-TC542F0, BIOS Loongson-UDK2018\n ... ...\n ra: 90000000048bf6c0 sk_msg_recvmsg+0x120/0x560\n ERA: 9000000004162774 copy_page_to_iter+0x74/0x1c0\n CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n PRMD: 0000000c (PPLV0 +PIE +PWE)\n EUEN: 00000007 (+FPE +SXE +ASXE -BTE)\n ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7)\n ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0)\n BADV: 0000000000000040\n PRID: 0014c011 (Loongson-64bit, Loongson-3C5000)\n Modules linked in: bpf_testmod(OE) xt_CHECKSUM xt_MASQUERADE xt_conntrack\n Process test_progs (pid: 2824, threadinfo=0000000000863a31, task=...)\n Stack : ...\n Call Trace:\n [\u003c9000000004162774\u003e] copy_page_to_iter+0x74/0x1c0\n [\u003c90000000048bf6c0\u003e] sk_msg_recvmsg+0x120/0x560\n [\u003c90000000049f2b90\u003e] tcp_bpf_recvmsg_parser+0x170/0x4e0\n [\u003c90000000049aae34\u003e] inet_recvmsg+0x54/0x100\n [\u003c900000000481ad5c\u003e] sock_recvmsg+0x7c/0xe0\n [\u003c900000000481e1a8\u003e] __sys_recvfrom+0x108/0x1c0\n [\u003c900000000481e27c\u003e] sys_recvfrom+0x1c/0x40\n [\u003c9000000004c076ec\u003e] do_syscall+0x8c/0xc0\n [\u003c9000000003731da4\u003e] handle_syscall+0xc4/0x160\n Code: ...\n ---[ end trace 0000000000000000 ]---\n Kernel panic - not syncing: Fatal exception\n Kernel relocated by 0x3510000\n .text @ 0x9000000003710000\n .data @ 0x9000000004d70000\n .bss @ 0x9000000006469400\n ---[ end Kernel panic - not syncing: Fatal exception ]---\n [...]\n\nThis crash happens every time when running sockmap_skb_verdict_shutdown\nsubtest in sockmap_basic.\n\nThis crash is because a NULL pointer is passed to page_address() in the\nsk_msg_recvmsg(). Due to the different implementations depending on the\narchitecture, page_address(NULL) will trigger a panic on Loongarch\nplatform but not on x86 platform. So this bug was hidden on x86 platform\nfor a while, but now it is exposed on Loongarch platform. The root cause\nis that a zero length skb (skb-\u003elen == 0) was put on the queue.\n\nThis zero length skb is a TCP FIN packet, which was sent by shutdown(),\ninvoked in test_sockmap_skb_verdict_shutdown():\n\n\tshutdown(p1, SHUT_WR);\n\nIn this case, in sk_psock_skb_ingress_enqueue(), num_sge is zero, and no\npage is put to this sge (see sg_set_page in sg_set_page), but this empty\nsge is queued into ingress_msg list.\n\nAnd in sk_msg_recvmsg(), this empty sge is used, and a NULL page is got by\nsg_page(sge). Pass this NULL page to copy_page_to_iter(), which passes it\nto kmap_local_page() and to page_address(), then kernel panics.\n\nTo solve this, we should skip this zero length skb. So in sk_msg_recvmsg(),\nif copy is zero, that means it\u0027s a zero length skb, skip invoking\ncopy_page_to_iter(). We are using the EFAULT return triggered by\ncopy_page_to_iter to check for is_fin in tcp_bpf.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41048",
"url": "https://www.suse.com/security/cve/CVE-2024-41048"
},
{
"category": "external",
"summary": "SUSE Bug 1228565 for CVE-2024-41048",
"url": "https://bugzilla.suse.com/1228565"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41048"
},
{
"cve": "CVE-2024-41049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: fix potential use-after-free in posix_lock_inode\n\nLight Hsieh reported a KASAN UAF warning in trace_posix_lock_inode().\nThe request pointer had been changed earlier to point to a lock entry\nthat was added to the inode\u0027s list. However, before the tracepoint could\nfire, another task raced in and freed that lock.\n\nFix this by moving the tracepoint inside the spinlock, which should\nensure that this doesn\u0027t happen.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41049",
"url": "https://www.suse.com/security/cve/CVE-2024-41049"
},
{
"category": "external",
"summary": "SUSE Bug 1228486 for CVE-2024-41049",
"url": "https://bugzilla.suse.com/1228486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41049"
},
{
"cve": "CVE-2024-41050",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41050"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: cyclic allocation of msg_id to avoid reuse\n\nReusing the msg_id after a maliciously completed reopen request may cause\na read request to remain unprocessed and result in a hung, as shown below:\n\n t1 | t2 | t3\n-------------------------------------------------\ncachefiles_ondemand_select_req\n cachefiles_ondemand_object_is_close(A)\n cachefiles_ondemand_set_object_reopening(A)\n queue_work(fscache_object_wq, \u0026info-\u003ework)\n ondemand_object_worker\n cachefiles_ondemand_init_object(A)\n cachefiles_ondemand_send_req(OPEN)\n // get msg_id 6\n wait_for_completion(\u0026req_A-\u003edone)\ncachefiles_ondemand_daemon_read\n // read msg_id 6 req_A\n cachefiles_ondemand_get_fd\n copy_to_user\n // Malicious completion msg_id 6\n copen 6,-1\n cachefiles_ondemand_copen\n complete(\u0026req_A-\u003edone)\n // will not set the object to close\n // because ondemand_id \u0026\u0026 fd is valid.\n\n // ondemand_object_worker() is done\n // but the object is still reopening.\n\n // new open req_B\n cachefiles_ondemand_init_object(B)\n cachefiles_ondemand_send_req(OPEN)\n // reuse msg_id 6\nprocess_open_req\n copen 6,A.size\n // The expected failed copen was executed successfully\n\nExpect copen to fail, and when it does, it closes fd, which sets the\nobject to close, and then close triggers reopen again. However, due to\nmsg_id reuse resulting in a successful copen, the anonymous fd is not\nclosed until the daemon exits. Therefore read requests waiting for reopen\nto complete may trigger hung task.\n\nTo avoid this issue, allocate the msg_id cyclically to avoid reusing the\nmsg_id for a very short duration of time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41050",
"url": "https://www.suse.com/security/cve/CVE-2024-41050"
},
{
"category": "external",
"summary": "SUSE Bug 1228499 for CVE-2024-41050",
"url": "https://bugzilla.suse.com/1228499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41050"
},
{
"cve": "CVE-2024-41051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: wait for ondemand_object_worker to finish when dropping object\n\nWhen queuing ondemand_object_worker() to re-open the object,\ncachefiles_object is not pinned. The cachefiles_object may be freed when\nthe pending read request is completed intentionally and the related\nerofs is umounted. If ondemand_object_worker() runs after the object is\nfreed, it will incur use-after-free problem as shown below.\n\nprocess A processs B process C process D\n\ncachefiles_ondemand_send_req()\n// send a read req X\n// wait for its completion\n\n // close ondemand fd\n cachefiles_ondemand_fd_release()\n // set object as CLOSE\n\n cachefiles_ondemand_daemon_read()\n // set object as REOPENING\n queue_work(fscache_wq, \u0026info-\u003eondemand_work)\n\n // close /dev/cachefiles\n cachefiles_daemon_release\n cachefiles_flush_reqs\n complete(\u0026req-\u003edone)\n\n// read req X is completed\n// umount the erofs fs\ncachefiles_put_object()\n// object will be freed\ncachefiles_ondemand_deinit_obj_info()\nkmem_cache_free(object)\n // both info and object are freed\n ondemand_object_worker()\n\nWhen dropping an object, it is no longer necessary to reopen the object,\nso use cancel_work_sync() to cancel or wait for ondemand_object_worker()\nto finish.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41051",
"url": "https://www.suse.com/security/cve/CVE-2024-41051"
},
{
"category": "external",
"summary": "SUSE Bug 1228468 for CVE-2024-41051",
"url": "https://bugzilla.suse.com/1228468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41051"
},
{
"cve": "CVE-2024-41056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files\n\nUse strnlen() instead of strlen() on the algorithm and coefficient name\nstring arrays in V1 wmfw files.\n\nIn V1 wmfw files the name is a NUL-terminated string in a fixed-size\narray. cs_dsp should protect against overrunning the array if the NUL\nterminator is missing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41056",
"url": "https://www.suse.com/security/cve/CVE-2024-41056"
},
{
"category": "external",
"summary": "SUSE Bug 1228480 for CVE-2024-41056",
"url": "https://bugzilla.suse.com/1228480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41056"
},
{
"cve": "CVE-2024-41057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie()\n\nWe got the following issue in our fault injection stress test:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in cachefiles_withdraw_cookie+0x4d9/0x600\nRead of size 8 at addr ffff888118efc000 by task kworker/u78:0/109\n\nCPU: 13 PID: 109 Comm: kworker/u78:0 Not tainted 6.8.0-dirty #566\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n cachefiles_withdraw_cookie+0x4d9/0x600\n fscache_cookie_state_machine+0x5c8/0x1230\n fscache_cookie_worker+0x91/0x1c0\n process_one_work+0x7fa/0x1800\n [...]\n\nAllocated by task 117:\n kmalloc_trace+0x1b3/0x3c0\n cachefiles_acquire_volume+0xf3/0x9c0\n fscache_create_volume_work+0x97/0x150\n process_one_work+0x7fa/0x1800\n [...]\n\nFreed by task 120301:\n kfree+0xf1/0x2c0\n cachefiles_withdraw_cache+0x3fa/0x920\n cachefiles_put_unbind_pincount+0x1f6/0x250\n cachefiles_daemon_release+0x13b/0x290\n __fput+0x204/0xa00\n task_work_run+0x139/0x230\n do_exit+0x87a/0x29b0\n [...]\n==================================================================\n\nFollowing is the process that triggers the issue:\n\n p1 | p2\n------------------------------------------------------------\n fscache_begin_lookup\n fscache_begin_volume_access\n fscache_cache_is_live(fscache_cache)\ncachefiles_daemon_release\n cachefiles_put_unbind_pincount\n cachefiles_daemon_unbind\n cachefiles_withdraw_cache\n fscache_withdraw_cache\n fscache_set_cache_state(cache, FSCACHE_CACHE_IS_WITHDRAWN);\n cachefiles_withdraw_objects(cache)\n fscache_wait_for_objects(fscache)\n atomic_read(\u0026fscache_cache-\u003eobject_count) == 0\n fscache_perform_lookup\n cachefiles_lookup_cookie\n cachefiles_alloc_object\n refcount_set(\u0026object-\u003eref, 1);\n object-\u003evolume = volume\n fscache_count_object(vcookie-\u003ecache);\n atomic_inc(\u0026fscache_cache-\u003eobject_count)\n cachefiles_withdraw_volumes\n cachefiles_withdraw_volume\n fscache_withdraw_volume\n __cachefiles_free_volume\n kfree(cachefiles_volume)\n fscache_cookie_state_machine\n cachefiles_withdraw_cookie\n cache = object-\u003evolume-\u003ecache;\n // cachefiles_volume UAF !!!\n\nAfter setting FSCACHE_CACHE_IS_WITHDRAWN, wait for all the cookie lookups\nto complete first, and then wait for fscache_cache-\u003eobject_count == 0 to\navoid the cookie exiting after the volume has been freed and triggering\nthe above issue. Therefore call fscache_withdraw_volume() before calling\ncachefiles_withdraw_objects().\n\nThis way, after setting FSCACHE_CACHE_IS_WITHDRAWN, only the following two\ncases will occur:\n1) fscache_begin_lookup fails in fscache_begin_volume_access().\n2) fscache_withdraw_volume() will ensure that fscache_count_object() has\n been executed before calling fscache_wait_for_objects().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41057",
"url": "https://www.suse.com/security/cve/CVE-2024-41057"
},
{
"category": "external",
"summary": "SUSE Bug 1228462 for CVE-2024-41057",
"url": "https://bugzilla.suse.com/1228462"
},
{
"category": "external",
"summary": "SUSE Bug 1229275 for CVE-2024-41057",
"url": "https://bugzilla.suse.com/1229275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-41057"
},
{
"cve": "CVE-2024-41058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix slab-use-after-free in fscache_withdraw_volume()\n\nWe got the following issue in our fault injection stress test:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in fscache_withdraw_volume+0x2e1/0x370\nRead of size 4 at addr ffff88810680be08 by task ondemand-04-dae/5798\n\nCPU: 0 PID: 5798 Comm: ondemand-04-dae Not tainted 6.8.0-dirty #565\nCall Trace:\n kasan_check_range+0xf6/0x1b0\n fscache_withdraw_volume+0x2e1/0x370\n cachefiles_withdraw_volume+0x31/0x50\n cachefiles_withdraw_cache+0x3ad/0x900\n cachefiles_put_unbind_pincount+0x1f6/0x250\n cachefiles_daemon_release+0x13b/0x290\n __fput+0x204/0xa00\n task_work_run+0x139/0x230\n\nAllocated by task 5820:\n __kmalloc+0x1df/0x4b0\n fscache_alloc_volume+0x70/0x600\n __fscache_acquire_volume+0x1c/0x610\n erofs_fscache_register_volume+0x96/0x1a0\n erofs_fscache_register_fs+0x49a/0x690\n erofs_fc_fill_super+0x6c0/0xcc0\n vfs_get_super+0xa9/0x140\n vfs_get_tree+0x8e/0x300\n do_new_mount+0x28c/0x580\n [...]\n\nFreed by task 5820:\n kfree+0xf1/0x2c0\n fscache_put_volume.part.0+0x5cb/0x9e0\n erofs_fscache_unregister_fs+0x157/0x1b0\n erofs_kill_sb+0xd9/0x1c0\n deactivate_locked_super+0xa3/0x100\n vfs_get_super+0x105/0x140\n vfs_get_tree+0x8e/0x300\n do_new_mount+0x28c/0x580\n [...]\n==================================================================\n\nFollowing is the process that triggers the issue:\n\n mount failed | daemon exit\n------------------------------------------------------------\n deactivate_locked_super cachefiles_daemon_release\n erofs_kill_sb\n erofs_fscache_unregister_fs\n fscache_relinquish_volume\n __fscache_relinquish_volume\n fscache_put_volume(fscache_volume, fscache_volume_put_relinquish)\n zero = __refcount_dec_and_test(\u0026fscache_volume-\u003eref, \u0026ref);\n cachefiles_put_unbind_pincount\n cachefiles_daemon_unbind\n cachefiles_withdraw_cache\n cachefiles_withdraw_volumes\n list_del_init(\u0026volume-\u003ecache_link)\n fscache_free_volume(fscache_volume)\n cache-\u003eops-\u003efree_volume\n cachefiles_free_volume\n list_del_init(\u0026cachefiles_volume-\u003ecache_link);\n kfree(fscache_volume)\n cachefiles_withdraw_volume\n fscache_withdraw_volume\n fscache_volume-\u003en_accesses\n // fscache_volume UAF !!!\n\nThe fscache_volume in cache-\u003evolumes must not have been freed yet, but its\nreference count may be 0. So use the new fscache_try_get_volume() helper\nfunction try to get its reference count.\n\nIf the reference count of fscache_volume is 0, fscache_put_volume() is\nfreeing it, so wait for it to be removed from cache-\u003evolumes.\n\nIf its reference count is not 0, call cachefiles_withdraw_volume() with\nreference count protection to avoid the above issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41058",
"url": "https://www.suse.com/security/cve/CVE-2024-41058"
},
{
"category": "external",
"summary": "SUSE Bug 1228459 for CVE-2024-41058",
"url": "https://bugzilla.suse.com/1228459"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41058"
},
{
"cve": "CVE-2024-41059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41059"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix uninit-value in copy_name\n\n[syzbot reported]\nBUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160\n sized_strscpy+0xc4/0x160\n copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411\n hfsplus_listxattr+0x11e9/0x1a50 fs/hfsplus/xattr.c:750\n vfs_listxattr fs/xattr.c:493 [inline]\n listxattr+0x1f3/0x6b0 fs/xattr.c:840\n path_listxattr fs/xattr.c:864 [inline]\n __do_sys_listxattr fs/xattr.c:876 [inline]\n __se_sys_listxattr fs/xattr.c:873 [inline]\n __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873\n x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3877 [inline]\n slab_alloc_node mm/slub.c:3918 [inline]\n kmalloc_trace+0x57b/0xbe0 mm/slub.c:4065\n kmalloc include/linux/slab.h:628 [inline]\n hfsplus_listxattr+0x4cc/0x1a50 fs/hfsplus/xattr.c:699\n vfs_listxattr fs/xattr.c:493 [inline]\n listxattr+0x1f3/0x6b0 fs/xattr.c:840\n path_listxattr fs/xattr.c:864 [inline]\n __do_sys_listxattr fs/xattr.c:876 [inline]\n __se_sys_listxattr fs/xattr.c:873 [inline]\n __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873\n x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[Fix]\nWhen allocating memory to strbuf, initialize memory to 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41059",
"url": "https://www.suse.com/security/cve/CVE-2024-41059"
},
{
"category": "external",
"summary": "SUSE Bug 1228561 for CVE-2024-41059",
"url": "https://bugzilla.suse.com/1228561"
},
{
"category": "external",
"summary": "SUSE Bug 1228573 for CVE-2024-41059",
"url": "https://bugzilla.suse.com/1228573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-41059"
},
{
"cve": "CVE-2024-41060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: check bo_va-\u003ebo is non-NULL before using it\n\nThe call to radeon_vm_clear_freed might clear bo_va-\u003ebo, so\nwe have to check it before dereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41060",
"url": "https://www.suse.com/security/cve/CVE-2024-41060"
},
{
"category": "external",
"summary": "SUSE Bug 1228567 for CVE-2024-41060",
"url": "https://bugzilla.suse.com/1228567"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41060"
},
{
"cve": "CVE-2024-41061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport\n\n[Why]\nPotential out of bounds access in dml2_calculate_rq_and_dlg_params()\nbecause the value of out_lowest_state_idx used as an index for FCLKChangeSupport\narray can be greater than 1.\n\n[How]\nCurrently dml2 core specifies identical values for all FCLKChangeSupport\nelements. Always use index 0 in the condition to avoid out of bounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41061",
"url": "https://www.suse.com/security/cve/CVE-2024-41061"
},
{
"category": "external",
"summary": "SUSE Bug 1228572 for CVE-2024-41061",
"url": "https://bugzilla.suse.com/1228572"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41061"
},
{
"cve": "CVE-2024-41062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbluetooth/l2cap: sync sock recv cb and release\n\nThe problem occurs between the system call to close the sock and hci_rx_work,\nwhere the former releases the sock and the latter accesses it without lock protection.\n\n CPU0 CPU1\n ---- ----\n sock_close hci_rx_work\n\t l2cap_sock_release hci_acldata_packet\n\t l2cap_sock_kill l2cap_recv_frame\n\t sk_free l2cap_conless_channel\n\t l2cap_sock_recv_cb\n\nIf hci_rx_work processes the data that needs to be received before the sock is\nclosed, then everything is normal; Otherwise, the work thread may access the\nreleased sock when receiving data.\n\nAdd a chan mutex in the rx callback of the sock to achieve synchronization between\nthe sock release and recv cb.\n\nSock is dead, so set chan data to NULL, avoid others use invalid sock pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41062",
"url": "https://www.suse.com/security/cve/CVE-2024-41062"
},
{
"category": "external",
"summary": "SUSE Bug 1228576 for CVE-2024-41062",
"url": "https://bugzilla.suse.com/1228576"
},
{
"category": "external",
"summary": "SUSE Bug 1228578 for CVE-2024-41062",
"url": "https://bugzilla.suse.com/1228578"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-41062"
},
{
"cve": "CVE-2024-41063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: cancel all works upon hci_unregister_dev()\n\nsyzbot is reporting that calling hci_release_dev() from hci_error_reset()\ndue to hci_dev_put() from hci_error_reset() can cause deadlock at\ndestroy_workqueue(), for hci_error_reset() is called from\nhdev-\u003ereq_workqueue which destroy_workqueue() needs to flush.\n\nWe need to make sure that hdev-\u003e{rx_work,cmd_work,tx_work} which are\nqueued into hdev-\u003eworkqueue and hdev-\u003e{power_on,error_reset} which are\nqueued into hdev-\u003ereq_workqueue are no longer running by the moment\n\n destroy_workqueue(hdev-\u003eworkqueue);\n destroy_workqueue(hdev-\u003ereq_workqueue);\n\nare called from hci_release_dev().\n\nCall cancel_work_sync() on these work items from hci_unregister_dev()\nas soon as hdev-\u003elist is removed from hci_dev_list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41063",
"url": "https://www.suse.com/security/cve/CVE-2024-41063"
},
{
"category": "external",
"summary": "SUSE Bug 1228580 for CVE-2024-41063",
"url": "https://bugzilla.suse.com/1228580"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41063"
},
{
"cve": "CVE-2024-41064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41064"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/eeh: avoid possible crash when edev-\u003epdev changes\n\nIf a PCI device is removed during eeh_pe_report_edev(), edev-\u003epdev\nwill change and can cause a crash, hold the PCI rescan/remove lock\nwhile taking a copy of edev-\u003epdev-\u003ebus.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41064",
"url": "https://www.suse.com/security/cve/CVE-2024-41064"
},
{
"category": "external",
"summary": "SUSE Bug 1228599 for CVE-2024-41064",
"url": "https://bugzilla.suse.com/1228599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41064"
},
{
"cve": "CVE-2024-41065",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41065"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Whitelist dtl slub object for copying to userspace\n\nReading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu-*\nresults in a BUG() when the config CONFIG_HARDENED_USERCOPY is enabled as\nshown below.\n\n kernel BUG at mm/usercopy.c:102!\n Oops: Exception in kernel mode, sig: 5 [#1]\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n Modules linked in: xfs libcrc32c dm_service_time sd_mod t10_pi sg ibmvfc\n scsi_transport_fc ibmveth pseries_wdt dm_multipath dm_mirror dm_region_hash dm_log dm_mod fuse\n CPU: 27 PID: 1815 Comm: python3 Not tainted 6.10.0-rc3 #85\n Hardware name: IBM,9040-MRX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NM1060_042) hv:phyp pSeries\n NIP: c0000000005d23d4 LR: c0000000005d23d0 CTR: 00000000006ee6f8\n REGS: c000000120c078c0 TRAP: 0700 Not tainted (6.10.0-rc3)\n MSR: 8000000000029033 \u003cSF,EE,ME,IR,DR,RI,LE\u003e CR: 2828220f XER: 0000000e\n CFAR: c0000000001fdc80 IRQMASK: 0\n [ ... GPRs omitted ... ]\n NIP [c0000000005d23d4] usercopy_abort+0x78/0xb0\n LR [c0000000005d23d0] usercopy_abort+0x74/0xb0\n Call Trace:\n usercopy_abort+0x74/0xb0 (unreliable)\n __check_heap_object+0xf8/0x120\n check_heap_object+0x218/0x240\n __check_object_size+0x84/0x1a4\n dtl_file_read+0x17c/0x2c4\n full_proxy_read+0x8c/0x110\n vfs_read+0xdc/0x3a0\n ksys_read+0x84/0x144\n system_call_exception+0x124/0x330\n system_call_vectored_common+0x15c/0x2ec\n --- interrupt: 3000 at 0x7fff81f3ab34\n\nCommit 6d07d1cd300f (\"usercopy: Restrict non-usercopy caches to size 0\")\nrequires that only whitelisted areas in slab/slub objects can be copied to\nuserspace when usercopy hardening is enabled using CONFIG_HARDENED_USERCOPY.\nDtl contains hypervisor dispatch events which are expected to be read by\nprivileged users. Hence mark this safe for user access.\nSpecify useroffset=0 and usersize=DISPATCH_LOG_BYTES to whitelist the\nentire object.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41065",
"url": "https://www.suse.com/security/cve/CVE-2024-41065"
},
{
"category": "external",
"summary": "SUSE Bug 1228636 for CVE-2024-41065",
"url": "https://bugzilla.suse.com/1228636"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41065"
},
{
"cve": "CVE-2024-41066",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41066"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Add tx check to prevent skb leak\n\nBelow is a summary of how the driver stores a reference to an skb during\ntransmit:\n tx_buff[free_map[consumer_index]]-\u003eskb = new_skb;\n free_map[consumer_index] = IBMVNIC_INVALID_MAP;\n consumer_index ++;\nWhere variable data looks like this:\n free_map == [4, IBMVNIC_INVALID_MAP, IBMVNIC_INVALID_MAP, 0, 3]\n \tconsumer_index^\n tx_buff == [skb=null, skb=\u003cptr\u003e, skb=\u003cptr\u003e, skb=null, skb=null]\n\nThe driver has checks to ensure that free_map[consumer_index] pointed to\na valid index but there was no check to ensure that this index pointed\nto an unused/null skb address. So, if, by some chance, our free_map and\ntx_buff lists become out of sync then we were previously risking an\nskb memory leak. This could then cause tcp congestion control to stop\nsending packets, eventually leading to ETIMEDOUT.\n\nTherefore, add a conditional to ensure that the skb address is null. If\nnot then warn the user (because this is still a bug that should be\npatched) and free the old pointer to prevent memleak/tcp problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41066",
"url": "https://www.suse.com/security/cve/CVE-2024-41066"
},
{
"category": "external",
"summary": "SUSE Bug 1228640 for CVE-2024-41066",
"url": "https://bugzilla.suse.com/1228640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41066"
},
{
"cve": "CVE-2024-41068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41068"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Fix sclp_init() cleanup on failure\n\nIf sclp_init() fails it only partially cleans up: if there are multiple\nfailing calls to sclp_init() sclp_state_change_event will be added several\ntimes to sclp_reg_list, which results in the following warning:\n\n------------[ cut here ]------------\nlist_add double add: new=000003ffe1598c10, prev=000003ffe1598bf0, next=000003ffe1598c10.\nWARNING: CPU: 0 PID: 1 at lib/list_debug.c:35 __list_add_valid_or_report+0xde/0xf8\nCPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-rc3\nKrnl PSW : 0404c00180000000 000003ffe0d6076a (__list_add_valid_or_report+0xe2/0xf8)\n R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\n...\nCall Trace:\n [\u003c000003ffe0d6076a\u003e] __list_add_valid_or_report+0xe2/0xf8\n([\u003c000003ffe0d60766\u003e] __list_add_valid_or_report+0xde/0xf8)\n [\u003c000003ffe0a8d37e\u003e] sclp_init+0x40e/0x450\n [\u003c000003ffe00009f2\u003e] do_one_initcall+0x42/0x1e0\n [\u003c000003ffe15b77a6\u003e] do_initcalls+0x126/0x150\n [\u003c000003ffe15b7a0a\u003e] kernel_init_freeable+0x1ba/0x1f8\n [\u003c000003ffe0d6650e\u003e] kernel_init+0x2e/0x180\n [\u003c000003ffe000301c\u003e] __ret_from_fork+0x3c/0x60\n [\u003c000003ffe0d759ca\u003e] ret_from_fork+0xa/0x30\n\nFix this by removing sclp_state_change_event from sclp_reg_list when\nsclp_init() fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41068",
"url": "https://www.suse.com/security/cve/CVE-2024-41068"
},
{
"category": "external",
"summary": "SUSE Bug 1228579 for CVE-2024-41068",
"url": "https://bugzilla.suse.com/1228579"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41068"
},
{
"cve": "CVE-2024-41069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: topology: Fix references to freed memory\n\nMost users after parsing a topology file, release memory used by it, so\nhaving pointer references directly into topology file contents is wrong.\nUse devm_kmemdup(), to allocate memory as needed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41069",
"url": "https://www.suse.com/security/cve/CVE-2024-41069"
},
{
"category": "external",
"summary": "SUSE Bug 1228644 for CVE-2024-41069",
"url": "https://bugzilla.suse.com/1228644"
},
{
"category": "external",
"summary": "SUSE Bug 1228645 for CVE-2024-41069",
"url": "https://bugzilla.suse.com/1228645"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-41069"
},
{
"cve": "CVE-2024-41070",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41070"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()\n\nAl reported a possible use-after-free (UAF) in kvm_spapr_tce_attach_iommu_group().\n\nIt looks up `stt` from tablefd, but then continues to use it after doing\nfdput() on the returned fd. After the fdput() the tablefd is free to be\nclosed by another thread. The close calls kvm_spapr_tce_release() and\nthen release_spapr_tce_table() (via call_rcu()) which frees `stt`.\n\nAlthough there are calls to rcu_read_lock() in\nkvm_spapr_tce_attach_iommu_group() they are not sufficient to prevent\nthe UAF, because `stt` is used outside the locked regions.\n\nWith an artifcial delay after the fdput() and a userspace program which\ntriggers the race, KASAN detects the UAF:\n\n BUG: KASAN: slab-use-after-free in kvm_spapr_tce_attach_iommu_group+0x298/0x720 [kvm]\n Read of size 4 at addr c000200027552c30 by task kvm-vfio/2505\n CPU: 54 PID: 2505 Comm: kvm-vfio Not tainted 6.10.0-rc3-next-20240612-dirty #1\n Hardware name: 8335-GTH POWER9 0x4e1202 opal:skiboot-v6.5.3-35-g1851b2a06 PowerNV\n Call Trace:\n dump_stack_lvl+0xb4/0x108 (unreliable)\n print_report+0x2b4/0x6ec\n kasan_report+0x118/0x2b0\n __asan_load4+0xb8/0xd0\n kvm_spapr_tce_attach_iommu_group+0x298/0x720 [kvm]\n kvm_vfio_set_attr+0x524/0xac0 [kvm]\n kvm_device_ioctl+0x144/0x240 [kvm]\n sys_ioctl+0x62c/0x1810\n system_call_exception+0x190/0x440\n system_call_vectored_common+0x15c/0x2ec\n ...\n Freed by task 0:\n ...\n kfree+0xec/0x3e0\n release_spapr_tce_table+0xd4/0x11c [kvm]\n rcu_core+0x568/0x16a0\n handle_softirqs+0x23c/0x920\n do_softirq_own_stack+0x6c/0x90\n do_softirq_own_stack+0x58/0x90\n __irq_exit_rcu+0x218/0x2d0\n irq_exit+0x30/0x80\n arch_local_irq_restore+0x128/0x230\n arch_local_irq_enable+0x1c/0x30\n cpuidle_enter_state+0x134/0x5cc\n cpuidle_enter+0x6c/0xb0\n call_cpuidle+0x7c/0x100\n do_idle+0x394/0x410\n cpu_startup_entry+0x60/0x70\n start_secondary+0x3fc/0x410\n start_secondary_prolog+0x10/0x14\n\nFix it by delaying the fdput() until `stt` is no longer in use, which\nis effectively the entire function. To keep the patch minimal add a call\nto fdput() at each of the existing return paths. Future work can convert\nthe function to goto or __cleanup style cleanup.\n\nWith the fix in place the test case no longer triggers the UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41070",
"url": "https://www.suse.com/security/cve/CVE-2024-41070"
},
{
"category": "external",
"summary": "SUSE Bug 1228581 for CVE-2024-41070",
"url": "https://bugzilla.suse.com/1228581"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41070"
},
{
"cve": "CVE-2024-41071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41071"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41071",
"url": "https://www.suse.com/security/cve/CVE-2024-41071"
},
{
"category": "external",
"summary": "SUSE Bug 1228625 for CVE-2024-41071",
"url": "https://bugzilla.suse.com/1228625"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41071"
},
{
"cve": "CVE-2024-41072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41072"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: wext: add extra SIOCSIWSCAN data check\n\nIn \u0027cfg80211_wext_siwscan()\u0027, add extra check whether number of\nchannels passed via \u0027ioctl(sock, SIOCSIWSCAN, ...)\u0027 doesn\u0027t exceed\nIW_MAX_FREQUENCIES and reject invalid request with -EINVAL otherwise.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41072",
"url": "https://www.suse.com/security/cve/CVE-2024-41072"
},
{
"category": "external",
"summary": "SUSE Bug 1228626 for CVE-2024-41072",
"url": "https://bugzilla.suse.com/1228626"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41072"
},
{
"cve": "CVE-2024-41073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: avoid double free special payload\n\nIf a discard request needs to be retried, and that retry may fail before\na new special payload is added, a double free will result. Clear the\nRQF_SPECIAL_LOAD when the request is cleaned.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41073",
"url": "https://www.suse.com/security/cve/CVE-2024-41073"
},
{
"category": "external",
"summary": "SUSE Bug 1228635 for CVE-2024-41073",
"url": "https://bugzilla.suse.com/1228635"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41073"
},
{
"cve": "CVE-2024-41074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41074"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set object to close if ondemand_id \u003c 0 in copen\n\nIf copen is maliciously called in the user mode, it may delete the request\ncorresponding to the random id. And the request may have not been read yet.\n\nNote that when the object is set to reopen, the open request will be done\nwith the still reopen state in above case. As a result, the request\ncorresponding to this object is always skipped in select_req function, so\nthe read request is never completed and blocks other process.\n\nFix this issue by simply set object to close if its id \u003c 0 in copen.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41074",
"url": "https://www.suse.com/security/cve/CVE-2024-41074"
},
{
"category": "external",
"summary": "SUSE Bug 1228643 for CVE-2024-41074",
"url": "https://bugzilla.suse.com/1228643"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41074"
},
{
