Vulnerability from csaf_suse
Published
2024-10-09 09:43
Modified
2024-10-09 09:43
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).
- CVE-2024-41073: nvme: avoid double free special payload (bsc#1228635).
- CVE-2024-41079: nvmet: always initialize cqe.result (bsc#1228615).
- CVE-2024-46859: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (bsc#1231089).
- CVE-2024-46853: spi: nxp-fspi: fix the KASAN report out-of-bounds bug (bsc#1231083).
- CVE-2022-48945: media: vivid: fix compose size exceed boundary (bsc#1230398).
- CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082).
- CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120).
- CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764).
- CVE-2024-46731: drm/amd/pm: fix the Out-of-bounds read warning (bsc#1230709).
- CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772).
- CVE-2024-46722: drm/amdgpu: fix mc_data out-of-bounds read warning (bsc#1230712).
- CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633).
- CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796).
- CVE-2024-46761: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (bsc#1230761).
- CVE-2024-46759: hwmon: (adc128d818) Fix underflows seen when writing limit attributes (bsc#1230814).
- CVE-2024-46745: Input: uinput - reject requests with unreasonable number of slots (bsc#1230748).
- CVE-2024-46738: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (bsc#1230731).
- CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810).
- CVE-2024-44982: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (bsc#1230204).
- CVE-2024-46723: drm/amdgpu: fix ucode out-of-bounds read warning (bsc#1230702).
- CVE-2024-46750: PCI: Add missing bridge lock to pci_bus_lock() (bsc#1230783).
- CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719).
- CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890).
- CVE-2024-46744: Squashfs: sanity check symbolic link size (bsc#1230747).
- CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756).
- CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700).
- CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515)
- CVE-2024-46675: usb: dwc3: core: Prevent USB core invalid event buffer address access (bsc#1230533).
- CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589)
- CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517).
- CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506).
- CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
- CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549).
- CVE-2024-46676: nfc: pn533: Add poll mod list filling check (bsc#1230535).
- CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556).
- CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790).
- CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
- CVE-2024-46707: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (bsc#1230582).
- CVE-2022-48799: perf: Fix list corruption in perf_cgroup_switch() (bsc#1227953).
- CVE-2022-48789: nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1228000).
- CVE-2022-48790: nvme: fix a possible use-after-free in controller reset during load (bsc#1227941).
- CVE-2024-41000: block/ioctl: prefer different overflow check (bsc#1227867).
- CVE-2024-44948: x86/mtrr: Check if fixed MTRRs exist before saving them (bsc#1230174).
- CVE-2022-48788: nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1227952).
- CVE-2024-45008: Input: MT - limit max slots (bsc#1230248).
- CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
- CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233).
- CVE-2022-48943: KVM: x86/mmu: make apf token non-zero to fix bug (bsc#1229645).
- CVE-2023-52915: media: dvb-usb-v2: af9035: fix missing unlock (bsc#1230270).
- CVE-2022-48844: Bluetooth: hci_core: Fix leaking sent_cmd skb (bsc#1228068).
- CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830)
- CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)
- CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753).
- CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362).
- CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363).
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180).
- CVE-2024-27024: net/rds: fix WARNING in rds_conn_connect_if_down (bsc#1223777).
- CVE-2024-44954: ALSA: line6: Fix racy access to midibuf (bsc#1230176).
- CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171).
- CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178).
- CVE-2021-47387: cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory (bsc#1225316).
- CVE-2024-44969: s390/sclp: Prevent release of buffer in I/O (bsc#1230200).
- CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768)
- CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)
- CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846).
- CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507).
The following non-security bugs were fixed:
- ACPI: EC: Avoid printing confusing messages in acpi_ec_setup() (git-fixes).
- ACPI / EC: Clean up EC GPE mask flag (git-fixes).
- ACPI: EC: Fix an EC event IRQ storming issue (git-fixes).
- ACPI: EC: tweak naming in preparation for GpioInt support (git-fixes).
- ACPI: SPCR: Consider baud rate 0 as preconfigured state (git-fixes).
- ACPI: SPCR: work around clock issue on xgene UART (git-fixes).
- ACPI: SPCR: Workaround for APM X-Gene 8250 UART 32-alignment errata (git-fixes).
- ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35 (git-fixes).
- af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846).
- af_unix: Fix data races around sk->sk_shutdown (bsc#1226846).
- af_unix: Fix data-races around sk->sk_shutdown (git-fixes).
- autofs4: use wait_event_killable (bsc#1207341).
- ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231184).
- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes).
- Fix bsc#1054914 reference.
- fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230151).
- kabi fix for proc/mounts: add cursor (bsc#1207341).
- kabi/severities: Ignore ppc instruction emulation (bsc#1230826 ltc#205848) These are lowlevel functions not used outside of exception handling and kernel debugging facilities.
- kthread: Fix task state in kthread worker if being frozen (bsc#1231146).
- media: vivid: avoid integer overflow (git-fixes).
- media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes).
- media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes).
- media: vivid: s_fbuf: add more sanity checks (git-fixes).
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git-fixes).
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes).
- nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes).
- nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes).
- ocfs2: fix null-ptr-deref when journal load failed (git-fixes).
- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes).
- ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes).
- PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes).
- powerpc/32: Move the inline keyword at the beginning of function declaration (bsc#1230826 ltc#205848).
- powerpc/64: Fix update forms of loads and stores to write 64-bit EA (bsc#1230826 ltc#205848).
- powerpc: Add emulation for the addpcis instruction (bsc#1230826 ltc#205848).
- powerpc: Change analyse_instr so it does not modify *regs (bsc#1230826 ltc#205848).
- powerpc: Do not check MSR FP/VMX/VSX enable bits in analyse_instr() (bsc#1230826 ltc#205848).
- powerpc: Do not update CR0 in emulation of popcnt, prty, bpermd instructions (bsc#1230826 ltc#205848).
- powerpc: Emulate FP/vector/VSX loads/stores correctly when regs not live (bsc#1230826 ltc#205848).
- powerpc: Emulate load/store floating double pair instructions (bsc#1230826 ltc#205848).
- powerpc: Emulate load/store floating point as integer word instructions (bsc#1230826 ltc#205848).
- powerpc: Emulate the dcbz instruction (bsc#1230826 ltc#205848).
- powerpc: Emulate vector element load/store instructions (bsc#1230826 ltc#205848).
- powerpc: Fix emulation of the isel instruction (bsc#1230826 ltc#205848).
- powerpc: Fix handling of alignment interrupt on dcbz instruction (bsc#1230826 ltc#205848).
- powerpc: Fix kernel crash in emulation of vector loads and stores (bsc#1230826 ltc#205848).
- powerpc/fpu: Drop cvt_fd() and cvt_df() (bsc#1230826 ltc#205848).
- powerpc: Handle most loads and stores in instruction emulation code (bsc#1230826 ltc#205848).
- powerpc: Handle opposite-endian processes in emulation code (bsc#1230826 ltc#205848).
- powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (bsc#1054914 git-fixes).
- powerpc/imc-pmu: Revert nest_init_lock to being a mutex (bsc#1065729).
- powerpc/iommu: Annotate nested lock for lockdep (bsc#1065729).
- powerpc/kprobes: Update optprobes to use emulate_update_regs() (bsc#1230826 ltc#205848).
- powerpc/lib: Fix 'integer constant is too large' build failure (bsc#1230826 ltc#205848).
- powerpc/lib: fix redundant inclusion of quad.o (bsc#1230826 ltc#205848).
- powerpc/lib/sstep: Add bpermd instruction emulation (bsc#1230826 ltc#205848).
- powerpc/lib/sstep: Add cmpb instruction emulation (bsc#1230826 ltc#205848).
- powerpc/lib/sstep: Add isel instruction emulation (bsc#1230826 ltc#205848).