"cve": "CVE-2024-41075",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41075"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: add consistency check for copen/cread\n\nThis prevents malicious processes from completing random copen/cread\nrequests and crashing the system. Added checks are listed below:\n\n * Generic, copen can only complete open requests, and cread can only\n complete read requests.\n * For copen, ondemand_id must not be 0, because this indicates that the\n request has not been read by the daemon.\n * For cread, the object corresponding to fd and req should be the same.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41075",
"url": "https://www.suse.com/security/cve/CVE-2024-41075"
},
{
"category": "external",
"summary": "SUSE Bug 1228646 for CVE-2024-41075",
"url": "https://bugzilla.suse.com/1228646"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41075"
},
{
"cve": "CVE-2024-41076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4: Fix memory leak in nfs4_set_security_label\n\nWe leak nfs_fattr and nfs4_label every time we set a security xattr.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41076",
"url": "https://www.suse.com/security/cve/CVE-2024-41076"
},
{
"category": "external",
"summary": "SUSE Bug 1228649 for CVE-2024-41076",
"url": "https://bugzilla.suse.com/1228649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41076"
},
{
"cve": "CVE-2024-41078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: fix quota root leak after quota disable failure\n\nIf during the quota disable we fail when cleaning the quota tree or when\ndeleting the root from the root tree, we jump to the \u0027out\u0027 label without\never dropping the reference on the quota root, resulting in a leak of the\nroot since fs_info-\u003equota_root is no longer pointing to the root (we have\nset it to NULL just before those steps).\n\nFix this by always doing a btrfs_put_root() call under the \u0027out\u0027 label.\nThis is a problem that exists since qgroups were first added in 2012 by\ncommit bed92eae26cc (\"Btrfs: qgroup implementation and prototypes\"), but\nback then we missed a kfree on the quota root and free_extent_buffer()\ncalls on its root and commit root nodes, since back then roots were not\nyet reference counted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41078",
"url": "https://www.suse.com/security/cve/CVE-2024-41078"
},
{
"category": "external",
"summary": "SUSE Bug 1228655 for CVE-2024-41078",
"url": "https://bugzilla.suse.com/1228655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41078"
},
{
"cve": "CVE-2024-41079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: always initialize cqe.result\n\nThe spec doesn\u0027t mandate that the first two double words (aka results)\nfor the command queue entry need to be set to 0 when they are not\nused (not specified). Though, the target implemention returns 0 for TCP\nand FC but not for RDMA.\n\nLet\u0027s make RDMA behave the same and thus explicitly initializing the\nresult field. This prevents leaking any data from the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41079",
"url": "https://www.suse.com/security/cve/CVE-2024-41079"
},
{
"category": "external",
"summary": "SUSE Bug 1228615 for CVE-2024-41079",
"url": "https://bugzilla.suse.com/1228615"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41079"
},
{
"cve": "CVE-2024-41080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix possible deadlock in io_register_iowq_max_workers()\n\nThe io_register_iowq_max_workers() function calls io_put_sq_data(),\nwhich acquires the sqd-\u003elock without releasing the uring_lock.\nSimilar to the commit 009ad9f0c6ee (\"io_uring: drop ctx-\u003euring_lock\nbefore acquiring sqd-\u003elock\"), this can lead to a potential deadlock\nsituation.\n\nTo resolve this issue, the uring_lock is released before calling\nio_put_sq_data(), and then it is re-acquired after the function call.\n\nThis change ensures that the locks are acquired in the correct\norder, preventing the possibility of a deadlock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41080",
"url": "https://www.suse.com/security/cve/CVE-2024-41080"
},
{
"category": "external",
"summary": "SUSE Bug 1228616 for CVE-2024-41080",
"url": "https://bugzilla.suse.com/1228616"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41080"
},
{
"cve": "CVE-2024-41081",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41081"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: block BH in ila_output()\n\nAs explained in commit 1378817486d6 (\"tipc: block BH\nbefore using dst_cache\"), net/core/dst_cache.c\nhelpers need to be called with BH disabled.\n\nila_output() is called from lwtunnel_output()\npossibly from process context, and under rcu_read_lock().\n\nWe might be interrupted by a softirq, re-enter ila_output()\nand corrupt dst_cache data structures.\n\nFix the race by using local_bh_disable().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41081",
"url": "https://www.suse.com/security/cve/CVE-2024-41081"
},
{
"category": "external",
"summary": "SUSE Bug 1228617 for CVE-2024-41081",
"url": "https://bugzilla.suse.com/1228617"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41081"
},
{
"cve": "CVE-2024-41084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41084"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Avoid null pointer dereference in region lookup\n\ncxl_dpa_to_region() looks up a region based on a memdev and DPA.\nIt wrongly assumes an endpoint found mapping the DPA is also of\na fully assembled region. When not true it leads to a null pointer\ndereference looking up the region name.\n\nThis appears during testing of region lookup after a failure to\nassemble a BIOS defined region or if the lookup raced with the\nassembly of the BIOS defined region.\n\nFailure to clean up BIOS defined regions that fail assembly is an\nissue in itself and a fix to that problem will alleviate some of\nthe impact. It will not alleviate the race condition so let\u0027s harden\nthis path.\n\nThe behavior change is that the kernel oops due to a null pointer\ndereference is replaced with a dev_dbg() message noting that an\nendpoint was mapped.\n\nAdditional comments are added so that future users of this function\ncan more clearly understand what it provides.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41084",
"url": "https://www.suse.com/security/cve/CVE-2024-41084"
},
{
"category": "external",
"summary": "SUSE Bug 1228472 for CVE-2024-41084",
"url": "https://bugzilla.suse.com/1228472"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41084"
},
{
"cve": "CVE-2024-41087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-core: Fix double free on error\n\nIf e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump\nto the err_out label, which will call devres_release_group().\ndevres_release_group() will trigger a call to ata_host_release().\nata_host_release() calls kfree(host), so executing the kfree(host) in\nata_host_alloc() will lead to a double free:\n\nkernel BUG at mm/slub.c:553!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 11 PID: 599 Comm: (udev-worker) Not tainted 6.10.0-rc5 #47\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:kfree+0x2cf/0x2f0\nCode: 5d 41 5e 41 5f 5d e9 80 d6 ff ff 4d 89 f1 41 b8 01 00 00 00 48 89 d9 48 89 da\nRSP: 0018:ffffc90000f377f0 EFLAGS: 00010246\nRAX: ffff888112b1f2c0 RBX: ffff888112b1f2c0 RCX: ffff888112b1f320\nRDX: 000000000000400b RSI: ffffffffc02c9de5 RDI: ffff888112b1f2c0\nRBP: ffffc90000f37830 R08: 0000000000000000 R09: 0000000000000000\nR10: ffffc90000f37610 R11: 617461203a736b6e R12: ffffea00044ac780\nR13: ffff888100046400 R14: ffffffffc02c9de5 R15: 0000000000000006\nFS: 00007f2f1cabe980(0000) GS:ffff88813b380000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f2f1c3acf75 CR3: 0000000111724000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0xca/0x110\n ? do_error_trap+0x6a/0x90\n ? kfree+0x2cf/0x2f0\n ? exc_invalid_op+0x50/0x70\n ? kfree+0x2cf/0x2f0\n ? asm_exc_invalid_op+0x1a/0x20\n ? ata_host_alloc+0xf5/0x120 [libata]\n ? ata_host_alloc+0xf5/0x120 [libata]\n ? kfree+0x2cf/0x2f0\n ata_host_alloc+0xf5/0x120 [libata]\n ata_host_alloc_pinfo+0x14/0xa0 [libata]\n ahci_init_one+0x6c9/0xd20 [ahci]\n\nEnsure that we will not call kfree(host) twice, by performing the kfree()\nonly if the devres_open_group() call failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41087",
"url": "https://www.suse.com/security/cve/CVE-2024-41087"
},
{
"category": "external",
"summary": "SUSE Bug 1228466 for CVE-2024-41087",
"url": "https://bugzilla.suse.com/1228466"
},
{
"category": "external",
"summary": "SUSE Bug 1228740 for CVE-2024-41087",
"url": "https://bugzilla.suse.com/1228740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-41087"
},
{
"cve": "CVE-2024-41088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251xfd: fix infinite loop when xmit fails\n\nWhen the mcp251xfd_start_xmit() function fails, the driver stops\nprocessing messages, and the interrupt routine does not return,\nrunning indefinitely even after killing the running application.\n\nError messages:\n[ 441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16\n[ 441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf, tef_head=0x000017d0, tx_head=0x000017d3).\n... and repeat forever.\n\nThe issue can be triggered when multiple devices share the same SPI\ninterface. And there is concurrent access to the bus.\n\nThe problem occurs because tx_ring-\u003ehead increments even if\nmcp251xfd_start_xmit() fails. Consequently, the driver skips one TX\npackage while still expecting a response in\nmcp251xfd_handle_tefif_one().\n\nResolve the issue by starting a workqueue to write the tx obj\nsynchronously if err = -EBUSY. In case of another error, decrement\ntx_ring-\u003ehead, remove skb from the echo stack, and drop the message.\n\n[mkl: use more imperative wording in patch description]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41088",
"url": "https://www.suse.com/security/cve/CVE-2024-41088"
},
{
"category": "external",
"summary": "SUSE Bug 1228469 for CVE-2024-41088",
"url": "https://bugzilla.suse.com/1228469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41088"
},
{
"cve": "CVE-2024-41089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes\n\nIn nv17_tv_get_hd_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). The same applies to drm_cvt_mode().\nAdd a check to avoid null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41089",
"url": "https://www.suse.com/security/cve/CVE-2024-41089"
},
{
"category": "external",
"summary": "SUSE Bug 1228658 for CVE-2024-41089",
"url": "https://bugzilla.suse.com/1228658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41089"
},
{
"cve": "CVE-2024-41092",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41092"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Fix potential UAF by revoke of fence registers\n\nCI has been sporadically reporting the following issue triggered by\nigt@i915_selftest@live@hangcheck on ADL-P and similar machines:\n\n\u003c6\u003e [414.049203] i915: Running intel_hangcheck_live_selftests/igt_reset_evict_fence\n...\n\u003c6\u003e [414.068804] i915 0000:00:02.0: [drm] GT0: GUC: submission enabled\n\u003c6\u003e [414.068812] i915 0000:00:02.0: [drm] GT0: GUC: SLPC enabled\n\u003c3\u003e [414.070354] Unable to pin Y-tiled fence; err:-4\n\u003c3\u003e [414.071282] i915_vma_revoke_fence:301 GEM_BUG_ON(!i915_active_is_idle(\u0026fence-\u003eactive))\n...\n\u003c4\u003e[ 609.603992] ------------[ cut here ]------------\n\u003c2\u003e[ 609.603995] kernel BUG at drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c:301!\n\u003c4\u003e[ 609.604003] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n\u003c4\u003e[ 609.604006] CPU: 0 PID: 268 Comm: kworker/u64:3 Tainted: G U W 6.9.0-CI_DRM_14785-g1ba62f8cea9c+ #1\n\u003c4\u003e[ 609.604008] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023\n\u003c4\u003e[ 609.604010] Workqueue: i915 __i915_gem_free_work [i915]\n\u003c4\u003e[ 609.604149] RIP: 0010:i915_vma_revoke_fence+0x187/0x1f0 [i915]\n...\n\u003c4\u003e[ 609.604271] Call Trace:\n\u003c4\u003e[ 609.604273] \u003cTASK\u003e\n...\n\u003c4\u003e[ 609.604716] __i915_vma_evict+0x2e9/0x550 [i915]\n\u003c4\u003e[ 609.604852] __i915_vma_unbind+0x7c/0x160 [i915]\n\u003c4\u003e[ 609.604977] force_unbind+0x24/0xa0 [i915]\n\u003c4\u003e[ 609.605098] i915_vma_destroy+0x2f/0xa0 [i915]\n\u003c4\u003e[ 609.605210] __i915_gem_object_pages_fini+0x51/0x2f0 [i915]\n\u003c4\u003e[ 609.605330] __i915_gem_free_objects.isra.0+0x6a/0xc0 [i915]\n\u003c4\u003e[ 609.605440] process_scheduled_works+0x351/0x690\n...\n\nIn the past, there were similar failures reported by CI from other IGT\ntests, observed on other platforms.\n\nBefore commit 63baf4f3d587 (\"drm/i915/gt: Only wait for GPU activity\nbefore unbinding a GGTT fence\"), i915_vma_revoke_fence() was waiting for\nidleness of vma-\u003eactive via fence_update(). That commit introduced\nvma-\u003efence-\u003eactive in order for the fence_update() to be able to wait\nselectively on that one instead of vma-\u003eactive since only idleness of\nfence registers was needed. But then, another commit 0d86ee35097a\n(\"drm/i915/gt: Make fence revocation unequivocal\") replaced the call to\nfence_update() in i915_vma_revoke_fence() with only fence_write(), and\nalso added that GEM_BUG_ON(!i915_active_is_idle(\u0026fence-\u003eactive)) in front.\nNo justification was provided on why we might then expect idleness of\nvma-\u003efence-\u003eactive without first waiting on it.\n\nThe issue can be potentially caused by a race among revocation of fence\nregisters on one side and sequential execution of signal callbacks invoked\non completion of a request that was using them on the other, still\nprocessed in parallel to revocation of those fence registers. Fix it by\nwaiting for idleness of vma-\u003efence-\u003eactive in i915_vma_revoke_fence().\n\n(cherry picked from commit 24bb052d3dd499c5956abad5f7d8e4fd07da7fb1)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41092",
"url": "https://www.suse.com/security/cve/CVE-2024-41092"
},
{
"category": "external",
"summary": "SUSE Bug 1228483 for CVE-2024-41092",
"url": "https://bugzilla.suse.com/1228483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41092"
},
{
"cve": "CVE-2024-41093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41093"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid using null object of framebuffer\n\nInstead of using state-\u003efb-\u003eobj[0] directly, get object from framebuffer\nby calling drm_gem_fb_get_obj() and return error code when object is\nnull to avoid using null object of framebuffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41093",
"url": "https://www.suse.com/security/cve/CVE-2024-41093"
},
{
"category": "external",
"summary": "SUSE Bug 1228660 for CVE-2024-41093",
"url": "https://bugzilla.suse.com/1228660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41093"
},
{
"cve": "CVE-2024-41094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41094"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/fbdev-dma: Only set smem_start is enable per module option\n\nOnly export struct fb_info.fix.smem_start if that is required by the\nuser and the memory does not come from vmalloc().\n\nSetting struct fb_info.fix.smem_start breaks systems where DMA\nmemory is backed by vmalloc address space. An example error is\nshown below.\n\n[ 3.536043] ------------[ cut here ]------------\n[ 3.540716] virt_to_phys used for non-linear address: 000000007fc4f540 (0xffff800086001000)\n[ 3.552628] WARNING: CPU: 4 PID: 61 at arch/arm64/mm/physaddr.c:12 __virt_to_phys+0x68/0x98\n[ 3.565455] Modules linked in:\n[ 3.568525] CPU: 4 PID: 61 Comm: kworker/u12:5 Not tainted 6.6.23-06226-g4986cc3e1b75-dirty #250\n[ 3.577310] Hardware name: NXP i.MX95 19X19 board (DT)\n[ 3.582452] Workqueue: events_unbound deferred_probe_work_func\n[ 3.588291] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 3.595233] pc : __virt_to_phys+0x68/0x98\n[ 3.599246] lr : __virt_to_phys+0x68/0x98\n[ 3.603276] sp : ffff800083603990\n[ 3.677939] Call trace:\n[ 3.680393] __virt_to_phys+0x68/0x98\n[ 3.684067] drm_fbdev_dma_helper_fb_probe+0x138/0x238\n[ 3.689214] __drm_fb_helper_initial_config_and_unlock+0x2b0/0x4c0\n[ 3.695385] drm_fb_helper_initial_config+0x4c/0x68\n[ 3.700264] drm_fbdev_dma_client_hotplug+0x8c/0xe0\n[ 3.705161] drm_client_register+0x60/0xb0\n[ 3.709269] drm_fbdev_dma_setup+0x94/0x148\n\nAdditionally, DMA memory is assumed to by contiguous in physical\naddress space, which is not guaranteed by vmalloc().\n\nResolve this by checking the module flag drm_leak_fbdev_smem when\nDRM allocated the instance of struct fb_info. Fbdev-dma then only\nsets smem_start only if required (via FBINFO_HIDE_SMEM_START). Also\nguarantee that the framebuffer is not located in vmalloc address\nspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41094",
"url": "https://www.suse.com/security/cve/CVE-2024-41094"
},
{
"category": "external",
"summary": "SUSE Bug 1228458 for CVE-2024-41094",
"url": "https://bugzilla.suse.com/1228458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41094"
},
{
"cve": "CVE-2024-41095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes\n\nIn nv17_tv_get_ld_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41095",
"url": "https://www.suse.com/security/cve/CVE-2024-41095"
},
{
"category": "external",
"summary": "SUSE Bug 1228662 for CVE-2024-41095",
"url": "https://bugzilla.suse.com/1228662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41095"
},
{
"cve": "CVE-2024-41096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/MSI: Fix UAF in msi_capability_init\n\nKFENCE reports the following UAF:\n\n BUG: KFENCE: use-after-free read in __pci_enable_msi_range+0x2c0/0x488\n\n Use-after-free read at 0x0000000024629571 (in kfence-#12):\n __pci_enable_msi_range+0x2c0/0x488\n pci_alloc_irq_vectors_affinity+0xec/0x14c\n pci_alloc_irq_vectors+0x18/0x28\n\n kfence-#12: 0x0000000008614900-0x00000000e06c228d, size=104, cache=kmalloc-128\n\n allocated by task 81 on cpu 7 at 10.808142s:\n __kmem_cache_alloc_node+0x1f0/0x2bc\n kmalloc_trace+0x44/0x138\n msi_alloc_desc+0x3c/0x9c\n msi_domain_insert_msi_desc+0x30/0x78\n msi_setup_msi_desc+0x13c/0x184\n __pci_enable_msi_range+0x258/0x488\n pci_alloc_irq_vectors_affinity+0xec/0x14c\n pci_alloc_irq_vectors+0x18/0x28\n\n freed by task 81 on cpu 7 at 10.811436s:\n msi_domain_free_descs+0xd4/0x10c\n msi_domain_free_locked.part.0+0xc0/0x1d8\n msi_domain_alloc_irqs_all_locked+0xb4/0xbc\n pci_msi_setup_msi_irqs+0x30/0x4c\n __pci_enable_msi_range+0x2a8/0x488\n pci_alloc_irq_vectors_affinity+0xec/0x14c\n pci_alloc_irq_vectors+0x18/0x28\n\nDescriptor allocation done in:\n__pci_enable_msi_range\n msi_capability_init\n msi_setup_msi_desc\n msi_insert_msi_desc\n msi_domain_insert_msi_desc\n msi_alloc_desc\n ...\n\nFreed in case of failure in __msi_domain_alloc_locked()\n__pci_enable_msi_range\n msi_capability_init\n pci_msi_setup_msi_irqs\n msi_domain_alloc_irqs_all_locked\n msi_domain_alloc_locked\n __msi_domain_alloc_locked =\u003e fails\n msi_domain_free_locked\n ...\n\nThat failure propagates back to pci_msi_setup_msi_irqs() in\nmsi_capability_init() which accesses the descriptor for unmasking in the\nerror exit path.\n\nCure it by copying the descriptor and using the copy for the error exit path\nunmask operation.\n\n[ tglx: Massaged change log ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41096",
"url": "https://www.suse.com/security/cve/CVE-2024-41096"
},
{
"category": "external",
"summary": "SUSE Bug 1228479 for CVE-2024-41096",
"url": "https://bugzilla.suse.com/1228479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41096"
},
{
"cve": "CVE-2024-41097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41097"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: atm: cxacru: fix endpoint checking in cxacru_bind()\n\nSyzbot is still reporting quite an old issue [1] that occurs due to\nincomplete checking of present usb endpoints. As such, wrong\nendpoints types may be used at urb sumbitting stage which in turn\ntriggers a warning in usb_submit_urb().\n\nFix the issue by verifying that required endpoint types are present\nfor both in and out endpoints, taking into account cmd endpoint type.\n\nUnfortunately, this patch has not been tested on real hardware.\n\n[1] Syzbot report:\nusb 1-1: BOGUS urb xfer, pipe 1 != type 3\nWARNING: CPU: 0 PID: 8667 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\nModules linked in:\nCPU: 0 PID: 8667 Comm: kworker/0:4 Not tainted 5.14.0-rc4-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\n...\nCall Trace:\n cxacru_cm+0x3c0/0x8e0 drivers/usb/atm/cxacru.c:649\n cxacru_card_status+0x22/0xd0 drivers/usb/atm/cxacru.c:760\n cxacru_bind+0x7ac/0x11a0 drivers/usb/atm/cxacru.c:1209\n usbatm_usb_probe+0x321/0x1ae0 drivers/usb/atm/usbatm.c:1055\n cxacru_usb_probe+0xdf/0x1e0 drivers/usb/atm/cxacru.c:1363\n usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:517 [inline]\n really_probe+0x23c/0xcd0 drivers/base/dd.c:595\n __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747\n driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777\n __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894\n bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427\n __device_attach+0x228/0x4a0 drivers/base/dd.c:965\n bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487\n device_add+0xc2f/0x2180 drivers/base/core.c:3354\n usb_set_configuration+0x113a/0x1910 drivers/usb/core/message.c:2170\n usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238\n usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41097",
"url": "https://www.suse.com/security/cve/CVE-2024-41097"
},
{
"category": "external",
"summary": "SUSE Bug 1228513 for CVE-2024-41097",
"url": "https://bugzilla.suse.com/1228513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41097"
},
{
"cve": "CVE-2024-41098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41098"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-core: Fix null pointer dereference on error\n\nIf the ata_port_alloc() call in ata_host_alloc() fails,\nata_host_release() will get called.\n\nHowever, the code in ata_host_release() tries to free ata_port struct\nmembers unconditionally, which can lead to the following:\n\nBUG: unable to handle page fault for address: 0000000000003990\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 10 PID: 594 Comm: (udev-worker) Not tainted 6.10.0-rc5 #44\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:ata_host_release.cold+0x2f/0x6e [libata]\nCode: e4 4d 63 f4 44 89 e2 48 c7 c6 90 ad 32 c0 48 c7 c7 d0 70 33 c0 49 83 c6 0e 41\nRSP: 0018:ffffc90000ebb968 EFLAGS: 00010246\nRAX: 0000000000000041 RBX: ffff88810fb52e78 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff88813b3218c0 RDI: ffff88813b3218c0\nRBP: ffff88810fb52e40 R08: 0000000000000000 R09: 6c65725f74736f68\nR10: ffffc90000ebb738 R11: 73692033203a746e R12: 0000000000000004\nR13: 0000000000000000 R14: 0000000000000011 R15: 0000000000000006\nFS: 00007f6cc55b9980(0000) GS:ffff88813b300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000003990 CR3: 00000001122a2000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? page_fault_oops+0x15a/0x2f0\n ? exc_page_fault+0x7e/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? ata_host_release.cold+0x2f/0x6e [libata]\n ? ata_host_release.cold+0x2f/0x6e [libata]\n release_nodes+0x35/0xb0\n devres_release_group+0x113/0x140\n ata_host_alloc+0xed/0x120 [libata]\n ata_host_alloc_pinfo+0x14/0xa0 [libata]\n ahci_init_one+0x6c9/0xd20 [ahci]\n\nDo not access ata_port struct members unconditionally.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41098",
"url": "https://www.suse.com/security/cve/CVE-2024-41098"
},
{
"category": "external",
"summary": "SUSE Bug 1228467 for CVE-2024-41098",
"url": "https://bugzilla.suse.com/1228467"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-41098"
},
{
"cve": "CVE-2024-42064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42064"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip pipe if the pipe idx not set properly\n\n[why]\nDriver crashes when pipe idx not set properly\n\n[how]\nAdd code to skip the pipe that idx not set properly",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42064",
"url": "https://www.suse.com/security/cve/CVE-2024-42064"
},
{
"category": "external",
"summary": "SUSE Bug 1228586 for CVE-2024-42064",
"url": "https://bugzilla.suse.com/1228586"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42064"
},
{
"cve": "CVE-2024-42069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix possible double free in error handling path\n\nWhen auxiliary_device_add() returns error and then calls\nauxiliary_device_uninit(), callback function adev_release\ncalls kfree(madev). We shouldn\u0027t call kfree(madev) again\nin the error handling path. Set \u0027madev\u0027 to NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42069",
"url": "https://www.suse.com/security/cve/CVE-2024-42069"
},
{
"category": "external",
"summary": "SUSE Bug 1228463 for CVE-2024-42069",
"url": "https://bugzilla.suse.com/1228463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42069"
},
{
"cve": "CVE-2024-42070",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42070"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers\n\nregister store validation for NFT_DATA_VALUE is conditional, however,\nthe datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This\nonly requires a new helper function to infer the register type from the\nset datatype so this conditional check can be removed. Otherwise,\npointer to chain object can be leaked through the registers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42070",
"url": "https://www.suse.com/security/cve/CVE-2024-42070"
},
{
"category": "external",
"summary": "SUSE Bug 1228470 for CVE-2024-42070",
"url": "https://bugzilla.suse.com/1228470"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42070"
},
{
"cve": "CVE-2024-42073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems\n\nThe following two shared buffer operations make use of the Shared Buffer\nStatus Register (SBSR):\n\n # devlink sb occupancy snapshot pci/0000:01:00.0\n # devlink sb occupancy clearmax pci/0000:01:00.0\n\nThe register has two masks of 256 bits to denote on which ingress /\negress ports the register should operate on. Spectrum-4 has more than\n256 ports, so the register was extended by cited commit with a new\n\u0027port_page\u0027 field.\n\nHowever, when filling the register\u0027s payload, the driver specifies the\nports as absolute numbers and not relative to the first port of the port\npage, resulting in memory corruptions [1].\n\nFix by specifying the ports relative to the first port of the port page.\n\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_sb_occ_snapshot+0xb6d/0xbc0\nRead of size 1 at addr ffff8881068cb00f by task devlink/1566\n[...]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xc6/0x120\n print_report+0xce/0x670\n kasan_report+0xd7/0x110\n mlxsw_sp_sb_occ_snapshot+0xb6d/0xbc0\n mlxsw_devlink_sb_occ_snapshot+0x75/0xb0\n devlink_nl_sb_occ_snapshot_doit+0x1f9/0x2a0\n genl_family_rcv_msg_doit+0x20c/0x300\n genl_rcv_msg+0x567/0x800\n netlink_rcv_skb+0x170/0x450\n genl_rcv+0x2d/0x40\n netlink_unicast+0x547/0x830\n netlink_sendmsg+0x8d4/0xdb0\n __sys_sendto+0x49b/0x510\n __x64_sys_sendto+0xe5/0x1c0\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[...]\nAllocated by task 1:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n copy_verifier_state+0xbc2/0xfb0\n do_check_common+0x2c51/0xc7e0\n bpf_check+0x5107/0x9960\n bpf_prog_load+0xf0e/0x2690\n __sys_bpf+0x1a61/0x49d0\n __x64_sys_bpf+0x7d/0xc0\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 1:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n poison_slab_object+0x109/0x170\n __kasan_slab_free+0x14/0x30\n kfree+0xca/0x2b0\n free_verifier_state+0xce/0x270\n do_check_common+0x4828/0xc7e0\n bpf_check+0x5107/0x9960\n bpf_prog_load+0xf0e/0x2690\n __sys_bpf+0x1a61/0x49d0\n __x64_sys_bpf+0x7d/0xc0\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42073",
"url": "https://www.suse.com/security/cve/CVE-2024-42073"
},
{
"category": "external",
"summary": "SUSE Bug 1228457 for CVE-2024-42073",
"url": "https://bugzilla.suse.com/1228457"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42073"
},
{
"cve": "CVE-2024-42074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42074"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: acp: add a null check for chip_pdev structure\n\nWhen acp platform device creation is skipped, chip-\u003echip_pdev value will\nremain NULL. Add NULL check for chip-\u003echip_pdev structure in\nsnd_acp_resume() function to avoid null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42074",
"url": "https://www.suse.com/security/cve/CVE-2024-42074"
},
{
"category": "external",
"summary": "SUSE Bug 1228481 for CVE-2024-42074",
"url": "https://bugzilla.suse.com/1228481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42074"
},
{
"cve": "CVE-2024-42076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: can: j1939: Initialize unused data in j1939_send_one()\n\nsyzbot reported kernel-infoleak in raw_recvmsg() [1]. j1939_send_one()\ncreates full frame including unused data, but it doesn\u0027t initialize\nit. This causes the kernel-infoleak issue. Fix this by initializing\nunused data.\n\n[1]\nBUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\nBUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline]\nBUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline]\nBUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\nBUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline]\nBUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n copy_to_user_iter lib/iov_iter.c:24 [inline]\n iterate_ubuf include/linux/iov_iter.h:29 [inline]\n iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n iterate_and_advance include/linux/iov_iter.h:271 [inline]\n _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185\n copy_to_iter include/linux/uio.h:196 [inline]\n memcpy_to_msg include/linux/skbuff.h:4113 [inline]\n raw_recvmsg+0x2b8/0x9e0 net/can/raw.c:1008\n sock_recvmsg_nosec net/socket.c:1046 [inline]\n sock_recvmsg+0x2c4/0x340 net/socket.c:1068\n ____sys_recvmsg+0x18a/0x620 net/socket.c:2803\n ___sys_recvmsg+0x223/0x840 net/socket.c:2845\n do_recvmmsg+0x4fc/0xfd0 net/socket.c:2939\n __sys_recvmmsg net/socket.c:3018 [inline]\n __do_sys_recvmmsg net/socket.c:3041 [inline]\n __se_sys_recvmmsg net/socket.c:3034 [inline]\n __x64_sys_recvmmsg+0x397/0x490 net/socket.c:3034\n x64_sys_call+0xf6c/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:300\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3804 [inline]\n slab_alloc_node mm/slub.c:3845 [inline]\n kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577\n __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668\n alloc_skb include/linux/skbuff.h:1313 [inline]\n alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504\n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795\n sock_alloc_send_skb include/net/sock.h:1842 [inline]\n j1939_sk_alloc_skb net/can/j1939/socket.c:878 [inline]\n j1939_sk_send_loop net/can/j1939/socket.c:1142 [inline]\n j1939_sk_sendmsg+0xc0a/0x2730 net/can/j1939/socket.c:1277\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:745\n ____sys_sendmsg+0x877/0xb60 net/socket.c:2584\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n __sys_sendmsg net/socket.c:2667 [inline]\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2674\n x64_sys_call+0xc4b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nBytes 12-15 of 16 are uninitialized\nMemory access of size 16 starts at ffff888120969690\nData copied to user address 00000000200017c0\n\nCPU: 1 PID: 5050 Comm: syz-executor198 Not tainted 6.9.0-rc5-syzkaller-00031-g71b1543c83d6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42076",
"url": "https://www.suse.com/security/cve/CVE-2024-42076"
},
{
"category": "external",
"summary": "SUSE Bug 1228484 for CVE-2024-42076",
"url": "https://bugzilla.suse.com/1228484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42076"
},
{