- powerpc/lib/sstep: Add popcnt instruction emulation (bsc#1230826 ltc#205848).
- powerpc/lib/sstep: Add prty instruction emulation (bsc#1230826 ltc#205848).
- powerpc/lib/sstep: Add XER bits introduced in POWER ISA v3.0 (bsc#1230826 ltc#205848).
- powerpc/lib/sstep: Fix count leading zeros instructions (bsc#1230826 ltc#205848).
- powerpc/lib/sstep: Fix fixed-point arithmetic instructions that set CA32 (bsc#1230826 ltc#205848).
- powerpc/lib/sstep: Fix fixed-point shift instructions that set CA32 (bsc#1230826 ltc#205848).
- powerpc/lib/sstep: fix 'ptesync' build error (bsc#1230826 ltc#205848).
- powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1230826 ltc#205848).
- powerpc: Make load/store emulation use larger memory accesses (bsc#1230826 ltc#205848).
- powerpc/ppc-opcode: Add divde and divdeu opcodes (bsc#1230826 ltc#205848).
- powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (bsc#1065729).
- powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error).
- powerpc: Separate out load/store emulation into its own function (bsc#1230826 ltc#205848).
- powerpc: Set regs->dar if memory access fails in emulate_step() (bsc#1230826 ltc#205848).
- powerpc sstep: Add support for cnttzw, cnttzd instructions (bsc#1230826 ltc#205848).
- powerpc: sstep: Add support for darn instruction (bsc#1230826 ltc#205848).
- powerpc/sstep: Add support for divde[.] and divdeu[.] instructions (bsc#1230826 ltc#205848).
- powerpc sstep: Add support for extswsli instruction (bsc#1230826 ltc#205848).
- powerpc: sstep: Add support for maddhd, maddhdu, maddld instructions (bsc#1230826 ltc#205848).
- powerpc sstep: Add support for modsd, modud instructions (bsc#1230826 ltc#205848).
- powerpc sstep: Add support for modsw, moduw instructions (bsc#1230826 ltc#205848).
- powerpc/sstep: Avoid used uninitialized error (bsc#1230826 ltc#205848).
- powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1230826 ltc#205848).
- powerpc/sstep: Fix darn emulation (bsc#1230826 ltc#205848).
- powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1230826 ltc#205848).
- powerpc/sstep: Fix issues with mcrf (bsc#1230826 ltc#205848).
- powerpc/sstep: Fix issues with set_cr0() (bsc#1230826 ltc#205848).
- powerpc/sstep: Fix kernel crash if VSX is not present (bsc#1230826 ltc#205848).
- powerpc/sstep: Introduce GETTYPE macro (bsc#1230826 ltc#205848).
- powerpc/sstep: mullw should calculate a 64 bit signed result (bsc#1230826 ltc#205848).
- powerpc: Use instruction emulation infrastructure to handle alignment faults (bsc#1230826 ltc#205848).
- powerpc: Wrap register number correctly for string load/store instructions (bsc#1230826 ltc#205848).
- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
- proc/mounts: add cursor (bsc#1207341).
- profiling: fix shift too large makes kernel panic (git-fixes).
- RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes)
- RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes)
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes)
- Revert 'ACPI / EC: Remove old CLEAR_ON_RESUME quirk' (git-fixes).
- tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes).
- uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git-fixes).
- usbnet: fix cyclical race on disconnect with work queue (git-fixes).
- usbnet: modern method to get random MAC (git-fixes).
Patchnames
SUSE-2024-3566,SUSE-SLE-RT-12-SP5-2024-3566
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for the Linux Kernel", title: "Title of the patch", }, { category: "description", text: "\nThe SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).\n- CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).\n- CVE-2024-41073: nvme: avoid double free special payload (bsc#1228635).\n- CVE-2024-41079: nvmet: always initialize cqe.result (bsc#1228615).\n- CVE-2024-46859: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (bsc#1231089).\n- CVE-2024-46853: spi: nxp-fspi: fix the KASAN report out-of-bounds bug (bsc#1231083).\n- CVE-2022-48945: media: vivid: fix compose size exceed boundary (bsc#1230398).\n- CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082).\n- CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120).\n- CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764).\n- CVE-2024-46731: drm/amd/pm: fix the Out-of-bounds read warning (bsc#1230709).\n- CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772).\n- CVE-2024-46722: drm/amdgpu: fix mc_data out-of-bounds read warning (bsc#1230712).\n- CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815).\n- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633).\n- CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796).\n- CVE-2024-46761: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (bsc#1230761).\n- CVE-2024-46759: hwmon: (adc128d818) Fix underflows seen when writing limit attributes (bsc#1230814).\n- CVE-2024-46745: Input: uinput - reject requests with unreasonable number of slots (bsc#1230748).\n- CVE-2024-46738: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (bsc#1230731).\n- CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810).\n- CVE-2024-44982: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (bsc#1230204).\n- CVE-2024-46723: drm/amdgpu: fix ucode out-of-bounds read warning (bsc#1230702).\n- CVE-2024-46750: PCI: Add missing bridge lock to pci_bus_lock() (bsc#1230783).\n- CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719).\n- CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890).\n- CVE-2024-46744: Squashfs: sanity check symbolic link size (bsc#1230747).\n- CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756).\n- CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700).\n- CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515)\n- CVE-2024-46675: usb: dwc3: core: Prevent USB core invalid event buffer address access (bsc#1230533).\n- CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589)\n- CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517).\n- CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506).\n- CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)\n- CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549).\n- CVE-2024-46676: nfc: pn533: Add poll mod list filling check (bsc#1230535).\n- CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556).\n- CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790).\n- CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).\n- CVE-2024-46707: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (bsc#1230582).\n- CVE-2022-48799: perf: Fix list corruption in perf_cgroup_switch() (bsc#1227953).\n- CVE-2022-48789: nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1228000).\n- CVE-2022-48790: nvme: fix a possible use-after-free in controller reset during load (bsc#1227941).\n- CVE-2024-41000: block/ioctl: prefer different overflow check (bsc#1227867).\n- CVE-2024-44948: x86/mtrr: Check if fixed MTRRs exist before saving them (bsc#1230174).\n- CVE-2022-48788: nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1227952).\n- CVE-2024-45008: Input: MT - limit max slots (bsc#1230248).\n- CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).\n- CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233).\n- CVE-2022-48943: KVM: x86/mmu: make apf token non-zero to fix bug (bsc#1229645).\n- CVE-2023-52915: media: dvb-usb-v2: af9035: fix missing unlock (bsc#1230270).\n- CVE-2022-48844: Bluetooth: hci_core: Fix leaking sent_cmd skb (bsc#1228068).\n- CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830)\n- CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)\n- CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753).\n- CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362).\n- CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363).\n- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).\n- CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180).