"cve": "CVE-2024-42077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix DIO failure due to insufficient transaction credits\n\nThe code in ocfs2_dio_end_io_write() estimates number of necessary\ntransaction credits using ocfs2_calc_extend_credits(). This however does\nnot take into account that the IO could be arbitrarily large and can\ncontain arbitrary number of extents.\n\nExtent tree manipulations do often extend the current transaction but not\nin all of the cases. For example if we have only single block extents in\nthe tree, ocfs2_mark_extent_written() will end up calling\nocfs2_replace_extent_rec() all the time and we will never extend the\ncurrent transaction and eventually exhaust all the transaction credits if\nthe IO contains many single block extents. Once that happens a\nWARN_ON(jbd2_handle_buffer_credits(handle) \u003c= 0) is triggered in\njbd2_journal_dirty_metadata() and subsequently OCFS2 aborts in response to\nthis error. This was actually triggered by one of our customers on a\nheavily fragmented OCFS2 filesystem.\n\nTo fix the issue make sure the transaction always has enough credits for\none extent insert before each call of ocfs2_mark_extent_written().\n\nHeming Zhao said:\n\n------\nPANIC: \"Kernel panic - not syncing: OCFS2: (device dm-1): panic forced after error\"\n\nPID: xxx TASK: xxxx CPU: 5 COMMAND: \"SubmitThread-CA\"\n #0 machine_kexec at ffffffff8c069932\n #1 __crash_kexec at ffffffff8c1338fa\n #2 panic at ffffffff8c1d69b9\n #3 ocfs2_handle_error at ffffffffc0c86c0c [ocfs2]\n #4 __ocfs2_abort at ffffffffc0c88387 [ocfs2]\n #5 ocfs2_journal_dirty at ffffffffc0c51e98 [ocfs2]\n #6 ocfs2_split_extent at ffffffffc0c27ea3 [ocfs2]\n #7 ocfs2_change_extent_flag at ffffffffc0c28053 [ocfs2]\n #8 ocfs2_mark_extent_written at ffffffffc0c28347 [ocfs2]\n #9 ocfs2_dio_end_io_write at ffffffffc0c2bef9 [ocfs2]\n#10 ocfs2_dio_end_io at ffffffffc0c2c0f5 [ocfs2]\n#11 dio_complete at ffffffff8c2b9fa7\n#12 do_blockdev_direct_IO at ffffffff8c2bc09f\n#13 ocfs2_direct_IO at ffffffffc0c2b653 [ocfs2]\n#14 generic_file_direct_write at ffffffff8c1dcf14\n#15 __generic_file_write_iter at ffffffff8c1dd07b\n#16 ocfs2_file_write_iter at ffffffffc0c49f1f [ocfs2]\n#17 aio_write at ffffffff8c2cc72e\n#18 kmem_cache_alloc at ffffffff8c248dde\n#19 do_io_submit at ffffffff8c2ccada\n#20 do_syscall_64 at ffffffff8c004984\n#21 entry_SYSCALL_64_after_hwframe at ffffffff8c8000ba",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42077",
"url": "https://www.suse.com/security/cve/CVE-2024-42077"
},
{
"category": "external",
"summary": "SUSE Bug 1228516 for CVE-2024-42077",
"url": "https://bugzilla.suse.com/1228516"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42077"
},
{
"cve": "CVE-2024-42079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix NULL pointer dereference in gfs2_log_flush\n\nIn gfs2_jindex_free(), set sdp-\u003esd_jdesc to NULL under the log flush\nlock to provide exclusion against gfs2_log_flush().\n\nIn gfs2_log_flush(), check if sdp-\u003esd_jdesc is non-NULL before\ndereferencing it. Otherwise, we could run into a NULL pointer\ndereference when outstanding glock work races with an unmount\n(glock_work_func -\u003e run_queue -\u003e do_xmote -\u003e inode_go_sync -\u003e\ngfs2_log_flush).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42079",
"url": "https://www.suse.com/security/cve/CVE-2024-42079"
},
{
"category": "external",
"summary": "SUSE Bug 1228672 for CVE-2024-42079",
"url": "https://bugzilla.suse.com/1228672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42079"
},
{
"cve": "CVE-2024-42080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/restrack: Fix potential invalid address access\n\nstruct rdma_restrack_entry\u0027s kern_name was set to KBUILD_MODNAME\nin ib_create_cq(), while if the module exited but forgot del this\nrdma_restrack_entry, it would cause a invalid address access in\nrdma_restrack_clean() when print the owner of this rdma_restrack_entry.\n\nThese code is used to help find one forgotten PD release in one of the\nULPs. But it is not needed anymore, so delete them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42080",
"url": "https://www.suse.com/security/cve/CVE-2024-42080"
},
{
"category": "external",
"summary": "SUSE Bug 1228673 for CVE-2024-42080",
"url": "https://bugzilla.suse.com/1228673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42080"
},
{
"cve": "CVE-2024-42082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: Remove WARN() from __xdp_reg_mem_model()\n\nsyzkaller reports a warning in __xdp_reg_mem_model().\n\nThe warning occurs only if __mem_id_init_hash_table() returns an error. It\nreturns the error in two cases:\n\n 1. memory allocation fails;\n 2. rhashtable_init() fails when some fields of rhashtable_params\n struct are not initialized properly.\n\nThe second case cannot happen since there is a static const rhashtable_params\nstruct with valid fields. So, warning is only triggered when there is a\nproblem with memory allocation.\n\nThus, there is no sense in using WARN() to handle this error and it can be\nsafely removed.\n\nWARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299\n\nCPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299\n\nCall Trace:\n xdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344\n xdp_test_run_setup net/bpf/test_run.c:188 [inline]\n bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377\n bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267\n bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240\n __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649\n __do_sys_bpf kernel/bpf/syscall.c:5738 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5736 [inline]\n __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nFound by Linux Verification Center (linuxtesting.org) with syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42082",
"url": "https://www.suse.com/security/cve/CVE-2024-42082"
},
{
"category": "external",
"summary": "SUSE Bug 1228482 for CVE-2024-42082",
"url": "https://bugzilla.suse.com/1228482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42082"
},
{
"cve": "CVE-2024-42085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock\n\nWhen config CONFIG_USB_DWC3_DUAL_ROLE is selected, and trigger system\nto enter suspend status with below command:\necho mem \u003e /sys/power/state\nThere will be a deadlock issue occurring. Detailed invoking path as\nbelow:\ndwc3_suspend_common()\n spin_lock_irqsave(\u0026dwc-\u003elock, flags); \u003c-- 1st\n dwc3_gadget_suspend(dwc);\n dwc3_gadget_soft_disconnect(dwc);\n spin_lock_irqsave(\u0026dwc-\u003elock, flags); \u003c-- 2nd\nThis issue is exposed by commit c7ebd8149ee5 (\"usb: dwc3: gadget: Fix\nNULL pointer dereference in dwc3_gadget_suspend\") that removes the code\nof checking whether dwc-\u003egadget_driver is NULL or not. It causes the\nfollowing code is executed and deadlock occurs when trying to get the\nspinlock. In fact, the root cause is the commit 5265397f9442(\"usb: dwc3:\nRemove DWC3 locking during gadget suspend/resume\") that forgot to remove\nthe lock of otg mode. So, remove the redundant lock of otg mode during\ngadget suspend/resume.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42085",
"url": "https://www.suse.com/security/cve/CVE-2024-42085"
},
{
"category": "external",
"summary": "SUSE Bug 1228456 for CVE-2024-42085",
"url": "https://bugzilla.suse.com/1228456"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42085"
},
{
"cve": "CVE-2024-42086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42086"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: chemical: bme680: Fix overflows in compensate() functions\n\nThere are cases in the compensate functions of the driver that\nthere could be overflows of variables due to bit shifting ops.\nThese implications were initially discussed here [1] and they\nwere mentioned in log message of Commit 1b3bd8592780 (\"iio:\nchemical: Add support for Bosch BME680 sensor\").\n\n[1]: https://lore.kernel.org/linux-iio/20180728114028.3c1bbe81@archlinux/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42086",
"url": "https://www.suse.com/security/cve/CVE-2024-42086"
},
{
"category": "external",
"summary": "SUSE Bug 1228452 for CVE-2024-42086",
"url": "https://bugzilla.suse.com/1228452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42086"
},
{
"cve": "CVE-2024-42087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep\n\nThe ilitek-ili9881c controls the reset GPIO using the non-sleeping\ngpiod_set_value() function. This complains loudly when the GPIO\ncontroller needs to sleep. As the caller can sleep, use\ngpiod_set_value_cansleep() to fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42087",
"url": "https://www.suse.com/security/cve/CVE-2024-42087"
},
{
"category": "external",
"summary": "SUSE Bug 1228677 for CVE-2024-42087",
"url": "https://bugzilla.suse.com/1228677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42087"
},
{
"cve": "CVE-2024-42089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl-asoc-card: set priv-\u003epdev before using it\n\npriv-\u003epdev pointer was set after being used in\nfsl_asoc_card_audmux_init().\nMove this assignment at the start of the probe function, so\nsub-functions can correctly use pdev through priv.\n\nfsl_asoc_card_audmux_init() dereferences priv-\u003epdev to get access to the\ndev struct, used with dev_err macros.\nAs priv is zero-initialised, there would be a NULL pointer dereference.\nNote that if priv-\u003edev is dereferenced before assignment but never used,\nfor example if there is no error to be printed, the driver won\u0027t crash\nprobably due to compiler optimisations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42089",
"url": "https://www.suse.com/security/cve/CVE-2024-42089"
},
{
"category": "external",
"summary": "SUSE Bug 1228450 for CVE-2024-42089",
"url": "https://bugzilla.suse.com/1228450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42089"
},
{
"cve": "CVE-2024-42090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER\n\nIn create_pinctrl(), pinctrl_maps_mutex is acquired before calling\nadd_setting(). If add_setting() returns -EPROBE_DEFER, create_pinctrl()\ncalls pinctrl_free(). However, pinctrl_free() attempts to acquire\npinctrl_maps_mutex, which is already held by create_pinctrl(), leading to\na potential deadlock.\n\nThis patch resolves the issue by releasing pinctrl_maps_mutex before\ncalling pinctrl_free(), preventing the deadlock.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42090",
"url": "https://www.suse.com/security/cve/CVE-2024-42090"
},
{
"category": "external",
"summary": "SUSE Bug 1228449 for CVE-2024-42090",
"url": "https://bugzilla.suse.com/1228449"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42090"
},
{
"cve": "CVE-2024-42092",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42092"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: davinci: Validate the obtained number of IRQs\n\nValue of pdata-\u003egpio_unbanked is taken from Device Tree. In case of broken\nDT due to any error this value can be any. Without this value validation\nthere can be out of chips-\u003eirqs array boundaries access in\ndavinci_gpio_probe().\n\nValidate the obtained nirq value so that it won\u0027t exceed the maximum\nnumber of IRQs per bank.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42092",
"url": "https://www.suse.com/security/cve/CVE-2024-42092"
},
{
"category": "external",
"summary": "SUSE Bug 1228447 for CVE-2024-42092",
"url": "https://bugzilla.suse.com/1228447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42092"
},
{
"cve": "CVE-2024-42093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42093"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/dpaa2: Avoid explicit cpumask var allocation on stack\n\nFor CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask\nvariable on stack is not recommended since it can cause potential stack\noverflow.\n\nInstead, kernel code should always use *cpumask_var API(s) to allocate\ncpumask var in config-neutral way, leaving allocation strategy to\nCONFIG_CPUMASK_OFFSTACK.\n\nUse *cpumask_var API(s) to address it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42093",
"url": "https://www.suse.com/security/cve/CVE-2024-42093"
},
{
"category": "external",
"summary": "SUSE Bug 1228680 for CVE-2024-42093",
"url": "https://bugzilla.suse.com/1228680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42093"
},
{
"cve": "CVE-2024-42095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250_omap: Implementation of Errata i2310\n\nAs per Errata i2310[0], Erroneous timeout can be triggered,\nif this Erroneous interrupt is not cleared then it may leads\nto storm of interrupts, therefore apply Errata i2310 solution.\n\n[0] https://www.ti.com/lit/pdf/sprz536 page 23",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42095",
"url": "https://www.suse.com/security/cve/CVE-2024-42095"
},
{
"category": "external",
"summary": "SUSE Bug 1228446 for CVE-2024-42095",
"url": "https://bugzilla.suse.com/1228446"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42095"
},
{
"cve": "CVE-2024-42096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86: stop playing stack games in profile_pc()\n\nThe \u0027profile_pc()\u0027 function is used for timer-based profiling, which\nisn\u0027t really all that relevant any more to begin with, but it also ends\nup making assumptions based on the stack layout that aren\u0027t necessarily\nvalid.\n\nBasically, the code tries to account the time spent in spinlocks to the\ncaller rather than the spinlock, and while I support that as a concept,\nit\u0027s not worth the code complexity or the KASAN warnings when no serious\nprofiling is done using timers anyway these days.\n\nAnd the code really does depend on stack layout that is only true in the\nsimplest of cases. We\u0027ve lost the comment at some point (I think when\nthe 32-bit and 64-bit code was unified), but it used to say:\n\n\tAssume the lock function has either no stack frame or a copy\n\tof eflags from PUSHF.\n\nwhich explains why it just blindly loads a word or two straight off the\nstack pointer and then takes a minimal look at the values to just check\nif they might be eflags or the return pc:\n\n\tEflags always has bits 22 and up cleared unlike kernel addresses\n\nbut that basic stack layout assumption assumes that there isn\u0027t any lock\ndebugging etc going on that would complicate the code and cause a stack\nframe.\n\nIt causes KASAN unhappiness reported for years by syzkaller [1] and\nothers [2].\n\nWith no real practical reason for this any more, just remove the code.\n\nJust for historical interest, here\u0027s some background commits relating to\nthis code from 2006:\n\n 0cb91a229364 (\"i386: Account spinlocks to the caller during profiling for !FP kernels\")\n 31679f38d886 (\"Simplify profile_pc on x86-64\")\n\nand a code unification from 2009:\n\n ef4512882dbe (\"x86: time_32/64.c unify profile_pc\")\n\nbut the basics of this thing actually goes back to before the git tree.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42096",
"url": "https://www.suse.com/security/cve/CVE-2024-42096"
},
{
"category": "external",
"summary": "SUSE Bug 1228633 for CVE-2024-42096",
"url": "https://bugzilla.suse.com/1228633"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42096"
},
{
"cve": "CVE-2024-42097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42097"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: emux: improve patch ioctl data validation\n\nIn load_data(), make the validation of and skipping over the main info\nblock match that in load_guspatch().\n\nIn load_guspatch(), add checking that the specified patch length matches\nthe actually supplied data, like load_data() already did.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42097",
"url": "https://www.suse.com/security/cve/CVE-2024-42097"
},
{
"category": "external",
"summary": "SUSE Bug 1228766 for CVE-2024-42097",
"url": "https://bugzilla.suse.com/1228766"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42097"
},
{
"cve": "CVE-2024-42098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42098"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ecdh - explicitly zeroize private_key\n\nprivate_key is overwritten with the key parameter passed in by the\ncaller (if present), or alternatively a newly generated private key.\nHowever, it is possible that the caller provides a key (or the newly\ngenerated key) which is shorter than the previous key. In that\nscenario, some key material from the previous key would not be\noverwritten. The easiest solution is to explicitly zeroize the entire\nprivate_key array first.\n\nNote that this patch slightly changes the behavior of this function:\npreviously, if the ecc_gen_privkey failed, the old private_key would\nremain. Now, the private_key is always zeroized. This behavior is\nconsistent with the case where params.key is set and ecc_is_key_valid\nfails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42098",
"url": "https://www.suse.com/security/cve/CVE-2024-42098"
},
{
"category": "external",
"summary": "SUSE Bug 1228779 for CVE-2024-42098",
"url": "https://bugzilla.suse.com/1228779"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42098"
},
{
"cve": "CVE-2024-42101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42101"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix null pointer dereference in nouveau_connector_get_modes\n\nIn nouveau_connector_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a possible NULL pointer\ndereference on failure of drm_mode_duplicate(). Add a check to avoid npd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42101",
"url": "https://www.suse.com/security/cve/CVE-2024-42101"
},
{
"category": "external",
"summary": "SUSE Bug 1228495 for CVE-2024-42101",
"url": "https://bugzilla.suse.com/1228495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42101"
},
{
"cve": "CVE-2024-42104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42104"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: add missing check for inode numbers on directory entries\n\nSyzbot reported that mounting and unmounting a specific pattern of\ncorrupted nilfs2 filesystem images causes a use-after-free of metadata\nfile inodes, which triggers a kernel bug in lru_add_fn().\n\nAs Jan Kara pointed out, this is because the link count of a metadata file\ngets corrupted to 0, and nilfs_evict_inode(), which is called from iput(),\ntries to delete that inode (ifile inode in this case).\n\nThe inconsistency occurs because directories containing the inode numbers\nof these metadata files that should not be visible in the namespace are\nread without checking.\n\nFix this issue by treating the inode numbers of these internal files as\nerrors in the sanity check helper when reading directory folios/pages.\n\nAlso thanks to Hillf Danton and Matthew Wilcox for their initial mm-layer\nanalysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42104",
"url": "https://www.suse.com/security/cve/CVE-2024-42104"
},
{
"category": "external",
"summary": "SUSE Bug 1228654 for CVE-2024-42104",
"url": "https://bugzilla.suse.com/1228654"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42104"
},
{
"cve": "CVE-2024-42105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42105"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix inode number range checks\n\nPatch series \"nilfs2: fix potential issues related to reserved inodes\".\n\nThis series fixes one use-after-free issue reported by syzbot, caused by\nnilfs2\u0027s internal inode being exposed in the namespace on a corrupted\nfilesystem, and a couple of flaws that cause problems if the starting\nnumber of non-reserved inodes written in the on-disk super block is\nintentionally (or corruptly) changed from its default value. \n\n\nThis patch (of 3):\n\nIn the current implementation of nilfs2, \"nilfs-\u003ens_first_ino\", which\ngives the first non-reserved inode number, is read from the superblock,\nbut its lower limit is not checked.\n\nAs a result, if a number that overlaps with the inode number range of\nreserved inodes such as the root directory or metadata files is set in the\nsuper block parameter, the inode number test macros (NILFS_MDT_INODE and\nNILFS_VALID_INODE) will not function properly.\n\nIn addition, these test macros use left bit-shift calculations using with\nthe inode number as the shift count via the BIT macro, but the result of a\nshift calculation that exceeds the bit width of an integer is undefined in\nthe C specification, so if \"ns_first_ino\" is set to a large value other\nthan the default value NILFS_USER_INO (=11), the macros may potentially\nmalfunction depending on the environment.\n\nFix these issues by checking the lower bound of \"nilfs-\u003ens_first_ino\" and\nby preventing bit shifts equal to or greater than the NILFS_USER_INO\nconstant in the inode number test macros.\n\nAlso, change the type of \"ns_first_ino\" from signed integer to unsigned\ninteger to avoid the need for type casting in comparisons such as the\nlower bound check introduced this time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42105",
"url": "https://www.suse.com/security/cve/CVE-2024-42105"
},
{
"category": "external",
"summary": "SUSE Bug 1228665 for CVE-2024-42105",
"url": "https://bugzilla.suse.com/1228665"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42105"
},
{
"cve": "CVE-2024-42106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42106"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ninet_diag: Initialize pad field in struct inet_diag_req_v2\n\nKMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw\nsockets uses the pad field in struct inet_diag_req_v2 for the\nunderlying protocol. This field corresponds to the sdiag_raw_protocol\nfield in struct inet_diag_req_raw.\n\ninet_diag_get_exact_compat() converts inet_diag_req to\ninet_diag_req_v2, but leaves the pad field uninitialized. So the issue\noccurs when raw_lookup() accesses the sdiag_raw_protocol field.\n\nFix this by initializing the pad field in\ninet_diag_get_exact_compat(). Also, do the same fix in\ninet_diag_dump_compat() to avoid the similar issue in the future.\n\n[1]\nBUG: KMSAN: uninit-value in raw_lookup net/ipv4/raw_diag.c:49 [inline]\nBUG: KMSAN: uninit-value in raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71\n raw_lookup net/ipv4/raw_diag.c:49 [inline]\n raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71\n raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99\n inet_diag_cmd_exact+0x7d9/0x980\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]\n inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x332/0x3d0 net/socket.c:745\n ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639\n __sys_sendmsg net/socket.c:2668 [inline]\n __do_sys_sendmsg net/socket.c:2677 [inline]\n __se_sys_sendmsg net/socket.c:2675 [inline]\n __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675\n x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was stored to memory at:\n raw_sock_get+0x650/0x800 net/ipv4/raw_diag.c:71\n raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99\n inet_diag_cmd_exact+0x7d9/0x980\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]\n inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x332/0x3d0 net/socket.c:745\n ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639\n __sys_sendmsg net/socket.c:2668 [inline]\n __do_sys_sendmsg net/socket.c:2677 [inline]\n __se_sys_sendmsg net/socket.c:2675 [inline]\n __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675\n x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable req.i created at:\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1396 [inline]\n inet_diag_rcv_msg_compat+0x2a6/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n\nCPU: 1 PID: 8888 Comm: syz-executor.6 Not tainted 6.10.0-rc4-00217-g35bb670d65fc #32\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42106",
"url": "https://www.suse.com/security/cve/CVE-2024-42106"
},
{
"category": "external",
"summary": "SUSE Bug 1228493 for CVE-2024-42106",
"url": "https://bugzilla.suse.com/1228493"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42106"
},
{
"cve": "CVE-2024-42107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42107"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don\u0027t process extts if PTP is disabled\n\nThe ice_ptp_extts_event() function can race with ice_ptp_release() and\nresult in a NULL pointer dereference which leads to a kernel panic.\n\nPanic occurs because the ice_ptp_extts_event() function calls\nptp_clock_event() with a NULL pointer. The ice driver has already\nreleased the PTP clock by the time the interrupt for the next external\ntimestamp event occurs.\n\nTo fix this, modify the ice_ptp_extts_event() function to check the\nPTP state and bail early if PTP is not ready.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42107",
"url": "https://www.suse.com/security/cve/CVE-2024-42107"
},
{
"category": "external",
"summary": "SUSE Bug 1228494 for CVE-2024-42107",
"url": "https://bugzilla.suse.com/1228494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42107"
},
{
"cve": "CVE-2024-42109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42109"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: unconditionally flush pending work before notifier\n\nsyzbot reports:\n\nKASAN: slab-uaf in nft_ctx_update include/net/netfilter/nf_tables.h:1831\nKASAN: slab-uaf in nft_commit_release net/netfilter/nf_tables_api.c:9530\nKASAN: slab-uaf int nf_tables_trans_destroy_work+0x152b/0x1750 net/netfilter/nf_tables_api.c:9597\nRead of size 2 at addr ffff88802b0051c4 by task kworker/1:1/45\n[..]\nWorkqueue: events nf_tables_trans_destroy_work\nCall Trace:\n nft_ctx_update include/net/netfilter/nf_tables.h:1831 [inline]\n nft_commit_release net/netfilter/nf_tables_api.c:9530 [inline]\n nf_tables_trans_destroy_work+0x152b/0x1750 net/netfilter/nf_tables_api.c:9597\n\nProblem is that the notifier does a conditional flush, but its possible\nthat the table-to-be-removed is still referenced by transactions being\nprocessed by the worker, so we need to flush unconditionally.\n\nWe could make the flush_work depend on whether we found a table to delete\nin nf-next to avoid the flush for most cases.\n\nAFAICS this problem is only exposed in nf-next, with\ncommit e169285f8c56 (\"netfilter: nf_tables: do not store nft_ctx in transaction objects\"),\nwith this commit applied there is an unconditional fetch of\ntable-\u003efamily which is whats triggering the above splat.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42109",
"url": "https://www.suse.com/security/cve/CVE-2024-42109"
},
{
"category": "external",
"summary": "SUSE Bug 1228505 for CVE-2024-42109",
"url": "https://bugzilla.suse.com/1228505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42109"
},
{
"cve": "CVE-2024-42110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()\n\nThe following is emitted when using idxd (DSA) dmanegine as the data\nmover for ntb_transport that ntb_netdev uses.\n\n[74412.546922] BUG: using smp_processor_id() in preemptible [00000000] code: irq/52-idxd-por/14526\n[74412.556784] caller is netif_rx_internal+0x42/0x130\n[74412.562282] CPU: 6 PID: 14526 Comm: irq/52-idxd-por Not tainted 6.9.5 #5\n[74412.569870] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.E9I.1752.P05.2402080856 02/08/2024\n[74412.581699] Call Trace:\n[74412.584514] \u003cTASK\u003e\n[74412.586933] dump_stack_lvl+0x55/0x70\n[74412.591129] check_preemption_disabled+0xc8/0xf0\n[74412.596374] netif_rx_internal+0x42/0x130\n[74412.600957] __netif_rx+0x20/0xd0\n[74412.604743] ntb_netdev_rx_handler+0x66/0x150 [ntb_netdev]\n[74412.610985] ntb_complete_rxc+0xed/0x140 [ntb_transport]\n[74412.617010] ntb_rx_copy_callback+0x53/0x80 [ntb_transport]\n[74412.623332] idxd_dma_complete_txd+0xe3/0x160 [idxd]\n[74412.628963] idxd_wq_thread+0x1a6/0x2b0 [idxd]\n[74412.634046] irq_thread_fn+0x21/0x60\n[74412.638134] ? irq_thread+0xa8/0x290\n[74412.642218] irq_thread+0x1a0/0x290\n[74412.646212] ? __pfx_irq_thread_fn+0x10/0x10\n[74412.651071] ? __pfx_irq_thread_dtor+0x10/0x10\n[74412.656117] ? __pfx_irq_thread+0x10/0x10\n[74412.660686] kthread+0x100/0x130\n[74412.664384] ? __pfx_kthread+0x10/0x10\n[74412.668639] ret_from_fork+0x31/0x50\n[74412.672716] ? __pfx_kthread+0x10/0x10\n[74412.676978] ret_from_fork_asm+0x1a/0x30\n[74412.681457] \u003c/TASK\u003e\n\nThe cause is due to the idxd driver interrupt completion handler uses\nthreaded interrupt and the threaded handler is not hard or soft interrupt\ncontext. However __netif_rx() can only be called from interrupt context.\nChange the call to netif_rx() in order to allow completion via normal\ncontext for dmaengine drivers that utilize threaded irq handling.\n\nWhile the following commit changed from netif_rx() to __netif_rx(),\nbaebdf48c360 (\"net: dev: Makes sure netif_rx() can be invoked in any context.\"),\nthe change should\u0027ve been a noop instead. However, the code precedes this\nfix should\u0027ve been using netif_rx_ni() or netif_rx_any_context().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42110",
"url": "https://www.suse.com/security/cve/CVE-2024-42110"
},
{
"category": "external",
"summary": "SUSE Bug 1228501 for CVE-2024-42110",
"url": "https://bugzilla.suse.com/1228501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42110"
},
{
"cve": "CVE-2024-42113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42113"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: txgbe: initialize num_q_vectors for MSI/INTx interrupts\n\nWhen using MSI/INTx interrupts, wx-\u003enum_q_vectors is uninitialized.\nThus there will be kernel panic in wx_alloc_q_vectors() to allocate\nqueue vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42113",
"url": "https://www.suse.com/security/cve/CVE-2024-42113"
},
{
"category": "external",
"summary": "SUSE Bug 1228568 for CVE-2024-42113",
"url": "https://bugzilla.suse.com/1228568"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42113"
},
{
"cve": "CVE-2024-42114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42114"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values\n\nsyzbot is able to trigger softlockups, setting NL80211_ATTR_TXQ_QUANTUM\nto 2^31.\n\nWe had a similar issue in sch_fq, fixed with commit\nd9e15a273306 (\"pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM\")\n\nwatchdog: BUG: soft lockup - CPU#1 stuck for 26s! [kworker/1:0:24]\nModules linked in:\nirq event stamp: 131135\n hardirqs last enabled at (131134): [\u003cffff80008ae8778c\u003e] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:85 [inline]\n hardirqs last enabled at (131134): [\u003cffff80008ae8778c\u003e] exit_to_kernel_mode+0xdc/0x10c arch/arm64/kernel/entry-common.c:95\n hardirqs last disabled at (131135): [\u003cffff80008ae85378\u003e] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\n hardirqs last disabled at (131135): [\u003cffff80008ae85378\u003e] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\n softirqs last enabled at (125892): [\u003cffff80008907e82c\u003e] neigh_hh_init net/core/neighbour.c:1538 [inline]\n softirqs last enabled at (125892): [\u003cffff80008907e82c\u003e] neigh_resolve_output+0x268/0x658 net/core/neighbour.c:1553\n softirqs last disabled at (125896): [\u003cffff80008904166c\u003e] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19\nCPU: 1 PID: 24 Comm: kworker/1:0 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nWorkqueue: mld mld_ifc_work\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __list_del include/linux/list.h:195 [inline]\n pc : __list_del_entry include/linux/list.h:218 [inline]\n pc : list_move_tail include/linux/list.h:310 [inline]\n pc : fq_tin_dequeue include/net/fq_impl.h:112 [inline]\n pc : ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854\n lr : __list_del_entry include/linux/list.h:218 [inline]\n lr : list_move_tail include/linux/list.h:310 [inline]\n lr : fq_tin_dequeue include/net/fq_impl.h:112 [inline]\n lr : ieee80211_tx_dequeue+0x67c/0x3b4c net/mac80211/tx.c:3854\nsp : ffff800093d36700\nx29: ffff800093d36a60 x28: ffff800093d36960 x27: dfff800000000000\nx26: ffff0000d800ad50 x25: ffff0000d800abe0 x24: ffff0000d800abf0\nx23: ffff0000e0032468 x22: ffff0000e00324d4 x21: ffff0000d800abf0\nx20: ffff0000d800abf8 x19: ffff0000d800abf0 x18: ffff800093d363c0\nx17: 000000000000d476 x16: ffff8000805519dc x15: ffff7000127a6cc8\nx14: 1ffff000127a6cc8 x13: 0000000000000004 x12: ffffffffffffffff\nx11: ffff7000127a6cc8 x10: 0000000000ff0100 x9 : 0000000000000000\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffff80009287aa08 x4 : 0000000000000008 x3 : ffff80008034c7fc\nx2 : ffff0000e0032468 x1 : 00000000da0e46b8 x0 : ffff0000e0032470\nCall trace:\n __list_del include/linux/list.h:195 [inline]\n __list_del_entry include/linux/list.h:218 [inline]\n list_move_tail include/linux/list.h:310 [inline]\n fq_tin_dequeue include/net/fq_impl.h:112 [inline]\n ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854\n wake_tx_push_queue net/mac80211/util.c:294 [inline]\n ieee80211_handle_wake_tx_queue+0x118/0x274 net/mac80211/util.c:315\n drv_wake_tx_queue net/mac80211/driver-ops.h:1350 [inline]\n schedule_and_wake_txq net/mac80211/driver-ops.h:1357 [inline]\n ieee80211_queue_skb+0x18e8/0x2244 net/mac80211/tx.c:1664\n ieee80211_tx+0x260/0x400 net/mac80211/tx.c:1966\n ieee80211_xmit+0x278/0x354 net/mac80211/tx.c:2062\n __ieee80211_subif_start_xmit+0xab8/0x122c net/mac80211/tx.c:4338\n ieee80211_subif_start_xmit+0xe0/0x438 net/mac80211/tx.c:4532\n __netdev_start_xmit include/linux/netdevice.h:4903 [inline]\n netdev_start_xmit include/linux/netdevice.h:4917 [inline]\n xmit_one net/core/dev.c:3531 [inline]\n dev_hard_start_xmit+0x27c/0x938 net/core/dev.c:3547\n __dev_queue_xmit+0x1678/0x33fc net/core/dev.c:4341\n dev_queue_xmit include/linux/netdevice.h:3091 [inline]\n neigh_resolve_output+0x558/0x658 net/core/neighbour.c:1563\n neigh_output include/net/neighbour.h:542 [inline]\n ip6_fini\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42114",