\n- CVE-2024-27024: net/rds: fix WARNING in rds_conn_connect_if_down (bsc#1223777).\n- CVE-2024-44954: ALSA: line6: Fix racy access to midibuf (bsc#1230176).\n- CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171).\n- CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178).\n- CVE-2021-47387: cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory (bsc#1225316).\n- CVE-2024-44969: s390/sclp: Prevent release of buffer in I/O (bsc#1230200).\n- CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768)\n- CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)\n- CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846).\n- CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507).\n\nThe following non-security bugs were fixed:\n\n- ACPI: EC: Avoid printing confusing messages in acpi_ec_setup() (git-fixes).\n- ACPI / EC: Clean up EC GPE mask flag (git-fixes).\n- ACPI: EC: Fix an EC event IRQ storming issue (git-fixes).\n- ACPI: EC: tweak naming in preparation for GpioInt support (git-fixes).\n- ACPI: SPCR: Consider baud rate 0 as preconfigured state (git-fixes).\n- ACPI: SPCR: work around clock issue on xgene UART (git-fixes).\n- ACPI: SPCR: Workaround for APM X-Gene 8250 UART 32-alignment errata (git-fixes).\n- ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35 (git-fixes).\n- af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846).\n- af_unix: Fix data races around sk->sk_shutdown (bsc#1226846).\n- af_unix: Fix data-races around sk->sk_shutdown (git-fixes).\n- autofs4: use wait_event_killable (bsc#1207341).\n- ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231184).\n- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes).\n- Fix bsc#1054914 reference.\n- fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230151).\n- kabi fix for proc/mounts: add cursor (bsc#1207341).\n- kabi/severities: Ignore ppc instruction emulation (bsc#1230826 ltc#205848) These are lowlevel functions not used outside of exception handling and kernel debugging facilities.\n- kthread: Fix task state in kthread worker if being frozen (bsc#1231146).\n- media: vivid: avoid integer overflow (git-fixes).\n- media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes).\n- media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes).\n- media: vivid: s_fbuf: add more sanity checks (git-fixes).\n- net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git-fixes).\n- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).\n- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes).\n- nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes).\n- nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes).\n- ocfs2: fix null-ptr-deref when journal load failed (git-fixes).\n- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes).\n- ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes).\n- PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes).\n- powerpc/32: Move the inline keyword at the beginning of function declaration (bsc#1230826 ltc#205848).\n- powerpc/64: Fix update forms of loads and stores to write 64-bit EA (bsc#1230826 ltc#205848).\n- powerpc: Add emulation for the addpcis instruction (bsc#1230826 ltc#205848).\n- powerpc: Change analyse_instr so it does not modify *regs (bsc#1230826 ltc#205848).\n- powerpc: Do not check MSR FP/VMX/VSX enable bits in analyse_instr() (bsc#1230826 ltc#205848).\n- powerpc: Do not update CR0 in emulation of popcnt, prty, bpermd instructions (bsc#1230826 ltc#205848).\n- powerpc: Emulate FP/vector/VSX loads/stores correctly when regs not live (bsc#1230826 ltc#205848).\n- powerpc: Emulate load/store floating double pair instructions (bsc#1230826 ltc#205848).\n- powerpc: Emulate load/store floating point as integer word instructions (bsc#1230826 ltc#205848).\n- powerpc: Emulate the dcbz instruction (bsc#1230826 ltc#205848).\n- powerpc: Emulate vector element load/store instructions (bsc#1230826 ltc#205848).\n- powerpc: Fix emulation of the isel instruction (bsc#1230826 ltc#205848).\n- powerpc: Fix handling of alignment interrupt on dcbz instruction (bsc#1230826 ltc#205848).\n- powerpc: Fix kernel crash in emulation of vector loads and stores (bsc#1230826 ltc#205848).\n- powerpc/fpu: Drop cvt_fd() and cvt_df() (bsc#1230826 ltc#205848).\n- powerpc: Handle most loads and stores in instruction emulation code (bsc#1230826 ltc#205848).\n- powerpc: Handle opposite-endian processes in emulation code (bsc#1230826 ltc#205848).\n- powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (bsc#1054914 git-fixes).