"url": "https://www.suse.com/security/cve/CVE-2024-42114"
},
{
"category": "external",
"summary": "SUSE Bug 1228564 for CVE-2024-42114",
"url": "https://bugzilla.suse.com/1228564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42114"
},
{
"cve": "CVE-2024-42115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: Fix potential illegal address access in jffs2_free_inode\n\nDuring the stress testing of the jffs2 file system,the following\nabnormal printouts were found:\n[ 2430.649000] Unable to handle kernel paging request at virtual address 0069696969696948\n[ 2430.649622] Mem abort info:\n[ 2430.649829] ESR = 0x96000004\n[ 2430.650115] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 2430.650564] SET = 0, FnV = 0\n[ 2430.650795] EA = 0, S1PTW = 0\n[ 2430.651032] FSC = 0x04: level 0 translation fault\n[ 2430.651446] Data abort info:\n[ 2430.651683] ISV = 0, ISS = 0x00000004\n[ 2430.652001] CM = 0, WnR = 0\n[ 2430.652558] [0069696969696948] address between user and kernel address ranges\n[ 2430.653265] Internal error: Oops: 96000004 [#1] PREEMPT SMP\n[ 2430.654512] CPU: 2 PID: 20919 Comm: cat Not tainted 5.15.25-g512f31242bf6 #33\n[ 2430.655008] Hardware name: linux,dummy-virt (DT)\n[ 2430.655517] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 2430.656142] pc : kfree+0x78/0x348\n[ 2430.656630] lr : jffs2_free_inode+0x24/0x48\n[ 2430.657051] sp : ffff800009eebd10\n[ 2430.657355] x29: ffff800009eebd10 x28: 0000000000000001 x27: 0000000000000000\n[ 2430.658327] x26: ffff000038f09d80 x25: 0080000000000000 x24: ffff800009d38000\n[ 2430.658919] x23: 5a5a5a5a5a5a5a5a x22: ffff000038f09d80 x21: ffff8000084f0d14\n[ 2430.659434] x20: ffff0000bf9a6ac0 x19: 0169696969696940 x18: 0000000000000000\n[ 2430.659969] x17: ffff8000b6506000 x16: ffff800009eec000 x15: 0000000000004000\n[ 2430.660637] x14: 0000000000000000 x13: 00000001000820a1 x12: 00000000000d1b19\n[ 2430.661345] x11: 0004000800000000 x10: 0000000000000001 x9 : ffff8000084f0d14\n[ 2430.662025] x8 : ffff0000bf9a6b40 x7 : ffff0000bf9a6b48 x6 : 0000000003470302\n[ 2430.662695] x5 : ffff00002e41dcc0 x4 : ffff0000bf9aa3b0 x3 : 0000000003470342\n[ 2430.663486] x2 : 0000000000000000 x1 : ffff8000084f0d14 x0 : fffffc0000000000\n[ 2430.664217] Call trace:\n[ 2430.664528] kfree+0x78/0x348\n[ 2430.664855] jffs2_free_inode+0x24/0x48\n[ 2430.665233] i_callback+0x24/0x50\n[ 2430.665528] rcu_do_batch+0x1ac/0x448\n[ 2430.665892] rcu_core+0x28c/0x3c8\n[ 2430.666151] rcu_core_si+0x18/0x28\n[ 2430.666473] __do_softirq+0x138/0x3cc\n[ 2430.666781] irq_exit+0xf0/0x110\n[ 2430.667065] handle_domain_irq+0x6c/0x98\n[ 2430.667447] gic_handle_irq+0xac/0xe8\n[ 2430.667739] call_on_irq_stack+0x28/0x54\nThe parameter passed to kfree was 5a5a5a5a, which corresponds to the target field of\nthe jffs_inode_info structure. It was found that all variables in the jffs_inode_info\nstructure were 5a5a5a5a, except for the first member sem. It is suspected that these\nvariables are not initialized because they were set to 5a5a5a5a during memory testing,\nwhich is meant to detect uninitialized memory.The sem variable is initialized in the\nfunction jffs2_i_init_once, while other members are initialized in\nthe function jffs2_init_inode_info.\n\nThe function jffs2_init_inode_info is called after iget_locked,\nbut in the iget_locked function, the destroy_inode process is triggered,\nwhich releases the inode and consequently, the target member of the inode\nis not initialized.In concurrent high pressure scenarios, iget_locked\nmay enter the destroy_inode branch as described in the code.\n\nSince the destroy_inode functionality of jffs2 only releases the target,\nthe fix method is to set target to NULL in jffs2_i_init_once.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42115",
"url": "https://www.suse.com/security/cve/CVE-2024-42115"
},
{
"category": "external",
"summary": "SUSE Bug 1228656 for CVE-2024-42115",
"url": "https://bugzilla.suse.com/1228656"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42115"
},
{
"cve": "CVE-2024-42117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42117"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: ASSERT when failing to find index by plane/stream id\n\n[WHY]\nfind_disp_cfg_idx_by_plane_id and find_disp_cfg_idx_by_stream_id returns\nan array index and they return -1 when not found; however, -1 is not a\nvalid index number.\n\n[HOW]\nWhen this happens, call ASSERT(), and return a positive number (which is\nfewer than callers\u0027 array size) instead.\n\nThis fixes 4 OVERRUN and 2 NEGATIVE_RETURNS issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42117",
"url": "https://www.suse.com/security/cve/CVE-2024-42117"
},
{
"category": "external",
"summary": "SUSE Bug 1228582 for CVE-2024-42117",
"url": "https://bugzilla.suse.com/1228582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "low"
}
],
"title": "CVE-2024-42117"
},
{
"cve": "CVE-2024-42119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42119"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip finding free audio for unknown engine_id\n\n[WHY]\nENGINE_ID_UNKNOWN = -1 and can not be used as an array index. Plus, it\nalso means it is uninitialized and does not need free audio.\n\n[HOW]\nSkip and return NULL.\n\nThis fixes 2 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42119",
"url": "https://www.suse.com/security/cve/CVE-2024-42119"
},
{
"category": "external",
"summary": "SUSE Bug 1228584 for CVE-2024-42119",
"url": "https://bugzilla.suse.com/1228584"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42119"
},
{
"cve": "CVE-2024-42120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42120"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check pipe offset before setting vblank\n\npipe_ctx has a size of MAX_PIPES so checking its index before accessing\nthe array.\n\nThis fixes an OVERRUN issue reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42120",
"url": "https://www.suse.com/security/cve/CVE-2024-42120"
},
{
"category": "external",
"summary": "SUSE Bug 1228588 for CVE-2024-42120",
"url": "https://bugzilla.suse.com/1228588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42120"
},
{
"cve": "CVE-2024-42121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42121"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check index msg_id before read or write\n\n[WHAT]\nmsg_id is used as an array index and it cannot be a negative value, and\ntherefore cannot be equal to MOD_HDCP_MESSAGE_ID_INVALID (-1).\n\n[HOW]\nCheck whether msg_id is valid before reading and setting.\n\nThis fixes 4 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42121",
"url": "https://www.suse.com/security/cve/CVE-2024-42121"
},
{
"category": "external",
"summary": "SUSE Bug 1228590 for CVE-2024-42121",
"url": "https://bugzilla.suse.com/1228590"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42121"
},
{
"cve": "CVE-2024-42122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42122"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL pointer check for kzalloc\n\n[Why \u0026 How]\nCheck return pointer of kzalloc before using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42122",
"url": "https://www.suse.com/security/cve/CVE-2024-42122"
},
{
"category": "external",
"summary": "SUSE Bug 1228591 for CVE-2024-42122",
"url": "https://bugzilla.suse.com/1228591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42122"
},
{
"cve": "CVE-2024-42124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Make qedf_execute_tmf() non-preemptible\n\nStop calling smp_processor_id() from preemptible code in\nqedf_execute_tmf90. This results in BUG_ON() when running an RT kernel.\n\n[ 659.343280] BUG: using smp_processor_id() in preemptible [00000000] code: sg_reset/3646\n[ 659.343282] caller is qedf_execute_tmf+0x8b/0x360 [qedf]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42124",
"url": "https://www.suse.com/security/cve/CVE-2024-42124"
},
{
"category": "external",
"summary": "SUSE Bug 1228705 for CVE-2024-42124",
"url": "https://bugzilla.suse.com/1228705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42124"
},
{
"cve": "CVE-2024-42125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband\n\nWe have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz\nsband will be NULL even if it is WiFi 7 chip. So, add NULL handling here\nto avoid crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42125",
"url": "https://www.suse.com/security/cve/CVE-2024-42125"
},
{
"category": "external",
"summary": "SUSE Bug 1228674 for CVE-2024-42125",
"url": "https://bugzilla.suse.com/1228674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42125"
},
{
"cve": "CVE-2024-42126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.\n\nnmi_enter()/nmi_exit() touches per cpu variables which can lead to kernel\ncrash when invoked during real mode interrupt handling (e.g. early HMI/MCE\ninterrupt handler) if percpu allocation comes from vmalloc area.\n\nEarly HMI/MCE handlers are called through DEFINE_INTERRUPT_HANDLER_NMI()\nwrapper which invokes nmi_enter/nmi_exit calls. We don\u0027t see any issue when\npercpu allocation is from the embedded first chunk. However with\nCONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there are chances where percpu\nallocation can come from the vmalloc area.\n\nWith kernel command line \"percpu_alloc=page\" we can force percpu allocation\nto come from vmalloc area and can see kernel crash in machine_check_early:\n\n[ 1.215714] NIP [c000000000e49eb4] rcu_nmi_enter+0x24/0x110\n[ 1.215717] LR [c0000000000461a0] machine_check_early+0xf0/0x2c0\n[ 1.215719] --- interrupt: 200\n[ 1.215720] [c000000fffd73180] [0000000000000000] 0x0 (unreliable)\n[ 1.215722] [c000000fffd731b0] [0000000000000000] 0x0\n[ 1.215724] [c000000fffd73210] [c000000000008364] machine_check_early_common+0x134/0x1f8\n\nFix this by avoiding use of nmi_enter()/nmi_exit() in real mode if percpu\nfirst chunk is not embedded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42126",
"url": "https://www.suse.com/security/cve/CVE-2024-42126"
},
{
"category": "external",
"summary": "SUSE Bug 1228718 for CVE-2024-42126",
"url": "https://bugzilla.suse.com/1228718"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42126"
},
{
"cve": "CVE-2024-42127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42127"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/lima: fix shared irq handling on driver remove\n\nlima uses a shared interrupt, so the interrupt handlers must be prepared\nto be called at any time. At driver removal time, the clocks are\ndisabled early and the interrupts stay registered until the very end of\nthe remove process due to the devm usage.\nThis is potentially a bug as the interrupts access device registers\nwhich assumes clocks are enabled. A crash can be triggered by removing\nthe driver in a kernel with CONFIG_DEBUG_SHIRQ enabled.\nThis patch frees the interrupts at each lima device finishing callback\nso that the handlers are already unregistered by the time we fully\ndisable clocks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42127",
"url": "https://www.suse.com/security/cve/CVE-2024-42127"
},
{
"category": "external",
"summary": "SUSE Bug 1228721 for CVE-2024-42127",
"url": "https://bugzilla.suse.com/1228721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42127"
},
{
"cve": "CVE-2024-42130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42130"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc/nci: Add the inconsistency check between the input data length and count\n\nwrite$nci(r0, \u0026(0x7f0000000740)=ANY=[@ANYBLOB=\"610501\"], 0xf)\n\nSyzbot constructed a write() call with a data length of 3 bytes but a count value\nof 15, which passed too little data to meet the basic requirements of the function\nnci_rf_intf_activated_ntf_packet().\n\nTherefore, increasing the comparison between data length and count value to avoid\nproblems caused by inconsistent data length and count.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42130",
"url": "https://www.suse.com/security/cve/CVE-2024-42130"
},
{
"category": "external",
"summary": "SUSE Bug 1228687 for CVE-2024-42130",
"url": "https://bugzilla.suse.com/1228687"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42130"
},
{
"cve": "CVE-2024-42131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42131"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: avoid overflows in dirty throttling logic\n\nThe dirty throttling logic is interspersed with assumptions that dirty\nlimits in PAGE_SIZE units fit into 32-bit (so that various multiplications\nfit into 64-bits). If limits end up being larger, we will hit overflows,\npossible divisions by 0 etc. Fix these problems by never allowing so\nlarge dirty limits as they have dubious practical value anyway. For\ndirty_bytes / dirty_background_bytes interfaces we can just refuse to set\nso large limits. For dirty_ratio / dirty_background_ratio it isn\u0027t so\nsimple as the dirty limit is computed from the amount of available memory\nwhich can change due to memory hotplug etc. So when converting dirty\nlimits from ratios to numbers of pages, we just don\u0027t allow the result to\nexceed UINT_MAX.\n\nThis is root-only triggerable problem which occurs when the operator\nsets dirty limits to \u003e16 TB.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42131",
"url": "https://www.suse.com/security/cve/CVE-2024-42131"
},
{
"category": "external",
"summary": "SUSE Bug 1228650 for CVE-2024-42131",
"url": "https://bugzilla.suse.com/1228650"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42131"
},
{
"cve": "CVE-2024-42132",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42132"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX\n\nSyzbot hit warning in hci_conn_del() caused by freeing handle that was\nnot allocated using ida allocator.\n\nThis is caused by handle bigger than HCI_CONN_HANDLE_MAX passed by\nhci_le_big_sync_established_evt(), which makes code think it\u0027s unset\nconnection.\n\nAdd same check for handle upper bound as in hci_conn_set_handle() to\nprevent warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42132",
"url": "https://www.suse.com/security/cve/CVE-2024-42132"
},
{
"category": "external",
"summary": "SUSE Bug 1228492 for CVE-2024-42132",
"url": "https://bugzilla.suse.com/1228492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42132"
},
{
"cve": "CVE-2024-42133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42133"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Ignore too large handle values in BIG\n\nhci_le_big_sync_established_evt is necessary to filter out cases where the\nhandle value is belonging to ida id range, otherwise ida will be erroneously\nreleased in hci_conn_cleanup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42133",
"url": "https://www.suse.com/security/cve/CVE-2024-42133"
},
{
"category": "external",
"summary": "SUSE Bug 1228511 for CVE-2024-42133",
"url": "https://bugzilla.suse.com/1228511"
},
{
"category": "external",
"summary": "SUSE Bug 1231419 for CVE-2024-42133",
"url": "https://bugzilla.suse.com/1231419"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-42133"
},
{
"cve": "CVE-2024-42136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42136"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncdrom: rearrange last_media_change check to avoid unintentional overflow\n\nWhen running syzkaller with the newly reintroduced signed integer wrap\nsanitizer we encounter this splat:\n\n[ 366.015950] UBSAN: signed-integer-overflow in ../drivers/cdrom/cdrom.c:2361:33\n[ 366.021089] -9223372036854775808 - 346321 cannot be represented in type \u0027__s64\u0027 (aka \u0027long long\u0027)\n[ 366.025894] program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO\n[ 366.027502] CPU: 5 PID: 28472 Comm: syz-executor.7 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1\n[ 366.027512] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 366.027518] Call Trace:\n[ 366.027523] \u003cTASK\u003e\n[ 366.027533] dump_stack_lvl+0x93/0xd0\n[ 366.027899] handle_overflow+0x171/0x1b0\n[ 366.038787] ata1.00: invalid multi_count 32 ignored\n[ 366.043924] cdrom_ioctl+0x2c3f/0x2d10\n[ 366.063932] ? __pm_runtime_resume+0xe6/0x130\n[ 366.071923] sr_block_ioctl+0x15d/0x1d0\n[ 366.074624] ? __pfx_sr_block_ioctl+0x10/0x10\n[ 366.077642] blkdev_ioctl+0x419/0x500\n[ 366.080231] ? __pfx_blkdev_ioctl+0x10/0x10\n...\n\nHistorically, the signed integer overflow sanitizer did not work in the\nkernel due to its interaction with `-fwrapv` but this has since been\nchanged [1] in the newest version of Clang. It was re-enabled in the\nkernel with Commit 557f8c582a9ba8ab (\"ubsan: Reintroduce signed overflow\nsanitizer\").\n\nLet\u0027s rearrange the check to not perform any arithmetic, thus not\ntripping the sanitizer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42136",
"url": "https://www.suse.com/security/cve/CVE-2024-42136"
},
{
"category": "external",
"summary": "SUSE Bug 1228758 for CVE-2024-42136",
"url": "https://bugzilla.suse.com/1228758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "low"
}
],
"title": "CVE-2024-42136"
},
{
"cve": "CVE-2024-42137",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42137"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot\n\nCommit 272970be3dab (\"Bluetooth: hci_qca: Fix driver shutdown on closed\nserdev\") will cause below regression issue:\n\nBT can\u0027t be enabled after below steps:\ncold boot -\u003e enable BT -\u003e disable BT -\u003e warm reboot -\u003e BT enable failure\nif property enable-gpios is not configured within DT|ACPI for QCA6390.\n\nThe commit is to fix a use-after-free issue within qca_serdev_shutdown()\nby adding condition to avoid the serdev is flushed or wrote after closed\nbut also introduces this regression issue regarding above steps since the\nVSC is not sent to reset controller during warm reboot.\n\nFixed by sending the VSC to reset controller within qca_serdev_shutdown()\nonce BT was ever enabled, and the use-after-free issue is also fixed by\nthis change since the serdev is still opened before it is flushed or wrote.\n\nVerified by the reported machine Dell XPS 13 9310 laptop over below two\nkernel commits:\ncommit e00fc2700a3f (\"Bluetooth: btusb: Fix triggering coredump\nimplementation for QCA\") of bluetooth-next tree.\ncommit b23d98d46d28 (\"Bluetooth: btusb: Fix triggering coredump\nimplementation for QCA\") of linus mainline tree.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42137",
"url": "https://www.suse.com/security/cve/CVE-2024-42137"
},
{
"category": "external",
"summary": "SUSE Bug 1228563 for CVE-2024-42137",
"url": "https://bugzilla.suse.com/1228563"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42137"
},
{
"cve": "CVE-2024-42138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42138"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file\n\nIn case of invalid INI file mlxsw_linecard_types_init() deallocates memory\nbut doesn\u0027t reset pointer to NULL and returns 0. In case of any error\noccurred after mlxsw_linecard_types_init() call, mlxsw_linecards_init()\ncalls mlxsw_linecard_types_fini() which performs memory deallocation again.\n\nAdd pointer reset to NULL.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42138",
"url": "https://www.suse.com/security/cve/CVE-2024-42138"
},
{
"category": "external",
"summary": "SUSE Bug 1228500 for CVE-2024-42138",
"url": "https://bugzilla.suse.com/1228500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42138"
},
{
"cve": "CVE-2024-42139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42139"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper extts handling\n\nExtts events are disabled and enabled by the application ts2phc.\nHowever, in case where the driver is removed when the application is\nrunning, a specific extts event remains enabled and can cause a kernel\ncrash.\nAs a side effect, when the driver is reloaded and application is started\nagain, remaining extts event for the channel from a previous run will\nkeep firing and the message \"extts on unexpected channel\" might be\nprinted to the user.\n\nTo avoid that, extts events shall be disabled when PTP is released.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42139",
"url": "https://www.suse.com/security/cve/CVE-2024-42139"
},
{
"category": "external",
"summary": "SUSE Bug 1228503 for CVE-2024-42139",
"url": "https://bugzilla.suse.com/1228503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42139"
},
{
"cve": "CVE-2024-42141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42141"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Check socket flag instead of hcon\n\nThis fixes the following Smatch static checker warning:\n\nnet/bluetooth/iso.c:1364 iso_sock_recvmsg()\nerror: we previously assumed \u0027pi-\u003econn-\u003ehcon\u0027 could be null (line 1359)\n\nnet/bluetooth/iso.c\n1347 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg,\n1348 size_t len, int flags)\n1349 {\n1350 struct sock *sk = sock-\u003esk;\n1351 struct iso_pinfo *pi = iso_pi(sk);\n1352\n1353 BT_DBG(\"sk %p\", sk);\n1354\n1355 if (test_and_clear_bit(BT_SK_DEFER_SETUP,\n \u0026bt_sk(sk)-\u003eflags)) {\n1356 lock_sock(sk);\n1357 switch (sk-\u003esk_state) {\n1358 case BT_CONNECT2:\n1359 if (pi-\u003econn-\u003ehcon \u0026\u0026\n ^^^^^^^^^^^^^^ If -\u003ehcon is NULL\n\n1360 test_bit(HCI_CONN_PA_SYNC,\n \u0026pi-\u003econn-\u003ehcon-\u003eflags)) {\n1361 iso_conn_big_sync(sk);\n1362 sk-\u003esk_state = BT_LISTEN;\n1363 } else {\n--\u003e 1364 iso_conn_defer_accept(pi-\u003econn-\u003ehcon);\n ^^^^^^^^^^^^^^\n then we\u0027re toast\n\n1365 sk-\u003esk_state = BT_CONFIG;\n1366 }\n1367 release_sock(sk);\n1368 return 0;\n1369 case BT_CONNECTED:\n1370 if (test_bit(BT_SK_PA_SYNC,",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42141",
"url": "https://www.suse.com/security/cve/CVE-2024-42141"
},
{
"category": "external",
"summary": "SUSE Bug 1228502 for CVE-2024-42141",
"url": "https://bugzilla.suse.com/1228502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42141"
},
{
"cve": "CVE-2024-42142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: E-switch, Create ingress ACL when needed\n\nCurrently, ingress acl is used for three features. It is created only\nwhen vport metadata match and prio tag are enabled. But active-backup\nlag mode also uses it. It is independent of vport metadata match and\nprio tag. And vport metadata match can be disabled using the\nfollowing devlink command:\n\n # devlink dev param set pci/0000:08:00.0 name esw_port_metadata \\\n\tvalue false cmode runtime\n\nIf ingress acl is not created, will hit panic when creating drop rule\nfor active-backup lag mode. If always create it, there will be about\n5% performance degradation.\n\nFix it by creating ingress acl when needed. If esw_port_metadata is\ntrue, ingress acl exists, then create drop rule using existing\ningress acl. If esw_port_metadata is false, create ingress acl and\nthen create drop rule.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42142",
"url": "https://www.suse.com/security/cve/CVE-2024-42142"
},
{
"category": "external",
"summary": "SUSE Bug 1228491 for CVE-2024-42142",
"url": "https://bugzilla.suse.com/1228491"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42142"
},
{
"cve": "CVE-2024-42143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42143"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42143",
"url": "https://www.suse.com/security/cve/CVE-2024-42143"
},
{
"category": "external",
"summary": "SUSE Bug 1228748 for CVE-2024-42143",
"url": "https://bugzilla.suse.com/1228748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42143"
},
{
"cve": "CVE-2024-42144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42144"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data\n\nVerify that lvts_data is not NULL before using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42144",
"url": "https://www.suse.com/security/cve/CVE-2024-42144"
},
{
"category": "external",
"summary": "SUSE Bug 1228666 for CVE-2024-42144",
"url": "https://bugzilla.suse.com/1228666"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42144"
},
{
"cve": "CVE-2024-42145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/core: Implement a limit on UMAD receive List\n\nThe existing behavior of ib_umad, which maintains received MAD\npackets in an unbounded list, poses a risk of uncontrolled growth.\nAs user-space applications extract packets from this list, the rate\nof extraction may not match the rate of incoming packets, leading\nto potential list overflow.\n\nTo address this, we introduce a limit to the size of the list. After\nconsidering typical scenarios, such as OpenSM processing, which can\nhandle approximately 100k packets per second, and the 1-second retry\ntimeout for most packets, we set the list size limit to 200k. Packets\nreceived beyond this limit are dropped, assuming they are likely timed\nout by the time they are handled by user-space.\n\nNotably, packets queued on the receive list due to reasons like\ntimed-out sends are preserved even when the list is full.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42145",
"url": "https://www.suse.com/security/cve/CVE-2024-42145"
},
{
"category": "external",
"summary": "SUSE Bug 1223384 for CVE-2024-42145",
"url": "https://bugzilla.suse.com/1223384"
},
{
"category": "external",
"summary": "SUSE Bug 1228743 for CVE-2024-42145",
"url": "https://bugzilla.suse.com/1228743"
},
{
"category": "external",
"summary": "SUSE Bug 1228744 for CVE-2024-42145",
"url": "https://bugzilla.suse.com/1228744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-42145"
},
{
"cve": "CVE-2024-42147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/debugfs - Fix debugfs uninit process issue\n\nDuring the zip probe process, the debugfs failure does not stop\nthe probe. When debugfs initialization fails, jumping to the\nerror branch will also release regs, in addition to its own\nrollback operation.\n\nAs a result, it may be released repeatedly during the regs\nuninit process. Therefore, the null check needs to be added to\nthe regs uninit process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42147",
"url": "https://www.suse.com/security/cve/CVE-2024-42147"
},
{
"category": "external",
"summary": "SUSE Bug 1228764 for CVE-2024-42147",
"url": "https://bugzilla.suse.com/1228764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42147"
},
{
"cve": "CVE-2024-42148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42148"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnx2x: Fix multiple UBSAN array-index-out-of-bounds\n\nFix UBSAN warnings that occur when using a system with 32 physical\ncpu cores or more, or when the user defines a number of Ethernet\nqueues greater than or equal to FP_SB_MAX_E1x using the num_queues\nmodule parameter.\n\nCurrently there is a read/write out of bounds that occurs on the array\n\"struct stats_query_entry query\" present inside the \"bnx2x_fw_stats_req\"\nstruct in \"drivers/net/ethernet/broadcom/bnx2x/bnx2x.h\".\nLooking at the definition of the \"struct stats_query_entry query\" array:\n\nstruct stats_query_entry query[FP_SB_MAX_E1x+\n BNX2X_FIRST_QUEUE_QUERY_IDX];\n\nFP_SB_MAX_E1x is defined as the maximum number of fast path interrupts and\nhas a value of 16, while BNX2X_FIRST_QUEUE_QUERY_IDX has a value of 3\nmeaning the array has a total size of 19.\nSince accesses to \"struct stats_query_entry query\" are offset-ted by\nBNX2X_FIRST_QUEUE_QUERY_IDX, that means that the total number of Ethernet\nqueues should not exceed FP_SB_MAX_E1x (16). However one of these queues\nis reserved for FCOE and thus the number of Ethernet queues should be set\nto [FP_SB_MAX_E1x -1] (15) if FCOE is enabled or [FP_SB_MAX_E1x] (16) if\nit is not.\n\nThis is also described in a comment in the source code in\ndrivers/net/ethernet/broadcom/bnx2x/bnx2x.h just above the Macro definition\nof FP_SB_MAX_E1x. Below is the part of this explanation that it important\nfor this patch\n\n/*\n * The total number of L2 queues, MSIX vectors and HW contexts (CIDs) is\n * control by the number of fast-path status blocks supported by the\n * device (HW/FW). Each fast-path status block (FP-SB) aka non-default\n * status block represents an independent interrupts context that can\n * serve a regular L2 networking queue. However special L2 queues such\n * as the FCoE queue do not require a FP-SB and other components like\n * the CNIC may consume FP-SB reducing the number of possible L2 queues\n *\n * If the maximum number of FP-SB available is X then:\n * a. If CNIC is supported it consumes 1 FP-SB thus the max number of\n * regular L2 queues is Y=X-1\n * b. In MF mode the actual number of L2 queues is Y= (X-1/MF_factor)\n * c. If the FCoE L2 queue is supported the actual number of L2 queues\n * is Y+1\n * d. The number of irqs (MSIX vectors) is either Y+1 (one extra for\n * slow-path interrupts) or Y+2 if CNIC is supported (one additional\n * FP interrupt context for the CNIC).\n * e. The number of HW context (CID count) is always X or X+1 if FCoE\n * L2 queue is supported. The cid for the FCoE L2 queue is always X.\n */\n\nHowever this driver also supports NICs that use the E2 controller which can\nhandle more queues due to having more FP-SB represented by FP_SB_MAX_E2.\nLooking at the commits when the E2 support was added, it was originally\nusing the E1x parameters: commit f2e0899f0f27 (\"bnx2x: Add 57712 support\").\nBack then FP_SB_MAX_E2 was set to 16 the same as E1x. However the driver\nwas later updated to take full advantage of the E2 instead of having it be\nlimited to the capabilities of the E1x. But as far as we can tell, the\narray \"stats_query_entry query\" was still limited to using the FP-SB\navailable to the E1x cards as part of an oversignt when the driver was\nupdated to take full advantage of the E2, and now with the driver being\naware of the greater queue size supported by E2 NICs, it causes the UBSAN\nwarnings seen in the stack traces below.\n\nThis patch increases the size of the \"stats_query_entry query\" array by\nreplacing FP_SB_MAX_E1x with FP_SB_MAX_E2 to be large enough to handle\nboth types of NICs.\n\nStack traces:\n\nUBSAN: array-index-out-of-bounds in\n drivers/net/ethernet/broadcom/bnx2x/bnx2x_stats.c:1529:11\nindex 20 is out of range for type \u0027stats_query_entry [19]\u0027\nCPU: 12 PID: 858 Comm: systemd-network Not tainted 6.9.0-060900rc7-generic\n\t #202405052133\nHardware name: HP ProLiant DL360 Gen9/ProLiant DL360 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42148",
"url": "https://www.suse.com/security/cve/CVE-2024-42148"
},
{
"category": "external",
"summary": "SUSE Bug 1228487 for CVE-2024-42148",
"url": "https://bugzilla.suse.com/1228487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42148"
},
{
"cve": "CVE-2024-42152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42152"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: fix a possible leak when destroy a ctrl during qp establishment\n\nIn nvmet_sq_destroy we capture sq-\u003ectrl early and if it is non-NULL we\nknow that a ctrl was allocated (in the admin connect request handler)\nand we need to release pending AERs, clear ctrl-\u003esqs and sq-\u003ectrl\n(for nvme-loop primarily), and drop the final reference on the ctrl.\n\nHowever, a small window is possible where nvmet_sq_destroy starts (as\na result of the client giving up and disconnecting) concurrently with\nthe nvme admin connect cmd (which may be in an early stage). But *before*\nkill_and_confirm of sq-\u003eref (i.e. the admin connect managed to get an sq\nlive reference). In this case, sq-\u003ectrl was allocated however after it was\ncaptured in a local variable in nvmet_sq_destroy.\nThis prevented the final reference drop on the ctrl.\n\nSolve this by re-capturing the sq-\u003ectrl after all inflight request has\ncompleted, where for sure sq-\u003ectrl reference is final, and move forward\nbased on that.\n\nThis issue was observed in an environment with many hosts connecting\nmultiple ctrls simoutanuosly, creating a delay in allocating a ctrl\nleading up to this race window.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42152",
"url": "https://www.suse.com/security/cve/CVE-2024-42152"
},
{
"category": "external",
"summary": "SUSE Bug 1228724 for CVE-2024-42152",
"url": "https://bugzilla.suse.com/1228724"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42152"
},
{
"cve": "CVE-2024-42153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42153"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr\n\nWhen del_timer_sync() is called in an interrupt context it throws a warning\nbecause of potential deadlock. The timer is used only to exit from\nwait_for_completion() after a timeout so replacing the call with\nwait_for_completion_timeout() allows to remove the problematic timer and\nits related functions altogether.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42153",
"url": "https://www.suse.com/security/cve/CVE-2024-42153"
},
{
"category": "external",
"summary": "SUSE Bug 1228510 for CVE-2024-42153",
"url": "https://bugzilla.suse.com/1228510"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42153"
},
{
"cve": "CVE-2024-42155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42155"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe copies of protected- and secure-keys\n\nAlthough the clear-key of neither protected- nor secure-keys is\naccessible, this key material should only be visible to the calling\nprocess. So wipe all copies of protected- or secure-keys from stack,\neven in case of an error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42155",
"url": "https://www.suse.com/security/cve/CVE-2024-42155"
},
{
"category": "external",
"summary": "SUSE Bug 1228733 for CVE-2024-42155",
"url": "https://bugzilla.suse.com/1228733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42155"
},
{
"cve": "CVE-2024-42156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42156"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe copies of clear-key structures on failure\n\nWipe all sensitive data from stack for all IOCTLs, which convert a\nclear-key into a protected- or secure-key.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42156",
"url": "https://www.suse.com/security/cve/CVE-2024-42156"
},
{
"category": "external",
"summary": "SUSE Bug 1228722 for CVE-2024-42156",
"url": "https://bugzilla.suse.com/1228722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42156"
},
{
"cve": "CVE-2024-42157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42157"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe sensitive data on failure\n\nWipe sensitive data from stack also if the copy_to_user() fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42157",
"url": "https://www.suse.com/security/cve/CVE-2024-42157"
},
{
"category": "external",
"summary": "SUSE Bug 1228727 for CVE-2024-42157",
"url": "https://bugzilla.suse.com/1228727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42157"
},
{
"cve": "CVE-2024-42158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42158"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Use kfree_sensitive() to fix Coccinelle warnings\n\nReplace memzero_explicit() and kfree() with kfree_sensitive() to fix\nwarnings reported by Coccinelle:\n\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506)\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643)\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42158",
"url": "https://www.suse.com/security/cve/CVE-2024-42158"
},
{
"category": "external",
"summary": "SUSE Bug 1228720 for CVE-2024-42158",
"url": "https://bugzilla.suse.com/1228720"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42158"
},
{
"cve": "CVE-2024-42159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Sanitise num_phys\n\nInformation is stored in mr_sas_port-\u003ephy_mask, values larger then size of\nthis field shouldn\u0027t be allowed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42159",
"url": "https://www.suse.com/security/cve/CVE-2024-42159"
},
{
"category": "external",
"summary": "SUSE Bug 1228754 for CVE-2024-42159",
"url": "https://bugzilla.suse.com/1228754"
},
{
"category": "external",
"summary": "SUSE Bug 1228755 for CVE-2024-42159",
"url": "https://bugzilla.suse.com/1228755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-42159"
},
{
"cve": "CVE-2024-42161",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42161"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD\n\n[Changes from V1:\n - Use a default branch in the switch statement to initialize `val\u0027.]\n\nGCC warns that `val\u0027 may be used uninitialized in the\nBPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as:\n\n\t[...]\n\tunsigned long long val;\t\t\t\t\t\t \\\n\t[...]\t\t\t\t\t\t\t\t \\\n\tswitch (__CORE_RELO(s, field, BYTE_SIZE)) {\t\t\t \\\n\tcase 1: val = *(const unsigned char *)p; break;\t\t\t \\\n\tcase 2: val = *(const unsigned short *)p; break;\t\t \\\n\tcase 4: val = *(const unsigned int *)p; break;\t\t\t \\\n\tcase 8: val = *(const unsigned long long *)p; break;\t\t \\\n } \t\t\t\t\t\t\t \\\n\t[...]\n\tval;\t\t\t\t\t\t\t\t \\\n\t}\t\t\t\t\t\t\t\t \\\n\nThis patch adds a default entry in the switch statement that sets\n`val\u0027 to zero in order to avoid the warning, and random values to be\nused in case __builtin_preserve_field_info returns unexpected values\nfor BPF_FIELD_BYTE_SIZE.\n\nTested in bpf-next master.\nNo regressions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42161",
"url": "https://www.suse.com/security/cve/CVE-2024-42161"
},
{
"category": "external",
"summary": "SUSE Bug 1228756 for CVE-2024-42161",
"url": "https://bugzilla.suse.com/1228756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42161"
},
{
"cve": "CVE-2024-42162",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42162"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Account for stopped queues when reading NIC stats\n\nWe now account for the fact that the NIC might send us stats for a\nsubset of queues. Without this change, gve_get_ethtool_stats might make\nan invalid access on the priv-\u003estats_report-\u003estats array.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42162",
"url": "https://www.suse.com/security/cve/CVE-2024-42162"
},
{
"category": "external",
"summary": "SUSE Bug 1228706 for CVE-2024-42162",
"url": "https://bugzilla.suse.com/1228706"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42162"
},
{
"cve": "CVE-2024-42223",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42223"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: tda10048: Fix integer overflow\n\nstate-\u003extal_hz can be up to 16M, so it can overflow a 32 bit integer\nwhen multiplied by pll_mfactor.\n\nCreate a new 64 bit variable to hold the calculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42223",
"url": "https://www.suse.com/security/cve/CVE-2024-42223"
},
{
"category": "external",
"summary": "SUSE Bug 1228726 for CVE-2024-42223",
"url": "https://bugzilla.suse.com/1228726"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42223"
},
{
"cve": "CVE-2024-42224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42224"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Correct check for empty list\n\nSince commit a3c53be55c95 (\"net: dsa: mv88e6xxx: Support multiple MDIO\nbusses\") mv88e6xxx_default_mdio_bus() has checked that the\nreturn value of list_first_entry() is non-NULL.\n\nThis appears to be intended to guard against the list chip-\u003emdios being\nempty. However, it is not the correct check as the implementation of\nlist_first_entry is not designed to return NULL for empty lists.\n\nInstead, use list_first_entry_or_null() which does return NULL if the\nlist is empty.\n\nFlagged by Smatch.\nCompile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42224",
"url": "https://www.suse.com/security/cve/CVE-2024-42224"
},
{
"category": "external",
"summary": "SUSE Bug 1228723 for CVE-2024-42224",
"url": "https://bugzilla.suse.com/1228723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42224"
},
{
"cve": "CVE-2024-42225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42225"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: replace skb_put with skb_put_zero\n\nAvoid potentially reusing uninitialized data",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42225",
"url": "https://www.suse.com/security/cve/CVE-2024-42225"
},
{
"category": "external",
"summary": "SUSE Bug 1228710 for CVE-2024-42225",
"url": "https://bugzilla.suse.com/1228710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42225"
},
{
"cve": "CVE-2024-42226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42226"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42226",
"url": "https://www.suse.com/security/cve/CVE-2024-42226"
},
{
"category": "external",
"summary": "SUSE Bug 1228709 for CVE-2024-42226",
"url": "https://bugzilla.suse.com/1228709"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42226"
},
{
"cve": "CVE-2024-42227",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42227"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix overlapping copy within dml_core_mode_programming\n\n[WHY]\n\u0026mode_lib-\u003emp.Watermark and \u0026locals-\u003eWatermark are\nthe same address. memcpy may lead to unexpected behavior.\n\n[HOW]\nmemmove should be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42227",
"url": "https://www.suse.com/security/cve/CVE-2024-42227"
},
{
"category": "external",
"summary": "SUSE Bug 1228707 for CVE-2024-42227",
"url": "https://bugzilla.suse.com/1228707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42227"
},
{
"cve": "CVE-2024-42228",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42228"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc\n\nInitialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.\nV2: To really improve the handling we would actually\n need to have a separate value of 0xffffffff.(Christian)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42228",
"url": "https://www.suse.com/security/cve/CVE-2024-42228"
},
{
"category": "external",
"summary": "SUSE Bug 1228667 for CVE-2024-42228",
"url": "https://bugzilla.suse.com/1228667"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42228"
},
{
"cve": "CVE-2024-42229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42229"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: aead,cipher - zeroize key buffer after use\n\nI.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding\ncryptographic information should be zeroized once they are no longer\nneeded. Accomplish this by using kfree_sensitive for buffers that\npreviously held the private key.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42229",
"url": "https://www.suse.com/security/cve/CVE-2024-42229"
},
{
"category": "external",
"summary": "SUSE Bug 1228708 for CVE-2024-42229",
"url": "https://bugzilla.suse.com/1228708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42229"
},
{
"cve": "CVE-2024-42230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42230"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Fix scv instruction crash with kexec\n\nkexec on pseries disables AIL (reloc_on_exc), required for scv\ninstruction support, before other CPUs have been shut down. This means\nthey can execute scv instructions after AIL is disabled, which causes an\ninterrupt at an unexpected entry location that crashes the kernel.\n\nChange the kexec sequence to disable AIL after other CPUs have been\nbrought down.\n\nAs a refresher, the real-mode scv interrupt vector is 0x17000, and the\nfixed-location head code probably couldn\u0027t easily deal with implementing\nsuch high addresses so it was just decided not to support that interrupt\nat all.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42230",
"url": "https://www.suse.com/security/cve/CVE-2024-42230"
},
{
"category": "external",
"summary": "SUSE Bug 1228489 for CVE-2024-42230",
"url": "https://bugzilla.suse.com/1228489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42230"
},
{
"cve": "CVE-2024-42232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42232"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix race between delayed_work() and ceph_monc_stop()\n\nThe way the delayed work is handled in ceph_monc_stop() is prone to\nraces with mon_fault() and possibly also finish_hunting(). Both of\nthese can requeue the delayed work which wouldn\u0027t be canceled by any of\nthe following code in case that happens after cancel_delayed_work_sync()\nruns -- __close_session() doesn\u0027t mess with the delayed work in order\nto avoid interfering with the hunting interval logic. This part was\nmissed in commit b5d91704f53e (\"libceph: behave in mon_fault() if\ncur_mon \u003c 0\") and use-after-free can still ensue on monc and objects\nthat hang off of it, with monc-\u003eauth and monc-\u003emonmap being\nparticularly susceptible to quickly being reused.\n\nTo fix this:\n\n- clear monc-\u003ecur_mon and monc-\u003ehunting as part of closing the session\n in ceph_monc_stop()\n- bail from delayed_work() if monc-\u003ecur_mon is cleared, similar to how\n it\u0027s done in mon_fault() and finish_hunting() (based on monc-\u003ehunting)\n- call cancel_delayed_work_sync() after the session is closed",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42232",
"url": "https://www.suse.com/security/cve/CVE-2024-42232"
},
{
"category": "external",
"summary": "SUSE Bug 1228959 for CVE-2024-42232",
"url": "https://bugzilla.suse.com/1228959"
},
{
"category": "external",
"summary": "SUSE Bug 1229458 for CVE-2024-42232",
"url": "https://bugzilla.suse.com/1229458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-42232"
},
{
"cve": "CVE-2024-42236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42236"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: configfs: Prevent OOB read/write in usb_string_copy()\n\nUserspace provided string \u0027s\u0027 could trivially have the length zero. Left\nunchecked this will firstly result in an OOB read in the form\n`if (str[0 - 1] == \u0027\\n\u0027) followed closely by an OOB write in the form\n`str[0 - 1] = \u0027\\0\u0027`.\n\nThere is already a validating check to catch strings that are too long.\nLet\u0027s supply an additional check for invalid strings that are too short.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42236",
"url": "https://www.suse.com/security/cve/CVE-2024-42236"
},
{
"category": "external",
"summary": "SUSE Bug 1228964 for CVE-2024-42236",
"url": "https://bugzilla.suse.com/1228964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42236"
},
{
"cve": "CVE-2024-42237",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42237"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Validate payload length before processing block\n\nMove the payload length check in cs_dsp_load() and cs_dsp_coeff_load()\nto be done before the block is processed.\n\nThe check that the length of a block payload does not exceed the number\nof remaining bytes in the firwmware file buffer was being done near the\nend of the loop iteration. However, some code before that check used the\nlength field without validating it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42237",
"url": "https://www.suse.com/security/cve/CVE-2024-42237"
},
{
"category": "external",
"summary": "SUSE Bug 1228992 for CVE-2024-42237",
"url": "https://bugzilla.suse.com/1228992"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42237"
},
{
"cve": "CVE-2024-42238",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42238"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Return error if block header overflows file\n\nReturn an error from cs_dsp_power_up() if a block header is longer\nthan the amount of data left in the file.\n\nThe previous code in cs_dsp_load() and cs_dsp_load_coeff() would loop\nwhile there was enough data left in the file for a valid region. This\nprotected against overrunning the end of the file data, but it didn\u0027t\nabort the file processing with an error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42238",
"url": "https://www.suse.com/security/cve/CVE-2024-42238"
},
{
"category": "external",
"summary": "SUSE Bug 1228991 for CVE-2024-42238",
"url": "https://bugzilla.suse.com/1228991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42238"
},
{
"cve": "CVE-2024-42239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fail bpf_timer_cancel when callback is being cancelled\n\nGiven a schedule:\n\ntimer1 cb\t\t\ttimer2 cb\n\nbpf_timer_cancel(timer2);\tbpf_timer_cancel(timer1);\n\nBoth bpf_timer_cancel calls would wait for the other callback to finish\nexecuting, introducing a lockup.\n\nAdd an atomic_t count named \u0027cancelling\u0027 in bpf_hrtimer. This keeps\ntrack of all in-flight cancellation requests for a given BPF timer.\nWhenever cancelling a BPF timer, we must check if we have outstanding\ncancellation requests, and if so, we must fail the operation with an\nerror (-EDEADLK) since cancellation is synchronous and waits for the\ncallback to finish executing. This implies that we can enter a deadlock\nsituation involving two or more timer callbacks executing in parallel\nand attempting to cancel one another.\n\nNote that we avoid incrementing the cancelling counter for the target\ntimer (the one being cancelled) if bpf_timer_cancel is not invoked from\na callback, to avoid spurious errors. The whole point of detecting\ncur-\u003ecancelling and returning -EDEADLK is to not enter a busy wait loop\n(which may or may not lead to a lockup). This does not apply in case the\ncaller is in a non-callback context, the other side can continue to\ncancel as it sees fit without running into errors.\n\nBackground on prior attempts:\n\nEarlier versions of this patch used a bool \u0027cancelling\u0027 bit and used the\nfollowing pattern under timer-\u003elock to publish cancellation status.\n\nlock(t-\u003elock);\nt-\u003ecancelling = true;\nmb();\nif (cur-\u003ecancelling)\n\treturn -EDEADLK;\nunlock(t-\u003elock);\nhrtimer_cancel(t-\u003etimer);\nt-\u003ecancelling = false;\n\nThe store outside the critical section could overwrite a parallel\nrequests t-\u003ecancelling assignment to true, to ensure the parallely\nexecuting callback observes its cancellation status.\n\nIt would be necessary to clear this cancelling bit once hrtimer_cancel\nis done, but lack of serialization introduced races. Another option was\nexplored where bpf_timer_start would clear the bit when (re)starting the\ntimer under timer-\u003elock. This would ensure serialized access to the\ncancelling bit, but may allow it to be cleared before in-flight\nhrtimer_cancel has finished executing, such that lockups can occur\nagain.\n\nThus, we choose an atomic counter to keep track of all outstanding\ncancellation requests and use it to prevent lockups in case callbacks\nattempt to cancel each other while executing in parallel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42239",
"url": "https://www.suse.com/security/cve/CVE-2024-42239"
},
{
"category": "external",
"summary": "SUSE Bug 1228979 for CVE-2024-42239",
"url": "https://bugzilla.suse.com/1228979"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42239"
},
{
"cve": "CVE-2024-42240",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42240"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/bhi: Avoid warning in #DB handler due to BHI mitigation\n\nWhen BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set\nthen entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls the\nclear_bhb_loop() before the TF flag is cleared. This causes the #DB handler\n(exc_debug_kernel()) to issue a warning because single-step is used outside the\nentry_SYSENTER_compat() function.\n\nTo address this issue, entry_SYSENTER_compat() should use CLEAR_BRANCH_HISTORY\nafter making sure the TF flag is cleared.\n\nThe problem can be reproduced with the following sequence:\n\n $ cat sysenter_step.c\n int main()\n { asm(\"pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter\"); }\n\n $ gcc -o sysenter_step sysenter_step.c\n\n $ ./sysenter_step\n Segmentation fault (core dumped)\n\nThe program is expected to crash, and the #DB handler will issue a warning.\n\nKernel log:\n\n WARNING: CPU: 27 PID: 7000 at arch/x86/kernel/traps.c:1009 exc_debug_kernel+0xd2/0x160\n ...\n RIP: 0010:exc_debug_kernel+0xd2/0x160\n ...\n Call Trace:\n \u003c#DB\u003e\n ? show_regs+0x68/0x80\n ? __warn+0x8c/0x140\n ? exc_debug_kernel+0xd2/0x160\n ? report_bug+0x175/0x1a0\n ? handle_bug+0x44/0x90\n ? exc_invalid_op+0x1c/0x70\n ? asm_exc_invalid_op+0x1f/0x30\n ? exc_debug_kernel+0xd2/0x160\n exc_debug+0x43/0x50\n asm_exc_debug+0x1e/0x40\n RIP: 0010:clear_bhb_loop+0x0/0xb0\n ...\n \u003c/#DB\u003e\n \u003cTASK\u003e\n ? entry_SYSENTER_compat_after_hwframe+0x6e/0x8d\n \u003c/TASK\u003e\n\n [ bp: Massage commit message. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42240",
"url": "https://www.suse.com/security/cve/CVE-2024-42240"
},
{
"category": "external",
"summary": "SUSE Bug 1228966 for CVE-2024-42240",
"url": "https://bugzilla.suse.com/1228966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42240"
},
{
"cve": "CVE-2024-42241",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42241"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/shmem: disable PMD-sized page cache if needed\n\nFor shmem files, it\u0027s possible that PMD-sized page cache can\u0027t be\nsupported by xarray. For example, 512MB page cache on ARM64 when the base\npage size is 64KB can\u0027t be supported by xarray. It leads to errors as the\nfollowing messages indicate when this sort of xarray entry is split.\n\nWARNING: CPU: 34 PID: 7578 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\nModules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 \\\nnft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject \\\nnft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \\\nip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse xfs \\\nlibcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce virtio_net \\\nnet_failover virtio_console virtio_blk failover dimlib virtio_mmio\nCPU: 34 PID: 7578 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9\nHardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\npstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\npc : xas_split_alloc+0xf8/0x128\nlr : split_huge_page_to_list_to_order+0x1c4/0x720\nsp : ffff8000882af5f0\nx29: ffff8000882af5f0 x28: ffff8000882af650 x27: ffff8000882af768\nx26: 0000000000000cc0 x25: 000000000000000d x24: ffff00010625b858\nx23: ffff8000882af650 x22: ffffffdfc0900000 x21: 0000000000000000\nx20: 0000000000000000 x19: ffffffdfc0900000 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000018000000000 x15: 52f8004000000000\nx14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020\nx11: 52f8000000000000 x10: 52f8e1c0ffff6000 x9 : ffffbeb9619a681c\nx8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff00010b02ddb0\nx5 : ffffbeb96395e378 x4 : 0000000000000000 x3 : 0000000000000cc0\nx2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000\nCall trace:\n xas_split_alloc+0xf8/0x128\n split_huge_page_to_list_to_order+0x1c4/0x720\n truncate_inode_partial_folio+0xdc/0x160\n shmem_undo_range+0x2bc/0x6a8\n shmem_fallocate+0x134/0x430\n vfs_fallocate+0x124/0x2e8\n ksys_fallocate+0x4c/0xa0\n __arm64_sys_fallocate+0x24/0x38\n invoke_syscall.constprop.0+0x7c/0xd8\n do_el0_svc+0xb4/0xd0\n el0_svc+0x44/0x1d8\n el0t_64_sync_handler+0x134/0x150\n el0t_64_sync+0x17c/0x180\n\nFix it by disabling PMD-sized page cache when HPAGE_PMD_ORDER is larger\nthan MAX_PAGECACHE_ORDER. As Matthew Wilcox pointed, the page cache in a\nshmem file isn\u0027t represented by a multi-index entry and doesn\u0027t have this\nlimitation when the xarry entry is split until commit 6b24ca4a1a8d (\"mm:\nUse multi-index entries in the page cache\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42241",
"url": "https://www.suse.com/security/cve/CVE-2024-42241"
},
{
"category": "external",
"summary": "SUSE Bug 1228986 for CVE-2024-42241",
"url": "https://bugzilla.suse.com/1228986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42241"
},
{
"cve": "CVE-2024-42244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42244"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: mos7840: fix crash on resume\n\nSince commit c49cfa917025 (\"USB: serial: use generic method if no\nalternative is provided in usb serial layer\"), USB serial core calls the\ngeneric resume implementation when the driver has not provided one.\n\nThis can trigger a crash on resume with mos7840 since support for\nmultiple read URBs was added back in 2011. Specifically, both port read\nURBs are now submitted on resume for open ports, but the context pointer\nof the second URB is left set to the core rather than mos7840 port\nstructure.\n\nFix this by implementing dedicated suspend and resume functions for\nmos7840.\n\nTested with Delock 87414 USB 2.0 to 4x serial adapter.\n\n[ johan: analyse crash and rewrite commit message; set busy flag on\n resume; drop bulk-in check; drop unnecessary usb_kill_urb() ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42244",
"url": "https://www.suse.com/security/cve/CVE-2024-42244"
},
{
"category": "external",
"summary": "SUSE Bug 1228967 for CVE-2024-42244",
"url": "https://bugzilla.suse.com/1228967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42244"
},
{
"cve": "CVE-2024-42245",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42245"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"sched/fair: Make sure to try to detach at least one movable task\"\n\nThis reverts commit b0defa7ae03ecf91b8bfd10ede430cff12fcbd06.\n\nb0defa7ae03ec changed the load balancing logic to ignore env.max_loop if\nall tasks examined to that point were pinned. The goal of the patch was\nto make it more likely to be able to detach a task buried in a long list\nof pinned tasks. However, this has the unfortunate side effect of\ncreating an O(n) iteration in detach_tasks(), as we now must fully\niterate every task on a cpu if all or most are pinned. Since this load\nbalance code is done with rq lock held, and often in softirq context, it\nis very easy to trigger hard lockups. We observed such hard lockups with\na user who affined O(10k) threads to a single cpu.\n\nWhen I discussed this with Vincent he initially suggested that we keep\nthe limit on the number of tasks to detach, but increase the number of\ntasks we can search. However, after some back and forth on the mailing\nlist, he recommended we instead revert the original patch, as it seems\nlikely no one was actually getting hit by the original issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42245",
"url": "https://www.suse.com/security/cve/CVE-2024-42245"
},
{
"category": "external",
"summary": "SUSE Bug 1228978 for CVE-2024-42245",
"url": "https://bugzilla.suse.com/1228978"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42245"
},
{
"cve": "CVE-2024-42246",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42246"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket\n\nWhen using a BPF program on kernel_connect(), the call can return -EPERM. This\ncauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causing\nthe kernel to potentially freeze up.\n\nNeil suggested:\n\n This will propagate -EPERM up into other layers which might not be ready\n to handle it. It might be safer to map EPERM to an error we would be more\n likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.\n\nECONNREFUSED as error seems reasonable. For programs setting a different error\ncan be out of reach (see handling in 4fbac77d2d09) in particular on kernels\nwhich do not have f10d05966196 (\"bpf: Make BPF_PROG_RUN_ARRAY return -err\ninstead of allow boolean\"), thus given that it is better to simply remap for\nconsistent behavior. UDP does handle EPERM in xs_udp_send_request().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42246",
"url": "https://www.suse.com/security/cve/CVE-2024-42246"
},
{
"category": "external",
"summary": "SUSE Bug 1228989 for CVE-2024-42246",
"url": "https://bugzilla.suse.com/1228989"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42246"
},
{
"cve": "CVE-2024-42247",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42247"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: allowedips: avoid unaligned 64-bit memory accesses\n\nOn the parisc platform, the kernel issues kernel warnings because\nswap_endian() tries to load a 128-bit IPv6 address from an unaligned\nmemory location:\n\n Kernel: unaligned access to 0x55f4688c in wg_allowedips_insert_v6+0x2c/0x80 [wireguard] (iir 0xf3010df)\n Kernel: unaligned access to 0x55f46884 in wg_allowedips_insert_v6+0x38/0x80 [wireguard] (iir 0xf2010dc)\n\nAvoid such unaligned memory accesses by instead using the\nget_unaligned_be64() helper macro.\n\n[Jason: replace src[8] in original patch with src+8]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42247",
"url": "https://www.suse.com/security/cve/CVE-2024-42247"
},
{
"category": "external",
"summary": "SUSE Bug 1228988 for CVE-2024-42247",
"url": "https://bugzilla.suse.com/1228988"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42247"
},
{
"cve": "CVE-2024-42250",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42250"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: add missing lock protection when polling\n\nAdd missing lock protection in poll routine when iterating xarray,\notherwise:\n\nEven with RCU read lock held, only the slot of the radix tree is\nensured to be pinned there, while the data structure (e.g. struct\ncachefiles_req) stored in the slot has no such guarantee. The poll\nroutine will iterate the radix tree and dereference cachefiles_req\naccordingly. Thus RCU read lock is not adequate in this case and\nspinlock is needed here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42250",
"url": "https://www.suse.com/security/cve/CVE-2024-42250"
},
{
"category": "external",
"summary": "SUSE Bug 1228977 for CVE-2024-42250",
"url": "https://bugzilla.suse.com/1228977"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42250"
},
{
"cve": "CVE-2024-42253",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42253"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: pca953x: fix pca953x_irq_bus_sync_unlock race\n\nEnsure that `i2c_lock\u0027 is held when setting interrupt latch and mask in\npca953x_irq_bus_sync_unlock() in order to avoid races.\n\nThe other (non-probe) call site pca953x_gpio_set_multiple() ensures the\nlock is held before calling pca953x_write_regs().\n\nThe problem occurred when a request raced against irq_bus_sync_unlock()\napproximately once per thousand reboots on an i.MX8MP based system.\n\n * Normal case\n\n 0-0022: write register AI|3a {03,02,00,00,01} Input latch P0\n 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0\n 0-0022: write register AI|08 {ff,00,00,00,00} Output P3\n 0-0022: write register AI|12 {fc,00,00,00,00} Config P3\n\n * Race case\n\n 0-0022: write register AI|08 {ff,00,00,00,00} Output P3\n 0-0022: write register AI|08 {03,02,00,00,01} *** Wrong register ***\n 0-0022: write register AI|12 {fc,00,00,00,00} Config P3\n 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42253",
"url": "https://www.suse.com/security/cve/CVE-2024-42253"
},
{
"category": "external",
"summary": "SUSE Bug 1229005 for CVE-2024-42253",
"url": "https://bugzilla.suse.com/1229005"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42253"
},
{
"cve": "CVE-2024-42259",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42259"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gem: Fix Virtual Memory mapping boundaries calculation\n\nCalculating the size of the mapped area as the lesser value\nbetween the requested size and the actual size does not consider\nthe partial mapping offset. This can cause page fault access.\n\nFix the calculation of the starting and ending addresses, the\ntotal size is now deduced from the difference between the end and\nstart addresses.\n\nAdditionally, the calculations have been rewritten in a clearer\nand more understandable form.\n\n[Joonas: Add Requires: tag]\nRequires: 60a2066c5005 (\"drm/i915/gem: Adjust vma offset for framebuffer mmap offset\")\n(cherry picked from commit 97b6784753da06d9d40232328efc5c5367e53417)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42259",
"url": "https://www.suse.com/security/cve/CVE-2024-42259"
},
{
"category": "external",
"summary": "SUSE Bug 1229156 for CVE-2024-42259",
"url": "https://bugzilla.suse.com/1229156"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42259"
},
{
"cve": "CVE-2024-42268",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42268"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix missing lock on sync reset reload\n\nOn sync reset reload work, when remote host updates devlink on reload\nactions performed on that host, it misses taking devlink lock before\ncalling devlink_remote_reload_actions_performed() which results in\ntriggering lock assert like the following:\n\nWARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50\n...\n CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S W 6.10.0-rc2+ #116\n Hardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015\n Workqueue: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core]\n RIP: 0010:devl_assert_locked+0x3e/0x50\n...\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0xa4/0x210\n ? devl_assert_locked+0x3e/0x50\n ? report_bug+0x160/0x280\n ? handle_bug+0x3f/0x80\n ? exc_invalid_op+0x17/0x40\n ? asm_exc_invalid_op+0x1a/0x20\n ? devl_assert_locked+0x3e/0x50\n devlink_notify+0x88/0x2b0\n ? mlx5_attach_device+0x20c/0x230 [mlx5_core]\n ? __pfx_devlink_notify+0x10/0x10\n ? process_one_work+0x4b6/0xbb0\n process_one_work+0x4b6/0xbb0\n[...]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42268",
"url": "https://www.suse.com/security/cve/CVE-2024-42268"
},
{
"category": "external",
"summary": "SUSE Bug 1229391 for CVE-2024-42268",
"url": "https://bugzilla.suse.com/1229391"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42268"
},
{
"cve": "CVE-2024-42269",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42269"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().\n\nip6table_nat_table_init() accesses net-\u003egen-\u003eptr[ip6table_nat_net_ops.id],\nbut the function is exposed to user space before the entry is allocated\nvia register_pernet_subsys().\n\nLet\u0027s call register_pernet_subsys() before xt_register_template().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42269",
"url": "https://www.suse.com/security/cve/CVE-2024-42269"
},
{
"category": "external",
"summary": "SUSE Bug 1229402 for CVE-2024-42269",
"url": "https://bugzilla.suse.com/1229402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42269"
},
{
"cve": "CVE-2024-42270",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42270"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().\n\nWe had a report that iptables-restore sometimes triggered null-ptr-deref\nat boot time. [0]\n\nThe problem is that iptable_nat_table_init() is exposed to user space\nbefore the kernel fully initialises netns.\n\nIn the small race window, a user could call iptable_nat_table_init()\nthat accesses net_generic(net, iptable_nat_net_id), which is available\nonly after registering iptable_nat_net_ops.\n\nLet\u0027s call register_pernet_subsys() before xt_register_template().\n\n[0]:\nbpfilter: Loaded bpfilter_umh pid 11702\nStarted bpfilter\nBUG: kernel NULL pointer dereference, address: 0000000000000013\n PF: supervisor write access in kernel mode\n PF: error_code(0x0002) - not-present page\nPGD 0 P4D 0\nPREEMPT SMP NOPTI\nCPU: 2 PID: 11879 Comm: iptables-restor Not tainted 6.1.92-99.174.amzn2023.x86_64 #1\nHardware name: Amazon EC2 c6i.4xlarge/, BIOS 1.0 10/16/2017\nRIP: 0010:iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\nCode: 10 4c 89 f6 48 89 ef e8 0b 19 bb ff 41 89 c4 85 c0 75 38 41 83 c7 01 49 83 c6 28 41 83 ff 04 75 dc 48 8b 44 24 08 48 8b 0c 24 \u003c48\u003e 89 08 4c 89 ef e8 a2 3b a2 cf 48 83 c4 10 44 89 e0 5b 5d 41 5c\nRSP: 0018:ffffbef902843cd0 EFLAGS: 00010246\nRAX: 0000000000000013 RBX: ffff9f4b052caa20 RCX: ffff9f4b20988d80\nRDX: 0000000000000000 RSI: 0000000000000064 RDI: ffffffffc04201c0\nRBP: ffff9f4b29394000 R08: ffff9f4b07f77258 R09: ffff9f4b07f77240\nR10: 0000000000000000 R11: ffff9f4b09635388 R12: 0000000000000000\nR13: ffff9f4b1a3c6c00 R14: ffff9f4b20988e20 R15: 0000000000000004\nFS: 00007f6284340000(0000) GS:ffff9f51fe280000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000013 CR3: 00000001d10a6005 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? xt_find_table_lock (net/netfilter/x_tables.c:1259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? page_fault_oops (arch/x86/mm/fault.c:727)\n ? exc_page_fault (./arch/x86/include/asm/irqflags.h:40 ./arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1470 arch/x86/mm/fault.c:1518)\n ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570)\n ? iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat\n xt_find_table_lock (net/netfilter/x_tables.c:1259)\n xt_request_find_table_lock (net/netfilter/x_tables.c:1287)\n get_info (net/ipv4/netfilter/ip_tables.c:965)\n ? security_capable (security/security.c:809 (discriminator 13))\n ? ns_capable (kernel/capability.c:376 kernel/capability.c:397)\n ? do_ipt_get_ctl (net/ipv4/netfilter/ip_tables.c:1656)\n ? bpfilter_send_req (net/bpfilter/bpfilter_kern.c:52) bpfilter\n nf_getsockopt (net/netfilter/nf_sockopt.c:116)\n ip_getsockopt (net/ipv4/ip_sockglue.c:1827)\n __sys_getsockopt (net/socket.c:2327)\n __x64_sys_getsockopt (net/socket.c:2342 net/socket.c:2339 net/socket.c:2339)\n do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:81)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:121)\nRIP: 0033:0x7f62844685ee\nCode: 48 8b 0d 45 28 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 09\nRSP: 002b:00007ffd1f83d638 EFLAGS: 00000246 ORIG_RAX: 0000000000000037\nRAX: ffffffffffffffda RBX: 00007ffd1f83d680 RCX: 00007f62844685ee\nRDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004\nRBP: 0000000000000004 R08: 00007ffd1f83d670 R09: 0000558798ffa2a0\nR10: 00007ffd1f83d680 R11: 0000000000000246 R12: 00007ffd1f83e3b2\nR13: 00007f6284\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42270",
"url": "https://www.suse.com/security/cve/CVE-2024-42270"
},
{
"category": "external",
"summary": "SUSE Bug 1229404 for CVE-2024-42270",
"url": "https://bugzilla.suse.com/1229404"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42270"
},
{
"cve": "CVE-2024-42271",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42271"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/iucv: fix use after free in iucv_sock_close()\n\niucv_sever_path() is called from process context and from bh context.\niucv-\u003epath is used as indicator whether somebody else is taking care of\nsevering the path (or it is already removed / never existed).\nThis needs to be done with atomic compare and swap, otherwise there is a\nsmall window where iucv_sock_close() will try to work with a path that has\nalready been severed and freed by iucv_callback_connrej() called by\niucv_tasklet_fn().\n\nExample:\n[452744.123844] Call Trace:\n[452744.123845] ([\u003c0000001e87f03880\u003e] 0x1e87f03880)\n[452744.123966] [\u003c00000000d593001e\u003e] iucv_path_sever+0x96/0x138\n[452744.124330] [\u003c000003ff801ddbca\u003e] iucv_sever_path+0xc2/0xd0 [af_iucv]\n[452744.124336] [\u003c000003ff801e01b6\u003e] iucv_sock_close+0xa6/0x310 [af_iucv]\n[452744.124341] [\u003c000003ff801e08cc\u003e] iucv_sock_release+0x3c/0xd0 [af_iucv]\n[452744.124345] [\u003c00000000d574794e\u003e] __sock_release+0x5e/0xe8\n[452744.124815] [\u003c00000000d5747a0c\u003e] sock_close+0x34/0x48\n[452744.124820] [\u003c00000000d5421642\u003e] __fput+0xba/0x268\n[452744.124826] [\u003c00000000d51b382c\u003e] task_work_run+0xbc/0xf0\n[452744.124832] [\u003c00000000d5145710\u003e] do_notify_resume+0x88/0x90\n[452744.124841] [\u003c00000000d5978096\u003e] system_call+0xe2/0x2c8\n[452744.125319] Last Breaking-Event-Address:\n[452744.125321] [\u003c00000000d5930018\u003e] iucv_path_sever+0x90/0x138\n[452744.125324]\n[452744.125325] Kernel panic - not syncing: Fatal exception in interrupt\n\nNote that bh_lock_sock() is not serializing the tasklet context against\nprocess context, because the check for sock_owned_by_user() and\ncorresponding handling is missing.\n\nIdeas for a future clean-up patch:\nA) Correct usage of bh_lock_sock() in tasklet context, as described in\nRe-enqueue, if needed. This may require adding return values to the\ntasklet functions and thus changes to all users of iucv.\n\nB) Change iucv tasklet into worker and use only lock_sock() in af_iucv.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42271",
"url": "https://www.suse.com/security/cve/CVE-2024-42271"
},
{
"category": "external",
"summary": "SUSE Bug 1229400 for CVE-2024-42271",
"url": "https://bugzilla.suse.com/1229400"
},
{
"category": "external",
"summary": "SUSE Bug 1229401 for CVE-2024-42271",
"url": "https://bugzilla.suse.com/1229401"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-42271"
},
{
"cve": "CVE-2024-42274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"ALSA: firewire-lib: operate for period elapse event in process context\"\n\nCommit 7ba5ca32fe6e (\"ALSA: firewire-lib: operate for period elapse event\nin process context\") removed the process context workqueue from\namdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove\nits overhead.\n\nWith RME Fireface 800, this lead to a regression since\nKernels 5.14.0, causing an AB/BA deadlock competition for the\nsubstream lock with eventual system freeze under ALSA operation:\n\nthread 0:\n * (lock A) acquire substream lock by\n\tsnd_pcm_stream_lock_irq() in\n\tsnd_pcm_status64()\n * (lock B) wait for tasklet to finish by calling\n \ttasklet_unlock_spin_wait() in\n\ttasklet_disable_in_atomic() in\n\tohci_flush_iso_completions() of ohci.c\n\nthread 1:\n * (lock B) enter tasklet\n * (lock A) attempt to acquire substream lock,\n \twaiting for it to be released:\n\tsnd_pcm_stream_lock_irqsave() in\n \tsnd_pcm_period_elapsed() in\n\tupdate_pcm_pointers() in\n\tprocess_ctx_payloads() in\n\tprocess_rx_packets() of amdtp-stream.c\n\n? tasklet_unlock_spin_wait\n \u003c/NMI\u003e\n \u003cTASK\u003e\nohci_flush_iso_completions firewire_ohci\namdtp_domain_stream_pcm_pointer snd_firewire_lib\nsnd_pcm_update_hw_ptr0 snd_pcm\nsnd_pcm_status64 snd_pcm\n\n? native_queued_spin_lock_slowpath\n \u003c/NMI\u003e\n \u003cIRQ\u003e\n_raw_spin_lock_irqsave\nsnd_pcm_period_elapsed snd_pcm\nprocess_rx_packets snd_firewire_lib\nirq_target_callback snd_firewire_lib\nhandle_it_packet firewire_ohci\ncontext_tasklet firewire_ohci\n\nRestore the process context work queue to prevent deadlock\nAB/BA deadlock competition for ALSA substream lock of\nsnd_pcm_stream_lock_irq() in snd_pcm_status64()\nand snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed().\n\nrevert commit 7ba5ca32fe6e (\"ALSA: firewire-lib: operate for period\nelapse event in process context\")\n\nReplace inline description to prevent future deadlock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42274",
"url": "https://www.suse.com/security/cve/CVE-2024-42274"
},
{
"category": "external",
"summary": "SUSE Bug 1229417 for CVE-2024-42274",
"url": "https://bugzilla.suse.com/1229417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42274"
},
{
"cve": "CVE-2024-42276",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42276"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: add missing condition check for existence of mapped data\n\nnvme_map_data() is called when request has physical segments, hence\nthe nvme_unmap_data() should have same condition to avoid dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42276",
"url": "https://www.suse.com/security/cve/CVE-2024-42276"
},
{
"category": "external",
"summary": "SUSE Bug 1229410 for CVE-2024-42276",
"url": "https://bugzilla.suse.com/1229410"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42276"
},
{
"cve": "CVE-2024-42277",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42277"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: sprd: Avoid NULL deref in sprd_iommu_hw_en\n\nIn sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()\ndom-\u003esdev is equal to NULL, which leads to null dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42277",
"url": "https://www.suse.com/security/cve/CVE-2024-42277"
},
{
"category": "external",
"summary": "SUSE Bug 1229409 for CVE-2024-42277",
"url": "https://bugzilla.suse.com/1229409"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42277"
},
{
"cve": "CVE-2024-42278",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42278"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: TAS2781: Fix tasdev_load_calibrated_data()\n\nThis function has a reversed if statement so it\u0027s either a no-op or it\nleads to a NULL dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42278",
"url": "https://www.suse.com/security/cve/CVE-2024-42278"
},
{
"category": "external",
"summary": "SUSE Bug 1229403 for CVE-2024-42278",
"url": "https://bugzilla.suse.com/1229403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42278"
},
{
"cve": "CVE-2024-42279",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42279"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer\n\nWhile transmitting with rx_len == 0, the RX FIFO is not going to be\nemptied in the interrupt handler. A subsequent transfer could then\nread crap from the previous transfer out of the RX FIFO into the\nstart RX buffer. The core provides a register that will empty the RX and\nTX FIFOs, so do that before each transfer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42279",
"url": "https://www.suse.com/security/cve/CVE-2024-42279"
},
{
"category": "external",
"summary": "SUSE Bug 1229390 for CVE-2024-42279",
"url": "https://bugzilla.suse.com/1229390"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42279"
},
{
"cve": "CVE-2024-42280",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42280"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: Fix a use after free in hfcmulti_tx()\n\nDon\u0027t dereference *sp after calling dev_kfree_skb(*sp).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42280",
"url": "https://www.suse.com/security/cve/CVE-2024-42280"
},
{
"category": "external",
"summary": "SUSE Bug 1229388 for CVE-2024-42280",
"url": "https://bugzilla.suse.com/1229388"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42280"
},
{
"cve": "CVE-2024-42281",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42281"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a segment issue when downgrading gso_size\n\nLinearize the skb when downgrading gso_size because it may trigger a\nBUG_ON() later when the skb is segmented as described in [1,2].",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42281",
"url": "https://www.suse.com/security/cve/CVE-2024-42281"
},
{
"category": "external",
"summary": "SUSE Bug 1229386 for CVE-2024-42281",
"url": "https://bugzilla.suse.com/1229386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42281"
},
{
"cve": "CVE-2024-42283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42283"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: Initialize all fields in dumped nexthops\n\nstruct nexthop_grp contains two reserved fields that are not initialized by\nnla_put_nh_group(), and carry garbage. This can be observed e.g. with\nstrace (edited for clarity):\n\n # ip nexthop add id 1 dev lo\n # ip nexthop add id 101 group 1\n # strace -e recvmsg ip nexthop get id 101\n ...\n recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},\n [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52\n\nThe fields are reserved and therefore not currently used. But as they are, they\nleak kernel memory, and the fact they are not just zero complicates repurposing\nof the fields for new ends. Initialize the full structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42283",
"url": "https://www.suse.com/security/cve/CVE-2024-42283"
},
{
"category": "external",
"summary": "SUSE Bug 1229383 for CVE-2024-42283",
"url": "https://bugzilla.suse.com/1229383"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42283"
},
{
"cve": "CVE-2024-42284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Return non-zero value from tipc_udp_addr2str() on error\n\ntipc_udp_addr2str() should return non-zero value if the UDP media\naddress is invalid. Otherwise, a buffer overflow access can occur in\ntipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP\nmedia address.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42284",
"url": "https://www.suse.com/security/cve/CVE-2024-42284"
},
{
"category": "external",
"summary": "SUSE Bug 1229382 for CVE-2024-42284",
"url": "https://bugzilla.suse.com/1229382"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42284"
},
{
"cve": "CVE-2024-42285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix a use-after-free related to destroying CM IDs\n\niw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with\nan existing struct iw_cm_id (cm_id) as follows:\n\n conn_id-\u003ecm_id.iw = cm_id;\n cm_id-\u003econtext = conn_id;\n cm_id-\u003ecm_handler = cma_iw_handler;\n\nrdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make\nsure that cm_work_handler() does not trigger a use-after-free by only\nfreeing of the struct rdma_id_private after all pending work has finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42285",
"url": "https://www.suse.com/security/cve/CVE-2024-42285"
},
{
"category": "external",
"summary": "SUSE Bug 1229381 for CVE-2024-42285",
"url": "https://bugzilla.suse.com/1229381"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42285"
},
{
"cve": "CVE-2024-42286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42286"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: validate nvme_local_port correctly\n\nThe driver load failed with error message,\n\nqla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef\n\nand with a kernel crash,\n\n\tBUG: unable to handle kernel NULL pointer dereference at 0000000000000070\n\tWorkqueue: events_unbound qla_register_fcport_fn [qla2xxx]\n\tRIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc]\n\tRSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282\n\tRAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000\n\tRDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000\n\tRBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030\n\tR10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4\n\tR13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8\n\tFS: 0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000\n\tCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\tCR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0\n\tCall Trace:\n\tqla_nvme_register_remote+0xeb/0x1f0 [qla2xxx]\n\t? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx]\n\tqla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx]\n\tqla_register_fcport_fn+0x54/0xc0 [qla2xxx]\n\nExit the qla_nvme_register_remote() function when qla_nvme_register_hba()\nfails and correctly validate nvme_local_port.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42286",
"url": "https://www.suse.com/security/cve/CVE-2024-42286"
},
{
"category": "external",
"summary": "SUSE Bug 1229395 for CVE-2024-42286",
"url": "https://bugzilla.suse.com/1229395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42286"
},
{
"cve": "CVE-2024-42287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42287"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Complete command early within lock\n\nA crash was observed while performing NPIV and FW reset,\n\n BUG: kernel NULL pointer dereference, address: 000000000000001c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 1 PREEMPT_RT SMP NOPTI\n RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002\n RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0\n RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034\n R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000\n R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000\n FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x16f/0x4a0\n ? do_user_addr_fault+0x174/0x7f0\n ? exc_page_fault+0x69/0x1a0\n ? asm_exc_page_fault+0x22/0x30\n ? dma_direct_unmap_sg+0x51/0x1e0\n ? preempt_count_sub+0x96/0xe0\n qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx]\n qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx]\n __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx]\n\nThe command completion was done early while aborting the commands in driver\nunload path but outside lock to avoid the WARN_ON condition of performing\ndma_free_attr within the lock. However this caused race condition while\ncommand completion via multiple paths causing system crash.\n\nHence complete the command early in unload path but within the lock to\navoid race condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42287",
"url": "https://www.suse.com/security/cve/CVE-2024-42287"
},
{
"category": "external",
"summary": "SUSE Bug 1229392 for CVE-2024-42287",
"url": "https://bugzilla.suse.com/1229392"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42287"
},
{
"cve": "CVE-2024-42288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42288"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix for possible memory corruption\n\nInit Control Block is dereferenced incorrectly. Correctly dereference ICB",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42288",
"url": "https://www.suse.com/security/cve/CVE-2024-42288"
},
{
"category": "external",
"summary": "SUSE Bug 1229398 for CVE-2024-42288",
"url": "https://bugzilla.suse.com/1229398"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42288"
},
{
"cve": "CVE-2024-42289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42289"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: During vport delete send async logout explicitly\n\nDuring vport delete, it is observed that during unload we hit a crash\nbecause of stale entries in outstanding command array. For all these stale\nI/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but\nI/Os could not complete while vport delete is in process of deleting.\n\n BUG: kernel NULL pointer dereference, address: 000000000000001c\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n Workqueue: qla2xxx_wq qla_do_work [qla2xxx]\n RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\n RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001\n RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0\n RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8\n R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000\n R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0\n Call Trace:\n \u003cTASK\u003e\n qla2xxx_qpair_sp_free_dma+0x417/0x4e0\n ? qla2xxx_qpair_sp_compl+0x10d/0x1a0\n ? qla2x00_status_entry+0x768/0x2830\n ? newidle_balance+0x2f0/0x430\n ? dequeue_entity+0x100/0x3c0\n ? qla24xx_process_response_queue+0x6a1/0x19e0\n ? __schedule+0x2d5/0x1140\n ? qla_do_work+0x47/0x60\n ? process_one_work+0x267/0x440\n ? process_one_work+0x440/0x440\n ? worker_thread+0x2d/0x3d0\n ? process_one_work+0x440/0x440\n ? kthread+0x156/0x180\n ? set_kthread_struct+0x50/0x50\n ? ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\nSend out async logout explicitly for all the ports during vport delete.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42289",
"url": "https://www.suse.com/security/cve/CVE-2024-42289"
},
{
"category": "external",
"summary": "SUSE Bug 1229399 for CVE-2024-42289",
"url": "https://bugzilla.suse.com/1229399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42289"
},
{
"cve": "CVE-2024-42290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/imx-irqsteer: Handle runtime power management correctly\n\nThe power domain is automatically activated from clk_prepare(). However, on\ncertain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes\nsleeping functions, which triggers the \u0027scheduling while atomic\u0027 bug in the\ncontext switch path during device probing:\n\n BUG: scheduling while atomic: kworker/u13:1/48/0x00000002\n Call trace:\n __schedule_bug+0x54/0x6c\n __schedule+0x7f0/0xa94\n schedule+0x5c/0xc4\n schedule_preempt_disabled+0x24/0x40\n __mutex_lock.constprop.0+0x2c0/0x540\n __mutex_lock_slowpath+0x14/0x20\n mutex_lock+0x48/0x54\n clk_prepare_lock+0x44/0xa0\n clk_prepare+0x20/0x44\n imx_irqsteer_resume+0x28/0xe0\n pm_generic_runtime_resume+0x2c/0x44\n __genpd_runtime_resume+0x30/0x80\n genpd_runtime_resume+0xc8/0x2c0\n __rpm_callback+0x48/0x1d8\n rpm_callback+0x6c/0x78\n rpm_resume+0x490/0x6b4\n __pm_runtime_resume+0x50/0x94\n irq_chip_pm_get+0x2c/0xa0\n __irq_do_set_handler+0x178/0x24c\n irq_set_chained_handler_and_data+0x60/0xa4\n mxc_gpio_probe+0x160/0x4b0\n\nCure this by implementing the irq_bus_lock/sync_unlock() interrupt chip\ncallbacks and handle power management in them as they are invoked from\nnon-atomic context.\n\n[ tglx: Rewrote change log, added Fixes tag ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42290",
"url": "https://www.suse.com/security/cve/CVE-2024-42290"
},
{
"category": "external",
"summary": "SUSE Bug 1229379 for CVE-2024-42290",
"url": "https://bugzilla.suse.com/1229379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42290"
},
{
"cve": "CVE-2024-42291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42291"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add a per-VF limit on number of FDIR filters\n\nWhile the iavf driver adds a s/w limit (128) on the number of FDIR\nfilters that the VF can request, a malicious VF driver can request more\nthan that and exhaust the resources for other VFs.\n\nAdd a similar limit in ice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42291",
"url": "https://www.suse.com/security/cve/CVE-2024-42291"
},
{
"category": "external",
"summary": "SUSE Bug 1229374 for CVE-2024-42291",
"url": "https://bugzilla.suse.com/1229374"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42291"
},
{
"cve": "CVE-2024-42292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkobject_uevent: Fix OOB access within zap_modalias_env()\n\nzap_modalias_env() wrongly calculates size of memory block to move, so\nwill cause OOB memory access issue if variable MODALIAS is not the last\none within its @env parameter, fixed by correcting size to memmove.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42292",
"url": "https://www.suse.com/security/cve/CVE-2024-42292"
},
{
"category": "external",
"summary": "SUSE Bug 1229373 for CVE-2024-42292",
"url": "https://bugzilla.suse.com/1229373"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42292"
},
{
"cve": "CVE-2024-42295",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42295"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: handle inconsistent state in nilfs_btnode_create_block()\n\nSyzbot reported that a buffer state inconsistency was detected in\nnilfs_btnode_create_block(), triggering a kernel bug.\n\nIt is not appropriate to treat this inconsistency as a bug; it can occur\nif the argument block address (the buffer index of the newly created\nblock) is a virtual block number and has been reallocated due to\ncorruption of the bitmap used to manage its allocation state.\n\nSo, modify nilfs_btnode_create_block() and its callers to treat it as a\npossible filesystem error, rather than triggering a kernel bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42295",
"url": "https://www.suse.com/security/cve/CVE-2024-42295"
},
{
"category": "external",
"summary": "SUSE Bug 1229370 for CVE-2024-42295",
"url": "https://bugzilla.suse.com/1229370"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42295"
},
{
"cve": "CVE-2024-42298",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42298"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked.\n\nFix this lack and check the returned value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42298",
"url": "https://www.suse.com/security/cve/CVE-2024-42298"
},
{
"category": "external",
"summary": "SUSE Bug 1229369 for CVE-2024-42298",
"url": "https://bugzilla.suse.com/1229369"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42298"
},
{
"cve": "CVE-2024-42301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42301"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndev/parport: fix the array out-of-bounds risk\n\nFixed array out-of-bounds issues caused by sprintf\nby replacing it with snprintf for safer data copying,\nensuring the destination buffer is not overflowed.\n\nBelow is the stack trace I encountered during the actual issue:\n\n[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:\nKernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport]\n[ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:\nQThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2\n[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp\n[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun\nPGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024\n[ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace:\n[ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0\n[ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20\n[ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c\n[ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc\n[ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38\n[ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42301",
"url": "https://www.suse.com/security/cve/CVE-2024-42301"
},
{
"category": "external",
"summary": "SUSE Bug 1229407 for CVE-2024-42301",
"url": "https://bugzilla.suse.com/1229407"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42301"
},
{
"cve": "CVE-2024-42302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/DPC: Fix use-after-free on concurrent DPC and hot-removal\n\nKeith reports a use-after-free when a DPC event occurs concurrently to\nhot-removal of the same portion of the hierarchy:\n\nThe dpc_handler() awaits readiness of the secondary bus below the\nDownstream Port where the DPC event occurred. To do so, it polls the\nconfig space of the first child device on the secondary bus. If that\nchild device is concurrently removed, accesses to its struct pci_dev\ncause the kernel to oops.\n\nThat\u0027s because pci_bridge_wait_for_secondary_bus() neglects to hold a\nreference on the child device. Before v6.3, the function was only\ncalled on resume from system sleep or on runtime resume. Holding a\nreference wasn\u0027t necessary back then because the pciehp IRQ thread\ncould never run concurrently. (On resume from system sleep, IRQs are\nnot enabled until after the resume_noirq phase. And runtime resume is\nalways awaited before a PCI device is removed.)\n\nHowever starting with v6.3, pci_bridge_wait_for_secondary_bus() is also\ncalled on a DPC event. Commit 53b54ad074de (\"PCI/DPC: Await readiness\nof secondary bus after reset\"), which introduced that, failed to\nappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a\nreference on the child device because dpc_handler() and pciehp may\nindeed run concurrently. The commit was backported to v5.10+ stable\nkernels, so that\u0027s the oldest one affected.\n\nAdd the missing reference acquisition.\n\nAbridged stack trace:\n\n BUG: unable to handle page fault for address: 00000000091400c0\n CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0\n RIP: pci_bus_read_config_dword+0x17/0x50\n pci_dev_wait()\n pci_bridge_wait_for_secondary_bus()\n dpc_reset_link()\n pcie_do_recovery()\n dpc_handler()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42302",
"url": "https://www.suse.com/security/cve/CVE-2024-42302"
},
{
"category": "external",
"summary": "SUSE Bug 1229366 for CVE-2024-42302",
"url": "https://bugzilla.suse.com/1229366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42302"
},
{
"cve": "CVE-2024-42303",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42303"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-pxp: Fix ERR_PTR dereference in pxp_probe()\n\ndevm_regmap_init_mmio() can fail, add a check and bail out in case of\nerror.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42303",
"url": "https://www.suse.com/security/cve/CVE-2024-42303"
},
{
"category": "external",
"summary": "SUSE Bug 1229365 for CVE-2024-42303",
"url": "https://bugzilla.suse.com/1229365"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42303"
},
{
"cve": "CVE-2024-42308",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42308"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42308",
"url": "https://www.suse.com/security/cve/CVE-2024-42308"
},
{
"category": "external",
"summary": "SUSE Bug 1229411 for CVE-2024-42308",
"url": "https://bugzilla.suse.com/1229411"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42308"
},
{
"cve": "CVE-2024-42309",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42309"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes\n\nIn psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42309",
"url": "https://www.suse.com/security/cve/CVE-2024-42309"
},
{
"category": "external",
"summary": "SUSE Bug 1229359 for CVE-2024-42309",
"url": "https://bugzilla.suse.com/1229359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42309"
},
{
"cve": "CVE-2024-42310",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42310"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes\n\nIn cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate(). Add a check to avoid npd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42310",
"url": "https://www.suse.com/security/cve/CVE-2024-42310"
},
{
"category": "external",
"summary": "SUSE Bug 1229358 for CVE-2024-42310",
"url": "https://bugzilla.suse.com/1229358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42310"
},
{
"cve": "CVE-2024-42311",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42311"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()\n\nSyzbot reports uninitialized value access issue as below:\n\nloop0: detected capacity change from 0 to 64\n=====================================================\nBUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30\n d_revalidate fs/namei.c:862 [inline]\n lookup_fast+0x89e/0x8e0 fs/namei.c:1649\n walk_component fs/namei.c:2001 [inline]\n link_path_walk+0x817/0x1480 fs/namei.c:2332\n path_lookupat+0xd9/0x6f0 fs/namei.c:2485\n filename_lookup+0x22e/0x740 fs/namei.c:2515\n user_path_at_empty+0x8b/0x390 fs/namei.c:2924\n user_path_at include/linux/namei.h:57 [inline]\n do_mount fs/namespace.c:3689 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x66b/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nBUG: KMSAN: uninit-value in hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\nBUG: KMSAN: uninit-value in hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n hfs_ext_read_extent fs/hfs/extent.c:196 [inline]\n hfs_get_block+0x92d/0x1620 fs/hfs/extent.c:366\n block_read_full_folio+0x4ff/0x11b0 fs/buffer.c:2271\n hfs_read_folio+0x55/0x60 fs/hfs/inode.c:39\n filemap_read_folio+0x148/0x4f0 mm/filemap.c:2426\n do_read_cache_folio+0x7c8/0xd90 mm/filemap.c:3553\n do_read_cache_page mm/filemap.c:3595 [inline]\n read_cache_page+0xfb/0x2f0 mm/filemap.c:3604\n read_mapping_page include/linux/pagemap.h:755 [inline]\n hfs_btree_open+0x928/0x1ae0 fs/hfs/btree.c:78\n hfs_mdb_get+0x260c/0x3000 fs/hfs/mdb.c:204\n hfs_fill_super+0x1fb1/0x2790 fs/hfs/super.c:406\n mount_bdev+0x628/0x920 fs/super.c:1359\n hfs_mount+0xcd/0xe0 fs/hfs/super.c:456\n legacy_get_tree+0x167/0x2e0 fs/fs_context.c:610\n vfs_get_tree+0xdc/0x5d0 fs/super.c:1489\n do_new_mount+0x7a9/0x16f0 fs/namespace.c:3145\n path_mount+0xf98/0x26a0 fs/namespace.c:3475\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x919/0x9e0 fs/namespace.c:3674\n __ia32_sys_mount+0x15b/0x1b0 fs/namespace.c:3674\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nUninit was created at:\n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2190 [inline]\n allocate_slab mm/slub.c:2354 [inline]\n new_slab+0x2d7/0x1400 mm/slub.c:2407\n ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540\n __slab_alloc mm/slub.c:3625 [inline]\n __slab_alloc_node mm/slub.c:3678 [inline]\n slab_alloc_node mm/slub.c:3850 [inline]\n kmem_cache_alloc_lru+0x64d/0xb30 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3018 [inline]\n hfs_alloc_inode+0x5a/0xc0 fs/hfs/super.c:165\n alloc_inode+0x83/0x440 fs/inode.c:260\n new_inode_pseudo fs/inode.c:1005 [inline]\n new_inode+0x38/0x4f0 fs/inode.c:1031\n hfs_new_inode+0x61/0x1010 fs/hfs/inode.c:186\n hfs_mkdir+0x54/0x250 fs/hfs/dir.c:228\n vfs_mkdir+0x49a/0x700 fs/namei.c:4126\n do_mkdirat+0x529/0x810 fs/namei.c:4149\n __do_sys_mkdirat fs/namei.c:4164 [inline]\n __se_sys_mkdirat fs/namei.c:4162 [inline]\n __x64_sys_mkdirat+0xc8/0x120 fs/namei.c:4162\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nIt missed to initialize .tz_secondswest, .cached_start and .cached_blocks\nfields in struct hfs_inode_info after hfs_alloc_inode(), fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42311",
"url": "https://www.suse.com/security/cve/CVE-2024-42311"
},
{
"category": "external",
"summary": "SUSE Bug 1229413 for CVE-2024-42311",
"url": "https://bugzilla.suse.com/1229413"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42311"
},
{
"cve": "CVE-2024-42312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42312"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: always initialize i_uid/i_gid\n\nAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()\ncan safely skip setting them.\n\nCommit 5ec27ec735ba (\"fs/proc/proc_sysctl.c: fix the default values of\ni_uid/i_gid on /proc/sys inodes.\") added defaults for i_uid/i_gid when\nset_ownership() was not implemented. It also missed adjusting\nnet_ctl_set_ownership() to use the same default values in case the\ncomputation of a better value failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42312",
"url": "https://www.suse.com/security/cve/CVE-2024-42312"
},
{
"category": "external",
"summary": "SUSE Bug 1229357 for CVE-2024-42312",
"url": "https://bugzilla.suse.com/1229357"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42312"
},
{
"cve": "CVE-2024-42313",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42313"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free in vdec_close\n\nThere appears to be a possible use after free with vdec_close().\nThe firmware will add buffer release work to the work queue through\nHFI callbacks as a normal part of decoding. Randomly closing the\ndecoder device from userspace during normal decoding can incur\na read after free for inst.\n\nFix it by cancelling the work in vdec_close.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42313",
"url": "https://www.suse.com/security/cve/CVE-2024-42313"
},
{
"category": "external",
"summary": "SUSE Bug 1229356 for CVE-2024-42313",
"url": "https://bugzilla.suse.com/1229356"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42313"
},
{
"cve": "CVE-2024-42314",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42314"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix extent map use-after-free when adding pages to compressed bio\n\nAt add_ra_bio_pages() we are accessing the extent map to calculate\n\u0027add_size\u0027 after we dropped our reference on the extent map, resulting\nin a use-after-free. Fix this by computing \u0027add_size\u0027 before dropping our\nextent map reference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42314",
"url": "https://www.suse.com/security/cve/CVE-2024-42314"
},
{
"category": "external",
"summary": "SUSE Bug 1229355 for CVE-2024-42314",
"url": "https://bugzilla.suse.com/1229355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42314"
},
{
"cve": "CVE-2024-42315",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42315"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix potential deadlock on __exfat_get_dentry_set\n\nWhen accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array\nis allocated in __exfat_get_entry_set. The problem is that the bh-array is\nallocated with GFP_KERNEL. It does not make sense. In the following cases,\na deadlock for sbi-\u003es_lock between the two processes may occur.\n\n CPU0 CPU1\n ---- ----\n kswapd\n balance_pgdat\n lock(fs_reclaim)\n exfat_iterate\n lock(\u0026sbi-\u003es_lock)\n exfat_readdir\n exfat_get_uniname_from_ext_entry\n exfat_get_dentry_set\n __exfat_get_dentry_set\n kmalloc_array\n ...\n lock(fs_reclaim)\n ...\n evict\n exfat_evict_inode\n lock(\u0026sbi-\u003es_lock)\n\nTo fix this, let\u0027s allocate bh-array with GFP_NOFS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42315",
"url": "https://www.suse.com/security/cve/CVE-2024-42315"
},
{
"category": "external",
"summary": "SUSE Bug 1229354 for CVE-2024-42315",
"url": "https://bugzilla.suse.com/1229354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42315"
},
{
"cve": "CVE-2024-42316",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42316"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mglru: fix div-by-zero in vmpressure_calc_level()\n\nevict_folios() uses a second pass to reclaim folios that have gone through\npage writeback and become clean before it finishes the first pass, since\nfolio_rotate_reclaimable() cannot handle those folios due to the\nisolation.\n\nThe second pass tries to avoid potential double counting by deducting\nscan_control-\u003enr_scanned. However, this can result in underflow of\nnr_scanned, under a condition where shrink_folio_list() does not increment\nnr_scanned, i.e., when folio_trylock() fails.\n\nThe underflow can cause the divisor, i.e., scale=scanned+reclaimed in\nvmpressure_calc_level(), to become zero, resulting in the following crash:\n\n [exception RIP: vmpressure_work_fn+101]\n process_one_work at ffffffffa3313f2b\n\nSince scan_control-\u003enr_scanned has no established semantics, the potential\ndouble counting has minimal risks. Therefore, fix the problem by not\ndeducting scan_control-\u003enr_scanned in evict_folios().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42316",
"url": "https://www.suse.com/security/cve/CVE-2024-42316"
},
{
"category": "external",
"summary": "SUSE Bug 1229353 for CVE-2024-42316",
"url": "https://bugzilla.suse.com/1229353"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42316"
},
{
"cve": "CVE-2024-42318",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42318"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Don\u0027t lose track of restrictions on cred_transfer\n\nWhen a process\u0027 cred struct is replaced, this _almost_ always invokes\nthe cred_prepare LSM hook; but in one special case (when\nKEYCTL_SESSION_TO_PARENT updates the parent\u0027s credentials), the\ncred_transfer LSM hook is used instead. Landlock only implements the\ncred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes\nall information on Landlock restrictions to be lost.\n\nThis basically means that a process with the ability to use the fork()\nand keyctl() syscalls can get rid of all Landlock restrictions on\nitself.\n\nFix it by adding a cred_transfer hook that does the same thing as the\nexisting cred_prepare hook. (Implemented by having hook_cred_prepare()\ncall hook_cred_transfer() so that the two functions are less likely to\naccidentally diverge in the future.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42318",
"url": "https://www.suse.com/security/cve/CVE-2024-42318"
},
{
"category": "external",
"summary": "SUSE Bug 1229351 for CVE-2024-42318",
"url": "https://bugzilla.suse.com/1229351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42318"
},
{
"cve": "CVE-2024-42319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42319"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()\n\nWhen mtk-cmdq unbinds, a WARN_ON message with condition\npm_runtime_get_sync() \u003c 0 occurs.\n\nAccording to the call tracei below:\n cmdq_mbox_shutdown\n mbox_free_channel\n mbox_controller_unregister\n __devm_mbox_controller_unregister\n ...\n\nThe root cause can be deduced to be calling pm_runtime_get_sync() after\ncalling pm_runtime_disable() as observed below:\n1. CMDQ driver uses devm_mbox_controller_register() in cmdq_probe()\n to bind the cmdq device to the mbox_controller, so\n devm_mbox_controller_unregister() will automatically unregister\n the device bound to the mailbox controller when the device-managed\n resource is removed. That means devm_mbox_controller_unregister()\n and cmdq_mbox_shoutdown() will be called after cmdq_remove().\n2. CMDQ driver also uses devm_pm_runtime_enable() in cmdq_probe() after\n devm_mbox_controller_register(), so that devm_pm_runtime_disable()\n will be called after cmdq_remove(), but before\n devm_mbox_controller_unregister().\n\nTo fix this problem, cmdq_probe() needs to move\ndevm_mbox_controller_register() after devm_pm_runtime_enable() to make\ndevm_pm_runtime_disable() be called after\ndevm_mbox_controller_unregister().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42319",
"url": "https://www.suse.com/security/cve/CVE-2024-42319"
},
{
"category": "external",
"summary": "SUSE Bug 1229350 for CVE-2024-42319",
"url": "https://bugzilla.suse.com/1229350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42319"
},
{
"cve": "CVE-2024-42320",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42320"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error checks in dasd_copy_pair_store()\n\ndasd_add_busid() can return an error via ERR_PTR() if an allocation\nfails. However, two callsites in dasd_copy_pair_store() do not check\nthe result, potentially resulting in a NULL pointer dereference. Fix\nthis by checking the result with IS_ERR() and returning the error up\nthe stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42320",
"url": "https://www.suse.com/security/cve/CVE-2024-42320"
},
{
"category": "external",
"summary": "SUSE Bug 1229349 for CVE-2024-42320",
"url": "https://bugzilla.suse.com/1229349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42320"
},
{
"cve": "CVE-2024-42322",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42322"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: properly dereference pe in ip_vs_add_service\n\nUse pe directly to resolve sparse warning:\n\n net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42322",
"url": "https://www.suse.com/security/cve/CVE-2024-42322"
},
{
"category": "external",
"summary": "SUSE Bug 1229347 for CVE-2024-42322",
"url": "https://bugzilla.suse.com/1229347"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-42322"
},
{
"cve": "CVE-2024-43816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43816"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages\n\nOn big endian architectures, it is possible to run into a memory out of\nbounds pointer dereference when FCP targets are zoned.\n\nIn lpfc_prep_embed_io, the memcpy(ptr, fcp_cmnd, sgl-\u003esge_len) is\nreferencing a little endian formatted sgl-\u003esge_len value. So, the memcpy\ncan cause big endian systems to crash.\n\nRedefine the *sgl ptr as a struct sli4_sge_le to make it clear that we are\nreferring to a little endian formatted data structure. And, update the\nroutine with proper le32_to_cpu macro usages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43816",
"url": "https://www.suse.com/security/cve/CVE-2024-43816"
},
{
"category": "external",
"summary": "SUSE Bug 1229318 for CVE-2024-43816",
"url": "https://bugzilla.suse.com/1229318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43816"
},
{
"cve": "CVE-2024-43817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43817"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: missing check virtio\n\nTwo missing check in virtio_net_hdr_to_skb() allowed syzbot\nto crash kernels again\n\n1. After the skb_segment function the buffer may become non-linear\n(nr_frags != 0), but since the SKBTX_SHARED_FRAG flag is not set anywhere\nthe __skb_linearize function will not be executed, then the buffer will\nremain non-linear. Then the condition (offset \u003e= skb_headlen(skb))\nbecomes true, which causes WARN_ON_ONCE in skb_checksum_help.\n\n2. The struct sk_buff and struct virtio_net_hdr members must be\nmathematically related.\n(gso_size) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) must be greater than (needed) otherwise WARN_ON_ONCE.\n(remainder) may be 0 if division is without remainder.\n\noffset+2 (4191) \u003e skb_headlen() (1116)\nWARNING: CPU: 1 PID: 5084 at net/core/dev.c:3303 skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nModules linked in:\nCPU: 1 PID: 5084 Comm: syz-executor336 Not tainted 6.7.0-rc3-syzkaller-00014-gdf60cee26a2e #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nRIP: 0010:skb_checksum_help+0x5e2/0x740 net/core/dev.c:3303\nCode: 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 52 01 00 00 44 89 e2 2b 53 74 4c 89 ee 48 c7 c7 40 57 e9 8b e8 af 8f dd f8 90 \u003c0f\u003e 0b 90 90 e9 87 fe ff ff e8 40 0f 6e f9 e9 4b fa ff ff 48 89 ef\nRSP: 0018:ffffc90003a9f338 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888025125780 RCX: ffffffff814db209\nRDX: ffff888015393b80 RSI: ffffffff814db216 RDI: 0000000000000001\nRBP: ffff8880251257f4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 000000000000045c\nR13: 000000000000105f R14: ffff8880251257f0 R15: 000000000000105d\nFS: 0000555555c24380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000002000f000 CR3: 0000000023151000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ip_do_fragment+0xa1b/0x18b0 net/ipv4/ip_output.c:777\n ip_fragment.constprop.0+0x161/0x230 net/ipv4/ip_output.c:584\n ip_finish_output_gso net/ipv4/ip_output.c:286 [inline]\n __ip_finish_output net/ipv4/ip_output.c:308 [inline]\n __ip_finish_output+0x49c/0x650 net/ipv4/ip_output.c:295\n ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip_output+0x13b/0x2a0 net/ipv4/ip_output.c:433\n dst_output include/net/dst.h:451 [inline]\n ip_local_out+0xaf/0x1a0 net/ipv4/ip_output.c:129\n iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82\n ipip6_tunnel_xmit net/ipv6/sit.c:1034 [inline]\n sit_tunnel_xmit+0xed2/0x28f0 net/ipv6/sit.c:1076\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3545 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3561\n __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4346\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n packet_xmit+0x257/0x380 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x24ca/0x5240 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0xd5/0x180 net/socket.c:745\n __sys_sendto+0x255/0x340 net/socket.c:2190\n __do_sys_sendto net/socket.c:2202 [inline]\n __se_sys_sendto net/socket.c:2198 [inline]\n __x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43817",
"url": "https://www.suse.com/security/cve/CVE-2024-43817"
},
{
"category": "external",
"summary": "SUSE Bug 1229312 for CVE-2024-43817",
"url": "https://bugzilla.suse.com/1229312"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43817"
},
{
"cve": "CVE-2024-43818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: Adjust error handling in case of absent codec device\n\nacpi_get_first_physical_node() can return NULL in several cases (no such\ndevice, ACPI table error, reference count drop to 0, etc).\nExisting check just emit error message, but doesn\u0027t perform return.\nThen this NULL pointer is passed to devm_acpi_dev_add_driver_gpios()\nwhere it is dereferenced.\n\nAdjust this error handling by adding error code return.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43818",
"url": "https://www.suse.com/security/cve/CVE-2024-43818"
},
{
"category": "external",
"summary": "SUSE Bug 1229296 for CVE-2024-43818",
"url": "https://bugzilla.suse.com/1229296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43818"
},
{
"cve": "CVE-2024-43819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkvm: s390: Reject memory region operations for ucontrol VMs\n\nThis change rejects the KVM_SET_USER_MEMORY_REGION and\nKVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM.\nThis is necessary since ucontrol VMs have kvm-\u003earch.gmap set to 0 and\nwould thus result in a null pointer dereference further in.\nMemory management needs to be performed in userspace and using the\nioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP.\n\nAlso improve s390 specific documentation for KVM_SET_USER_MEMORY_REGION\nand KVM_SET_USER_MEMORY_REGION2.\n\n[frankja@linux.ibm.com: commit message spelling fix, subject prefix fix]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43819",
"url": "https://www.suse.com/security/cve/CVE-2024-43819"
},
{
"category": "external",
"summary": "SUSE Bug 1229290 for CVE-2024-43819",
"url": "https://bugzilla.suse.com/1229290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43819"
},
{
"cve": "CVE-2024-43821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix a possible null pointer dereference\n\nIn function lpfc_xcvr_data_show, the memory allocation with kmalloc might\nfail, thereby making rdp_context a null pointer. In the following context\nand functions that use this pointer, there are dereferencing operations,\nleading to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null,\nuse scnprintf to notify the user and return len.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43821",
"url": "https://www.suse.com/security/cve/CVE-2024-43821"
},
{
"category": "external",
"summary": "SUSE Bug 1229315 for CVE-2024-43821",
"url": "https://bugzilla.suse.com/1229315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43821"
},
{
"cve": "CVE-2024-43823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()\n\nIf IORESOURCE_MEM is not provided in Device Tree due to\nany error, resource_list_first_type() will return NULL and\npci_parse_request_of_pci_ranges() will just emit a warning.\n\nThis will cause a NULL pointer dereference. Fix this bug by adding NULL\nreturn check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43823",
"url": "https://www.suse.com/security/cve/CVE-2024-43823"
},
{
"category": "external",
"summary": "SUSE Bug 1229303 for CVE-2024-43823",
"url": "https://bugzilla.suse.com/1229303"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43823"
},
{
"cve": "CVE-2024-43824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43824"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Make use of cached \u0027epc_features\u0027 in pci_epf_test_core_init()\n\nInstead of getting the epc_features from pci_epc_get_features() API, use\nthe cached pci_epf_test::epc_features value to avoid the NULL check. Since\nthe NULL check is already performed in pci_epf_test_bind(), having one more\ncheck in pci_epf_test_core_init() is redundant and it is not possible to\nhit the NULL pointer dereference.\n\nAlso with commit a01e7214bef9 (\"PCI: endpoint: Remove \"core_init_notifier\"\nflag\"), \u0027epc_features\u0027 got dereferenced without the NULL check, leading to\nthe following false positive Smatch warning:\n\n drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed \u0027epc_features\u0027 could be null (see line 747)\n\nThus, remove the redundant NULL check and also use the epc_features::\n{msix_capable/msi_capable} flags directly to avoid local variables.\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43824",
"url": "https://www.suse.com/security/cve/CVE-2024-43824"
},
{
"category": "external",
"summary": "SUSE Bug 1229320 for CVE-2024-43824",
"url": "https://bugzilla.suse.com/1229320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43824"
},
{
"cve": "CVE-2024-43825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43825"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: Fix the sorting functionality in iio_gts_build_avail_time_table\n\nThe sorting in iio_gts_build_avail_time_table is not working as intended.\nIt could result in an out-of-bounds access when the time is zero.\n\nHere are more details:\n\n1. When the gts-\u003eitime_table[i].time_us is zero, e.g., the time\nsequence is `3, 0, 1`, the inner for-loop will not terminate and do\nout-of-bound writes. This is because once `times[j] \u003e new`, the value\n`new` will be added in the current position and the `times[j]` will be\nmoved to `j+1` position, which makes the if-condition always hold.\nMeanwhile, idx will be added one, making the loop keep running without\ntermination and out-of-bound write.\n2. If none of the gts-\u003eitime_table[i].time_us is zero, the elements\nwill just be copied without being sorted as described in the comment\n\"Sort times from all tables to one and remove duplicates\".\n\nFor more details, please refer to\nhttps://lore.kernel.org/all/6dd0d822-046c-4dd2-9532-79d7ab96ec05@gmail.com.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43825",
"url": "https://www.suse.com/security/cve/CVE-2024-43825"
},
{
"category": "external",
"summary": "SUSE Bug 1229298 for CVE-2024-43825",
"url": "https://bugzilla.suse.com/1229298"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43825"
},
{
"cve": "CVE-2024-43826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: pass explicit offset/count to trace events\n\nnfs_folio_length is unsafe to use without having the folio locked and a\ncheck for a NULL -\u003ef_mapping that protects against truncations and can\nlead to kernel crashes. E.g. when running xfstests generic/065 with\nall nfs trace points enabled.\n\nFollow the model of the XFS trace points and pass in an expl\u0456cit offset\nand length. This has the additional benefit that these values can\nbe more accurate as some of the users touch partial folio ranges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43826",
"url": "https://www.suse.com/security/cve/CVE-2024-43826"
},
{
"category": "external",
"summary": "SUSE Bug 1229294 for CVE-2024-43826",
"url": "https://bugzilla.suse.com/1229294"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43826"
},
{
"cve": "CVE-2024-43829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43829"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/qxl: Add check for drm_cvt_mode\n\nAdd check for the return value of drm_cvt_mode() and return the error if\nit fails in order to avoid NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43829",
"url": "https://www.suse.com/security/cve/CVE-2024-43829"
},
{
"category": "external",
"summary": "SUSE Bug 1229341 for CVE-2024-43829",
"url": "https://bugzilla.suse.com/1229341"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43829"
},
{
"cve": "CVE-2024-43830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nleds: trigger: Unregister sysfs attributes before calling deactivate()\n\nTriggers which have trigger specific sysfs attributes typically store\nrelated data in trigger-data allocated by the activate() callback and\nfreed by the deactivate() callback.\n\nCalling device_remove_groups() after calling deactivate() leaves a window\nwhere the sysfs attributes show/store functions could be called after\ndeactivation and then operate on the just freed trigger-data.\n\nMove the device_remove_groups() call to before deactivate() to close\nthis race window.\n\nThis also makes the deactivation path properly do things in reverse order\nof the activation path which calls the activate() callback before calling\ndevice_add_groups().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43830",
"url": "https://www.suse.com/security/cve/CVE-2024-43830"
},
{
"category": "external",
"summary": "SUSE Bug 1229305 for CVE-2024-43830",
"url": "https://bugzilla.suse.com/1229305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43830"
},
{
"cve": "CVE-2024-43831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Handle invalid decoder vsi\n\nHandle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi\nis valid for future use.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43831",
"url": "https://www.suse.com/security/cve/CVE-2024-43831"
},
{
"category": "external",
"summary": "SUSE Bug 1229309 for CVE-2024-43831",
"url": "https://bugzilla.suse.com/1229309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43831"
},
{
"cve": "CVE-2024-43833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43833"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Fix NULL pointer dereference in adding ancillary links\n\nIn v4l2_async_create_ancillary_links(), ancillary links are created for\nlens and flash sub-devices. These are sub-device to sub-device links and\nif the async notifier is related to a V4L2 device, the source sub-device\nof the ancillary link is NULL, leading to a NULL pointer dereference.\nCheck the notifier\u0027s sd field is non-NULL in\nv4l2_async_create_ancillary_links().\n\n[Sakari Ailus: Reword the subject and commit messages slightly.]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43833",
"url": "https://www.suse.com/security/cve/CVE-2024-43833"
},
{
"category": "external",
"summary": "SUSE Bug 1229299 for CVE-2024-43833",
"url": "https://bugzilla.suse.com/1229299"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43833"
},
{
"cve": "CVE-2024-43834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: fix invalid wait context of page_pool_destroy()\n\nIf the driver uses a page pool, it creates a page pool with\npage_pool_create().\nThe reference count of page pool is 1 as default.\nA page pool will be destroyed only when a reference count reaches 0.\npage_pool_destroy() is used to destroy page pool, it decreases a\nreference count.\nWhen a page pool is destroyed, -\u003edisconnect() is called, which is\nmem_allocator_disconnect().\nThis function internally acquires mutex_lock().\n\nIf the driver uses XDP, it registers a memory model with\nxdp_rxq_info_reg_mem_model().\nThe xdp_rxq_info_reg_mem_model() internally increases a page pool\nreference count if a memory model is a page pool.\nNow the reference count is 2.\n\nTo destroy a page pool, the driver should call both page_pool_destroy()\nand xdp_unreg_mem_model().\nThe xdp_unreg_mem_model() internally calls page_pool_destroy().\nOnly page_pool_destroy() decreases a reference count.\n\nIf a driver calls page_pool_destroy() then xdp_unreg_mem_model(), we\nwill face an invalid wait context warning.\nBecause xdp_unreg_mem_model() calls page_pool_destroy() with\nrcu_read_lock().\nThe page_pool_destroy() internally acquires mutex_lock().\n\nSplat looks like:\n=============================\n[ BUG: Invalid wait context ]\n6.10.0-rc6+ #4 Tainted: G W\n-----------------------------\nethtool/1806 is trying to lock:\nffffffff90387b90 (mem_id_lock){+.+.}-{4:4}, at: mem_allocator_disconnect+0x73/0x150\nother info that might help us debug this:\ncontext-{5:5}\n3 locks held by ethtool/1806:\nstack backtrace:\nCPU: 0 PID: 1806 Comm: ethtool Tainted: G W 6.10.0-rc6+ #4 f916f41f172891c800f2fed\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x7e/0xc0\n__lock_acquire+0x1681/0x4de0\n? _printk+0x64/0xe0\n? __pfx_mark_lock.part.0+0x10/0x10\n? __pfx___lock_acquire+0x10/0x10\nlock_acquire+0x1b3/0x580\n? mem_allocator_disconnect+0x73/0x150\n? __wake_up_klogd.part.0+0x16/0xc0\n? __pfx_lock_acquire+0x10/0x10\n? dump_stack_lvl+0x91/0xc0\n__mutex_lock+0x15c/0x1690\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_prb_read_valid+0x10/0x10\n? mem_allocator_disconnect+0x73/0x150\n? __pfx_llist_add_batch+0x10/0x10\n? console_unlock+0x193/0x1b0\n? lockdep_hardirqs_on+0xbe/0x140\n? __pfx___mutex_lock+0x10/0x10\n? tick_nohz_tick_stopped+0x16/0x90\n? __irq_work_queue_local+0x1e5/0x330\n? irq_work_queue+0x39/0x50\n? __wake_up_klogd.part.0+0x79/0xc0\n? mem_allocator_disconnect+0x73/0x150\nmem_allocator_disconnect+0x73/0x150\n? __pfx_mem_allocator_disconnect+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? rcu_is_watching+0x11/0xb0\npage_pool_release+0x36e/0x6d0\npage_pool_destroy+0xd7/0x440\nxdp_unreg_mem_model+0x1a7/0x2a0\n? __pfx_xdp_unreg_mem_model+0x10/0x10\n? kfree+0x125/0x370\n? bnxt_free_ring.isra.0+0x2eb/0x500\n? bnxt_free_mem+0x5ac/0x2500\nxdp_rxq_info_unreg+0x4a/0xd0\nbnxt_free_mem+0x1356/0x2500\nbnxt_close_nic+0xf0/0x3b0\n? __pfx_bnxt_close_nic+0x10/0x10\n? ethnl_parse_bit+0x2c6/0x6d0\n? __pfx___nla_validate_parse+0x10/0x10\n? __pfx_ethnl_parse_bit+0x10/0x10\nbnxt_set_features+0x2a8/0x3e0\n__netdev_update_features+0x4dc/0x1370\n? ethnl_parse_bitset+0x4ff/0x750\n? __pfx_ethnl_parse_bitset+0x10/0x10\n? __pfx___netdev_update_features+0x10/0x10\n? mark_held_locks+0xa5/0xf0\n? _raw_spin_unlock_irqrestore+0x42/0x70\n? __pm_runtime_resume+0x7d/0x110\nethnl_set_features+0x32d/0xa20\n\nTo fix this problem, it uses rhashtable_lookup_fast() instead of\nrhashtable_lookup() with rcu_read_lock().\nUsing xa without rcu_read_lock() here is safe.\nxa is freed by __xdp_mem_allocator_rcu_free() and this is called by\ncall_rcu() of mem_xa_remove().\nThe mem_xa_remove() is called by page_pool_destroy() if a reference\ncount reaches 0.\nThe xa is already protected by the reference count mechanism well in the\ncontrol plane.\nSo removing rcu_read_lock() for page_pool_destroy() is safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43834",
"url": "https://www.suse.com/security/cve/CVE-2024-43834"
},
{
"category": "external",
"summary": "SUSE Bug 1229314 for CVE-2024-43834",
"url": "https://bugzilla.suse.com/1229314"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43834"
},
{
"cve": "CVE-2024-43837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43837"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT\n\nWhen loading a EXT program without specifying `attr-\u003eattach_prog_fd`,\nthe `prog-\u003eaux-\u003edst_prog` will be null. At this time, calling\nresolve_prog_type() anywhere will result in a null pointer dereference.\n\nExample stack trace:\n\n[ 8.107863] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n[ 8.108262] Mem abort info:\n[ 8.108384] ESR = 0x0000000096000004\n[ 8.108547] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 8.108722] SET = 0, FnV = 0\n[ 8.108827] EA = 0, S1PTW = 0\n[ 8.108939] FSC = 0x04: level 0 translation fault\n[ 8.109102] Data abort info:\n[ 8.109203] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 8.109399] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 8.109614] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 8.109836] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101354000\n[ 8.110011] [0000000000000004] pgd=0000000000000000, p4d=0000000000000000\n[ 8.112624] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 8.112783] Modules linked in:\n[ 8.113120] CPU: 0 PID: 99 Comm: may_access_dire Not tainted 6.10.0-rc3-next-20240613-dirty #1\n[ 8.113230] Hardware name: linux,dummy-virt (DT)\n[ 8.113390] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 8.113429] pc : may_access_direct_pkt_data+0x24/0xa0\n[ 8.113746] lr : add_subprog_and_kfunc+0x634/0x8e8\n[ 8.113798] sp : ffff80008283b9f0\n[ 8.113813] x29: ffff80008283b9f0 x28: ffff800082795048 x27: 0000000000000001\n[ 8.113881] x26: ffff0000c0bb2600 x25: 0000000000000000 x24: 0000000000000000\n[ 8.113897] x23: ffff0000c1134000 x22: 000000000001864f x21: ffff0000c1138000\n[ 8.113912] x20: 0000000000000001 x19: ffff0000c12b8000 x18: ffffffffffffffff\n[ 8.113929] x17: 0000000000000000 x16: 0000000000000000 x15: 0720072007200720\n[ 8.113944] x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720\n[ 8.113958] x11: 0720072007200720 x10: 0000000000f9fca4 x9 : ffff80008021f4e4\n[ 8.113991] x8 : 0101010101010101 x7 : 746f72705f6d656d x6 : 000000001e0e0f5f\n[ 8.114006] x5 : 000000000001864f x4 : ffff0000c12b8000 x3 : 000000000000001c\n[ 8.114020] x2 : 0000000000000002 x1 : 0000000000000000 x0 : 0000000000000000\n[ 8.114126] Call trace:\n[ 8.114159] may_access_direct_pkt_data+0x24/0xa0\n[ 8.114202] bpf_check+0x3bc/0x28c0\n[ 8.114214] bpf_prog_load+0x658/0xa58\n[ 8.114227] __sys_bpf+0xc50/0x2250\n[ 8.114240] __arm64_sys_bpf+0x28/0x40\n[ 8.114254] invoke_syscall.constprop.0+0x54/0xf0\n[ 8.114273] do_el0_svc+0x4c/0xd8\n[ 8.114289] el0_svc+0x3c/0x140\n[ 8.114305] el0t_64_sync_handler+0x134/0x150\n[ 8.114331] el0t_64_sync+0x168/0x170\n[ 8.114477] Code: 7100707f 54000081 f9401c00 f9403800 (b9400403)\n[ 8.118672] ---[ end trace 0000000000000000 ]---\n\nOne way to fix it is by forcing `attach_prog_fd` non-empty when\nbpf_prog_load(). But this will lead to `libbpf_probe_bpf_prog_type`\nAPI broken which use verifier log to probe prog type and will log\nnothing if we reject invalid EXT prog before bpf_check().\n\nAnother way is by adding null check in resolve_prog_type().\n\nThe issue was introduced by commit 4a9c7bbe2ed4 (\"bpf: Resolve to\nprog-\u003eaux-\u003edst_prog-\u003etype only for BPF_PROG_TYPE_EXT\") which wanted\nto correct type resolution for BPF_PROG_TYPE_TRACING programs. Before\nthat, the type resolution of BPF_PROG_TYPE_EXT prog actually follows\nthe logic below:\n\n prog-\u003eaux-\u003edst_prog ? prog-\u003eaux-\u003edst_prog-\u003etype : prog-\u003etype;\n\nIt implies that when EXT program is not yet attached to `dst_prog`,\nthe prog type should be EXT itself. This code worked fine in the past.\nSo just keep using it.\n\nFix this by returning `prog-\u003etype` for BPF_PROG_TYPE_EXT if `dst_prog`\nis not present in resolve_prog_type().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43837",
"url": "https://www.suse.com/security/cve/CVE-2024-43837"
},
{
"category": "external",
"summary": "SUSE Bug 1229297 for CVE-2024-43837",
"url": "https://bugzilla.suse.com/1229297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43837"
},
{
"cve": "CVE-2024-43839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43839"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: adjust \u0027name\u0027 buf size of bna_tcb and bna_ccb structures\n\nTo have enough space to write all possible sprintf() args. Currently\n\u0027name\u0027 size is 16, but the first \u0027%s\u0027 specifier may already need at\nleast 16 characters, since \u0027bnad-\u003enetdev-\u003ename\u0027 is used there.\n\nFor \u0027%d\u0027 specifiers, assume that they require:\n * 1 char for \u0027tx_id + tx_info-\u003etcb[i]-\u003eid\u0027 sum, BNAD_MAX_TXQ_PER_TX is 8\n * 2 chars for \u0027rx_id + rx_info-\u003erx_ctrl[i].ccb-\u003eid\u0027, BNAD_MAX_RXP_PER_RX\n is 16\n\nAnd replace sprintf with snprintf.\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43839",
"url": "https://www.suse.com/security/cve/CVE-2024-43839"
},
{
"category": "external",
"summary": "SUSE Bug 1229301 for CVE-2024-43839",
"url": "https://bugzilla.suse.com/1229301"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43839"
},
{
"cve": "CVE-2024-43840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43840"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG\n\nWhen BPF_TRAMP_F_CALL_ORIG is set, the trampoline calls\n__bpf_tramp_enter() and __bpf_tramp_exit() functions, passing them\nthe struct bpf_tramp_image *im pointer as an argument in R0.\n\nThe trampoline generation code uses emit_addr_mov_i64() to emit\ninstructions for moving the bpf_tramp_image address into R0, but\nemit_addr_mov_i64() assumes the address to be in the vmalloc() space\nand uses only 48 bits. Because bpf_tramp_image is allocated using\nkzalloc(), its address can use more than 48-bits, in this case the\ntrampoline will pass an invalid address to __bpf_tramp_enter/exit()\ncausing a kernel crash.\n\nFix this by using emit_a64_mov_i64() in place of emit_addr_mov_i64()\nas it can work with addresses that are greater than 48-bits.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43840",
"url": "https://www.suse.com/security/cve/CVE-2024-43840"
},
{
"category": "external",
"summary": "SUSE Bug 1229344 for CVE-2024-43840",
"url": "https://bugzilla.suse.com/1229344"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43840"
},
{
"cve": "CVE-2024-43841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43841"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: virt_wifi: avoid reporting connection success with wrong SSID\n\nWhen user issues a connection with a different SSID than the one\nvirt_wifi has advertised, the __cfg80211_connect_result() will\ntrigger the warning: WARN_ON(bss_not_found).\n\nThe issue is because the connection code in virt_wifi does not\ncheck the SSID from user space (it only checks the BSSID), and\nvirt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS\neven if the SSID is different from the one virt_wifi has advertised.\nEventually cfg80211 won\u0027t be able to find the cfg80211_bss and generate\nthe warning.\n\nFixed it by checking the SSID (from user space) in the connection code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43841",
"url": "https://www.suse.com/security/cve/CVE-2024-43841"
},
{
"category": "external",
"summary": "SUSE Bug 1229304 for CVE-2024-43841",
"url": "https://bugzilla.suse.com/1229304"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43841"
},
{
"cve": "CVE-2024-43842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43842"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()\n\nIn rtw89_sta_info_get_iter() \u0027status-\u003ehe_gi\u0027 is compared to array size.\nBut then \u0027rate-\u003ehe_gi\u0027 is used as array index instead of \u0027status-\u003ehe_gi\u0027.\nThis can lead to go beyond array boundaries in case of \u0027rate-\u003ehe_gi\u0027 is\nnot equal to \u0027status-\u003ehe_gi\u0027 and is bigger than array size. Looks like\n\"copy-paste\" mistake.\n\nFix this mistake by replacing \u0027rate-\u003ehe_gi\u0027 with \u0027status-\u003ehe_gi\u0027.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43842",
"url": "https://www.suse.com/security/cve/CVE-2024-43842"
},
{
"category": "external",
"summary": "SUSE Bug 1229317 for CVE-2024-43842",
"url": "https://bugzilla.suse.com/1229317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43842"
},
{
"cve": "CVE-2024-43846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib: objagg: Fix general protection fault\n\nThe library supports aggregation of objects into other objects only if\nthe parent object does not have a parent itself. That is, nesting is not\nsupported.\n\nAggregation happens in two cases: Without and with hints, where hints\nare a pre-computed recommendation on how to aggregate the provided\nobjects.\n\nNesting is not possible in the first case due to a check that prevents\nit, but in the second case there is no check because the assumption is\nthat nesting cannot happen when creating objects based on hints. The\nviolation of this assumption leads to various warnings and eventually to\na general protection fault [1].\n\nBefore fixing the root cause, error out when nesting happens and warn.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G W 6.9.0-rc6-custom-gd9b4f1cca7fb #7\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80\n[...]\nCall Trace:\n \u003cTASK\u003e\n mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43846",
"url": "https://www.suse.com/security/cve/CVE-2024-43846"
},
{
"category": "external",
"summary": "SUSE Bug 1229360 for CVE-2024-43846",
"url": "https://bugzilla.suse.com/1229360"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43846"
},
{
"cve": "CVE-2024-43847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43847"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix invalid memory access while processing fragmented packets\n\nThe monitor ring and the reo reinject ring share the same ring mask index.\nWhen the driver receives an interrupt for the reo reinject ring, the\nmonitor ring is also processed, leading to invalid memory access. Since\nmonitor support is not yet enabled in ath12k, the ring mask for the monitor\nring should be removed.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43847",
"url": "https://www.suse.com/security/cve/CVE-2024-43847"
},
{
"category": "external",
"summary": "SUSE Bug 1229291 for CVE-2024-43847",
"url": "https://bugzilla.suse.com/1229291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43847"
},
{
"cve": "CVE-2024-43849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43849"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: protect locator_addr with the main mutex\n\nIf the service locator server is restarted fast enough, the PDR can\nrewrite locator_addr fields concurrently. Protect them by placing\nmodification of those fields under the main pdr-\u003elock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43849",
"url": "https://www.suse.com/security/cve/CVE-2024-43849"
},
{
"category": "external",
"summary": "SUSE Bug 1229307 for CVE-2024-43849",
"url": "https://bugzilla.suse.com/1229307"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43849"
},
{
"cve": "CVE-2024-43850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove\n\nThe following warning is seen during bwmon_remove due to refcount\nimbalance, fix this by releasing the OPPs after use.\n\nLogs:\nWARNING: at drivers/opp/core.c:1640 _opp_table_kref_release+0x150/0x158\nHardware name: Qualcomm Technologies, Inc. X1E80100 CRD (DT)\n...\nCall trace:\n_opp_table_kref_release+0x150/0x158\ndev_pm_opp_remove_table+0x100/0x1b4\ndevm_pm_opp_of_table_release+0x10/0x1c\ndevm_action_release+0x14/0x20\ndevres_release_all+0xa4/0x104\ndevice_unbind_cleanup+0x18/0x60\ndevice_release_driver_internal+0x1ec/0x228\ndriver_detach+0x50/0x98\nbus_remove_driver+0x6c/0xbc\ndriver_unregister+0x30/0x60\nplatform_driver_unregister+0x14/0x20\nbwmon_driver_exit+0x18/0x524 [icc_bwmon]\n__arm64_sys_delete_module+0x184/0x264\ninvoke_syscall+0x48/0x118\nel0_svc_common.constprop.0+0xc8/0xe8\ndo_el0_svc+0x20/0x2c\nel0_svc+0x34/0xdc\nel0t_64_sync_handler+0x13c/0x158\nel0t_64_sync+0x190/0x194\n--[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43850",
"url": "https://www.suse.com/security/cve/CVE-2024-43850"
},
{
"category": "external",
"summary": "SUSE Bug 1229316 for CVE-2024-43850",
"url": "https://bugzilla.suse.com/1229316"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43850"
},
{
"cve": "CVE-2024-43851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: xilinx: rename cpu_number1 to dummy_cpu_number\n\nThe per cpu variable cpu_number1 is passed to xlnx_event_handler as\nargument \"dev_id\", but it is not used in this function. So drop the\ninitialization of this variable and rename it to dummy_cpu_number.\nThis patch is to fix the following call trace when the kernel option\nCONFIG_DEBUG_ATOMIC_SLEEP is enabled:\n\nBUG: sleeping function called from invalid context at include/linux/sched/mm.h:274\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper/0\n preempt_count: 1, expected: 0\n CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.1.0 #53\n Hardware name: Xilinx Versal vmk180 Eval board rev1.1 (QSPI) (DT)\n Call trace:\n dump_backtrace+0xd0/0xe0\n show_stack+0x18/0x40\n dump_stack_lvl+0x7c/0xa0\n dump_stack+0x18/0x34\n __might_resched+0x10c/0x140\n __might_sleep+0x4c/0xa0\n __kmem_cache_alloc_node+0xf4/0x168\n kmalloc_trace+0x28/0x38\n __request_percpu_irq+0x74/0x138\n xlnx_event_manager_probe+0xf8/0x298\n platform_probe+0x68/0xd8",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43851",
"url": "https://www.suse.com/security/cve/CVE-2024-43851"
},
{
"category": "external",
"summary": "SUSE Bug 1229313 for CVE-2024-43851",
"url": "https://bugzilla.suse.com/1229313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43851"
},
{
"cve": "CVE-2024-43853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43853"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: Prevent UAF in proc_cpuset_show()\n\nAn UAF can happen when /proc/cpuset is read as reported in [1].\n\nThis can be reproduced by the following methods:\n1.add an mdelay(1000) before acquiring the cgroup_lock In the\n cgroup_path_ns function.\n2.$cat /proc/\u003cpid\u003e/cpuset repeatly.\n3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/\n$umount /sys/fs/cgroup/cpuset/ repeatly.\n\nThe race that cause this bug can be shown as below:\n\n(umount)\t\t|\t(cat /proc/\u003cpid\u003e/cpuset)\ncss_release\t\t|\tproc_cpuset_show\ncss_release_work_fn\t|\tcss = task_get_css(tsk, cpuset_cgrp_id);\ncss_free_rwork_fn\t|\tcgroup_path_ns(css-\u003ecgroup, ...);\ncgroup_destroy_root\t|\tmutex_lock(\u0026cgroup_mutex);\nrebind_subsystems\t|\ncgroup_free_root \t|\n\t\t\t|\t// cgrp was freed, UAF\n\t\t\t|\tcgroup_path_ns_locked(cgrp,..);\n\nWhen the cpuset is initialized, the root node top_cpuset.css.cgrp\nwill point to \u0026cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will\nallocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated\n\u0026cgroup_root.cgrp. When the umount operation is executed,\ntop_cpuset.css.cgrp will be rebound to \u0026cgrp_dfl_root.cgrp.\n\nThe problem is that when rebinding to cgrp_dfl_root, there are cases\nwhere the cgroup_root allocated by setting up the root for cgroup v1\nis cached. This could lead to a Use-After-Free (UAF) if it is\nsubsequently freed. The descendant cgroups of cgroup v1 can only be\nfreed after the css is released. However, the css of the root will never\nbe released, yet the cgroup_root should be freed when it is unmounted.\nThis means that obtaining a reference to the css of the root does\nnot guarantee that css.cgrp-\u003eroot will not be freed.\n\nFix this problem by using rcu_read_lock in proc_cpuset_show().\nAs cgroup_root is kfree_rcu after commit d23b5c577715\n(\"cgroup: Make operations on the cgroup root_list RCU safe\"),\ncss-\u003ecgroup won\u0027t be freed during the critical section.\nTo call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to\nreplace task_get_css with task_css.\n\n[1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43853",
"url": "https://www.suse.com/security/cve/CVE-2024-43853"
},
{
"category": "external",
"summary": "SUSE Bug 1229292 for CVE-2024-43853",
"url": "https://bugzilla.suse.com/1229292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43853"
},
{
"cve": "CVE-2024-43854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43854"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: initialize integrity buffer to zero before writing it to media\n\nMetadata added by bio_integrity_prep is using plain kmalloc, which leads\nto random kernel memory being written media. For PI metadata this is\nlimited to the app tag that isn\u0027t used by kernel generated metadata,\nbut for non-PI metadata the entire buffer leaks kernel memory.\n\nFix this by adding the __GFP_ZERO flag to allocations for writes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43854",
"url": "https://www.suse.com/security/cve/CVE-2024-43854"
},
{
"category": "external",
"summary": "SUSE Bug 1229345 for CVE-2024-43854",
"url": "https://bugzilla.suse.com/1229345"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43854"
},
{
"cve": "CVE-2024-43855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix deadlock between mddev_suspend and flush bio\n\nDeadlock occurs when mddev is being suspended while some flush bio is in\nprogress. It is a complex issue.\n\nT1. the first flush is at the ending stage, it clears \u0027mddev-\u003eflush_bio\u0027\n and tries to submit data, but is blocked because mddev is suspended\n by T4.\nT2. the second flush sets \u0027mddev-\u003eflush_bio\u0027, and attempts to queue\n md_submit_flush_data(), which is already running (T1) and won\u0027t\n execute again if on the same CPU as T1.\nT3. the third flush inc active_io and tries to flush, but is blocked because\n \u0027mddev-\u003eflush_bio\u0027 is not NULL (set by T2).\nT4. mddev_suspend() is called and waits for active_io dec to 0 which is inc\n by T3.\n\n T1\t\tT2\t\tT3\t\tT4\n (flush 1)\t(flush 2)\t(third 3)\t(suspend)\n md_submit_flush_data\n mddev-\u003eflush_bio = NULL;\n .\n .\t \tmd_flush_request\n .\t \t mddev-\u003eflush_bio = bio\n .\t \t queue submit_flushes\n .\t\t .\n .\t\t .\t\tmd_handle_request\n .\t\t .\t\t active_io + 1\n .\t\t .\t\t md_flush_request\n .\t\t .\t\t wait !mddev-\u003eflush_bio\n .\t\t .\n .\t\t .\t\t\t\tmddev_suspend\n .\t\t .\t\t\t\t wait !active_io\n .\t\t .\n .\t\t submit_flushes\n .\t\t queue_work md_submit_flush_data\n .\t\t //md_submit_flush_data is already running (T1)\n .\n md_handle_request\n wait resume\n\nThe root issue is non-atomic inc/dec of active_io during flush process.\nactive_io is dec before md_submit_flush_data is queued, and inc soon\nafter md_submit_flush_data() run.\n md_flush_request\n active_io + 1\n submit_flushes\n active_io - 1\n md_submit_flush_data\n md_handle_request\n active_io + 1\n make_request\n active_io - 1\n\nIf active_io is dec after md_handle_request() instead of within\nsubmit_flushes(), make_request() can be called directly intead of\nmd_handle_request() in md_submit_flush_data(), and active_io will\nonly inc and dec once in the whole flush process. Deadlock will be\nfixed.\n\nAdditionally, the only difference between fixing the issue and before is\nthat there is no return error handling of make_request(). But after\nprevious patch cleaned md_write_start(), make_requst() only return error\nin raid5_make_request() by dm-raid, see commit 41425f96d7aa (\"dm-raid456,\nmd/raid456: fix a deadlock for dm-raid456 while io concurrent with\nreshape)\". Since dm always splits data and flush operation into two\nseparate io, io size of flush submitted by dm always is 0, make_request()\nwill not be called in md_submit_flush_data(). To prevent future\nmodifications from introducing issues, add WARN_ON to ensure\nmake_request() no error is returned in this context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43855",
"url": "https://www.suse.com/security/cve/CVE-2024-43855"
},
{
"category": "external",
"summary": "SUSE Bug 1229342 for CVE-2024-43855",
"url": "https://bugzilla.suse.com/1229342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43855"
},
{
"cve": "CVE-2024-43856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n kokonut //net/encryption\n http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43856",
"url": "https://www.suse.com/security/cve/CVE-2024-43856"
},
{
"category": "external",
"summary": "SUSE Bug 1229346 for CVE-2024-43856",
"url": "https://bugzilla.suse.com/1229346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43856"
},
{
"cve": "CVE-2024-43858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix array-index-out-of-bounds in diFree",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43858",
"url": "https://www.suse.com/security/cve/CVE-2024-43858"
},
{
"category": "external",
"summary": "SUSE Bug 1229414 for CVE-2024-43858",
"url": "https://bugzilla.suse.com/1229414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43858"
},
{
"cve": "CVE-2024-43860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43860"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_rproc: Skip over memory region when node value is NULL\n\nIn imx_rproc_addr_init() \"nph = of_count_phandle_with_args()\" just counts\nnumber of phandles. But phandles may be empty. So of_parse_phandle() in\nthe parsing loop (0 \u003c a \u003c nph) may return NULL which is later dereferenced.\nAdjust this issue by adding NULL-return check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[Fixed title to fit within the prescribed 70-75 charcters]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43860",
"url": "https://www.suse.com/security/cve/CVE-2024-43860"
},
{
"category": "external",
"summary": "SUSE Bug 1229319 for CVE-2024-43860",
"url": "https://bugzilla.suse.com/1229319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43860"
},
{
"cve": "CVE-2024-43861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: fix memory leak for not ip packets\n\nFree the unused skb when not ip packets arrive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43861",
"url": "https://www.suse.com/security/cve/CVE-2024-43861"
},
{
"category": "external",
"summary": "SUSE Bug 1229500 for CVE-2024-43861",
"url": "https://bugzilla.suse.com/1229500"
},
{
"category": "external",
"summary": "SUSE Bug 1229553 for CVE-2024-43861",
"url": "https://bugzilla.suse.com/1229553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "important"
}
],
"title": "CVE-2024-43861"
},
{
"cve": "CVE-2024-43863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix a deadlock in dma buf fence polling\n\nIntroduce a version of the fence ops that on release doesn\u0027t remove\nthe fence from the pending list, and thus doesn\u0027t require a lock to\nfix poll-\u003efence wait-\u003efence unref deadlocks.\n\nvmwgfx overwrites the wait callback to iterate over the list of all\nfences and update their status, to do that it holds a lock to prevent\nthe list modifcations from other threads. The fence destroy callback\nboth deletes the fence and removes it from the list of pending\nfences, for which it holds a lock.\n\ndma buf polling cb unrefs a fence after it\u0027s been signaled: so the poll\ncalls the wait, which signals the fences, which are being destroyed.\nThe destruction tries to acquire the lock on the pending fences list\nwhich it can never get because it\u0027s held by the wait from which it\nwas called.\n\nOld bug, but not a lot of userspace apps were using dma-buf polling\ninterfaces. Fix those, in particular this fixes KDE stalls/deadlock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43863",
"url": "https://www.suse.com/security/cve/CVE-2024-43863"
},
{
"category": "external",
"summary": "SUSE Bug 1229497 for CVE-2024-43863",
"url": "https://bugzilla.suse.com/1229497"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43863"
},
{
"cve": "CVE-2024-43864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix CT entry update leaks of modify header context\n\nThe cited commit allocates a new modify header to replace the old\none when updating CT entry. But if failed to allocate a new one, eg.\nexceed the max number firmware can support, modify header will be\nan error pointer that will trigger a panic when deallocating it. And\nthe old modify header point is copied to old attr. When the old\nattr is freed, the old modify header is lost.\n\nFix it by restoring the old attr to attr when failed to allocate a\nnew modify header context. So when the CT entry is freed, the right\nmodify header context will be freed. And the panic of accessing\nerror pointer is also fixed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43864",
"url": "https://www.suse.com/security/cve/CVE-2024-43864"
},
{
"category": "external",
"summary": "SUSE Bug 1229496 for CVE-2024-43864",
"url": "https://bugzilla.suse.com/1229496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43864"
},
{
"cve": "CVE-2024-43866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Always drain health in shutdown callback\n\nThere is no point in recovery during device shutdown. if health\nwork started need to wait for it to avoid races and NULL pointer\naccess.\n\nHence, drain health WQ on shutdown callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43866",
"url": "https://www.suse.com/security/cve/CVE-2024-43866"
},
{
"category": "external",
"summary": "SUSE Bug 1229495 for CVE-2024-43866",
"url": "https://bugzilla.suse.com/1229495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43866"
},
{
"cve": "CVE-2024-43867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43867"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: prime: fix refcount underflow\n\nCalling nouveau_bo_ref() on a nouveau_bo without initializing it (and\nhence the backing ttm_bo) leads to a refcount underflow.\n\nInstead of calling nouveau_bo_ref() in the unwind path of\ndrm_gem_object_init(), clean things up manually.\n\n(cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43867",
"url": "https://www.suse.com/security/cve/CVE-2024-43867"
},
{
"category": "external",
"summary": "SUSE Bug 1229493 for CVE-2024-43867",
"url": "https://bugzilla.suse.com/1229493"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43867"
},
{
"cve": "CVE-2024-43871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevres: Fix memory leakage caused by driver API devm_free_percpu()\n\nIt will cause memory leakage when use driver API devm_free_percpu()\nto free memory allocated by devm_alloc_percpu(), fixed by using\ndevres_release() instead of devres_destroy() within devm_free_percpu().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43871",
"url": "https://www.suse.com/security/cve/CVE-2024-43871"
},
{
"category": "external",
"summary": "SUSE Bug 1229490 for CVE-2024-43871",
"url": "https://bugzilla.suse.com/1229490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43871"
},
{
"cve": "CVE-2024-43872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43872"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup under heavy CEQE load\n\nCEQEs are handled in interrupt handler currently. This may cause the\nCPU core staying in interrupt context too long and lead to soft lockup\nunder heavy load.\n\nHandle CEQEs in BH workqueue and set an upper limit for the number of\nCEQE handled by a single call of work handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43872",
"url": "https://www.suse.com/security/cve/CVE-2024-43872"
},
{
"category": "external",
"summary": "SUSE Bug 1229489 for CVE-2024-43872",
"url": "https://bugzilla.suse.com/1229489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43872"
},
{
"cve": "CVE-2024-43873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost/vsock: always initialize seqpacket_allow\n\nThere are two issues around seqpacket_allow:\n1. seqpacket_allow is not initialized when socket is\n created. Thus if features are never set, it will be\n read uninitialized.\n2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared,\n then seqpacket_allow will not be cleared appropriately\n (existing apps I know about don\u0027t usually do this but\n it\u0027s legal and there\u0027s no way to be sure no one relies\n on this).\n\nTo fix:\n\t- initialize seqpacket_allow after allocation\n\t- set it unconditionally in set_features",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43873",
"url": "https://www.suse.com/security/cve/CVE-2024-43873"
},
{
"category": "external",
"summary": "SUSE Bug 1229488 for CVE-2024-43873",
"url": "https://bugzilla.suse.com/1229488"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-43873"
},
{
"cve": "CVE-2024-43874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43874"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked\n\nFix a null pointer dereference induced by DEBUG_TEST_DRIVER_REMOVE.\nReturn from __sev_snp_shutdown_locked() if the psp_device or the\nsev_device structs are not initialized. Without the fix, the driver will\nproduce the following splat:\n\n ccp 0000:55:00.5: enabling device (0000 -\u003e 0002)\n ccp 0000:55:00.5: sev enabled\n ccp 0000:55:00.5: psp enabled\n BUG: kernel NULL pointer dereference, address: 00000000000000f0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI\n CPU: 262 PID: 1 Comm: swapper/0 Not tainted 6.9.0-rc1+ #29\n RIP: 0010:__sev_snp_shutdown_locked+0x2e/0x150\n Code: 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 41 89 f7 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 45 d8 48 8b 05 6a 5a 7f 06 \u003c4c\u003e 8b a0 f0 00 00 00 41 0f b6 9c 24 a2 00 00 00 48 83 fb 02 0f 83\n RSP: 0018:ffffb2ea4014b7b8 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: ffff9e4acd2e0a28 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb2ea4014b808\n RBP: ffffb2ea4014b7e8 R08: 0000000000000106 R09: 000000000003d9c0\n R10: 0000000000000001 R11: ffffffffa39ff070 R12: ffff9e49d40590c8\n R13: 0000000000000000 R14: ffffb2ea4014b808 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff9e58b1e00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000000000f0 CR3: 0000000418a3e001 CR4: 0000000000770ef0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die_body+0x6f/0xb0\n ? __die+0xcc/0xf0\n ? page_fault_oops+0x330/0x3a0\n ? save_trace+0x2a5/0x360\n ? do_user_addr_fault+0x583/0x630\n ? exc_page_fault+0x81/0x120\n ? asm_exc_page_fault+0x2b/0x30\n ? __sev_snp_shutdown_locked+0x2e/0x150\n __sev_firmware_shutdown+0x349/0x5b0\n ? pm_runtime_barrier+0x66/0xe0\n sev_dev_destroy+0x34/0xb0\n psp_dev_destroy+0x27/0x60\n sp_destroy+0x39/0x90\n sp_pci_remove+0x22/0x60\n pci_device_remove+0x4e/0x110\n really_probe+0x271/0x4e0\n __driver_probe_device+0x8f/0x160\n driver_probe_device+0x24/0x120\n __driver_attach+0xc7/0x280\n ? driver_attach+0x30/0x30\n bus_for_each_dev+0x10d/0x130\n driver_attach+0x22/0x30\n bus_add_driver+0x171/0x2b0\n ? unaccepted_memory_init_kdump+0x20/0x20\n driver_register+0x67/0x100\n __pci_register_driver+0x83/0x90\n sp_pci_init+0x22/0x30\n sp_mod_init+0x13/0x30\n do_one_initcall+0xb8/0x290\n ? sched_clock_noinstr+0xd/0x10\n ? local_clock_noinstr+0x3e/0x100\n ? stack_depot_save_flags+0x21e/0x6a0\n ? local_clock+0x1c/0x60\n ? stack_depot_save_flags+0x21e/0x6a0\n ? sched_clock_noinstr+0xd/0x10\n ? local_clock_noinstr+0x3e/0x100\n ? __lock_acquire+0xd90/0xe30\n ? sched_clock_noinstr+0xd/0x10\n ? local_clock_noinstr+0x3e/0x100\n ? __create_object+0x66/0x100\n ? local_clock+0x1c/0x60\n ? __create_object+0x66/0x100\n ? parameq+0x1b/0x90\n ? parse_one+0x6d/0x1d0\n ? parse_args+0xd7/0x1f0\n ? do_initcall_level+0x180/0x180\n do_initcall_level+0xb0/0x180\n do_initcalls+0x60/0xa0\n ? kernel_init+0x1f/0x1d0\n do_basic_setup+0x41/0x50\n kernel_init_freeable+0x1ac/0x230\n ? rest_init+0x1f0/0x1f0\n kernel_init+0x1f/0x1d0\n ? rest_init+0x1f0/0x1f0\n ret_from_fork+0x3d/0x50\n ? rest_init+0x1f0/0x1f0\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n Modules linked in:\n CR2: 00000000000000f0\n ---[ end trace 0000000000000000 ]---\n RIP: 0010:__sev_snp_shutdown_locked+0x2e/0x150\n Code: 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 41 89 f7 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 45 d8 48 8b 05 6a 5a 7f 06 \u003c4c\u003e 8b a0 f0 00 00 00 41 0f b6 9c 24 a2 00 00 00 48 83 fb 02 0f 83\n RSP: 0018:ffffb2ea4014b7b8 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: ffff9e4acd2e0a28 RCX: 0000000000000000\n RDX: 0000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-17.1.1.51.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-19.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-19.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-19-default-1-1.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-19.1.noarch