\n- powerpc/imc-pmu: Revert nest_init_lock to being a mutex (bsc#1065729).\n- powerpc/iommu: Annotate nested lock for lockdep (bsc#1065729).\n- powerpc/kprobes: Update optprobes to use emulate_update_regs() (bsc#1230826 ltc#205848).\n- powerpc/lib: Fix 'integer constant is too large' build failure (bsc#1230826 ltc#205848).\n- powerpc/lib: fix redundant inclusion of quad.o (bsc#1230826 ltc#205848).\n- powerpc/lib/sstep: Add bpermd instruction emulation (bsc#1230826 ltc#205848).\n- powerpc/lib/sstep: Add cmpb instruction emulation (bsc#1230826 ltc#205848).\n- powerpc/lib/sstep: Add isel instruction emulation (bsc#1230826 ltc#205848).\n- powerpc/lib/sstep: Add popcnt instruction emulation (bsc#1230826 ltc#205848).\n- powerpc/lib/sstep: Add prty instruction emulation (bsc#1230826 ltc#205848).\n- powerpc/lib/sstep: Add XER bits introduced in POWER ISA v3.0 (bsc#1230826 ltc#205848).\n- powerpc/lib/sstep: Fix count leading zeros instructions (bsc#1230826 ltc#205848).\n- powerpc/lib/sstep: Fix fixed-point arithmetic instructions that set CA32 (bsc#1230826 ltc#205848).\n- powerpc/lib/sstep: Fix fixed-point shift instructions that set CA32 (bsc#1230826 ltc#205848).\n- powerpc/lib/sstep: fix 'ptesync' build error (bsc#1230826 ltc#205848).\n- powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1230826 ltc#205848).\n- powerpc: Make load/store emulation use larger memory accesses (bsc#1230826 ltc#205848).\n- powerpc/ppc-opcode: Add divde and divdeu opcodes (bsc#1230826 ltc#205848).\n- powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (bsc#1065729).\n- powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error).\n- powerpc: Separate out load/store emulation into its own function (bsc#1230826 ltc#205848).\n- powerpc: Set regs->dar if memory access fails in emulate_step() (bsc#1230826 ltc#205848).\n- powerpc sstep: Add support for cnttzw, cnttzd instructions (bsc#1230826 ltc#205848).\n- powerpc: sstep: Add support for darn instruction (bsc#1230826 ltc#205848).\n- powerpc/sstep: Add support for divde[.] and divdeu[.] instructions (bsc#1230826 ltc#205848).\n- powerpc sstep: Add support for extswsli instruction (bsc#1230826 ltc#205848).\n- powerpc: sstep: Add support for maddhd, maddhdu, maddld instructions (bsc#1230826 ltc#205848).\n- powerpc sstep: Add support for modsd, modud instructions (bsc#1230826 ltc#205848).\n- powerpc sstep: Add support for modsw, moduw instructions (bsc#1230826 ltc#205848).\n- powerpc/sstep: Avoid used uninitialized error (bsc#1230826 ltc#205848).\n- powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1230826 ltc#205848).\n- powerpc/sstep: Fix darn emulation (bsc#1230826 ltc#205848).\n- powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1230826 ltc#205848).\n- powerpc/sstep: Fix issues with mcrf (bsc#1230826 ltc#205848).\n- powerpc/sstep: Fix issues with set_cr0() (bsc#1230826 ltc#205848).\n- powerpc/sstep: Fix kernel crash if VSX is not present (bsc#1230826 ltc#205848).\n- powerpc/sstep: Introduce GETTYPE macro (bsc#1230826 ltc#205848).\n- powerpc/sstep: mullw should calculate a 64 bit signed result (bsc#1230826 ltc#205848).\n- powerpc: Use instruction emulation infrastructure to handle alignment faults (bsc#1230826 ltc#205848).\n- powerpc: Wrap register number correctly for string load/store instructions (bsc#1230826 ltc#205848).\n- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).\n- proc/mounts: add cursor (bsc#1207341).\n- profiling: fix shift too large makes kernel panic (git-fixes).\n- RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes)\n- RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes)\n- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes)\n- Revert 'ACPI / EC: Remove old CLEAR_ON_RESUME quirk' (git-fixes).\n- tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes).\n- uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git-fixes).\n- usbnet: fix cyclical race on disconnect with work queue (git-fixes).\n- usbnet: modern method to get random MAC (git-fixes).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2024-3566,SUSE-SLE-RT-12-SP5-2024-3566", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3566-1.json", }, { category: "self", summary: "URL for SUSE-SU-2024:3566-1", url: "https://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2024:3566-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019578.html", }, { category: "self", summary: "SUSE Bug 1054914", url: "https://bugzilla.suse.com/1054914", }, { category: "self", summary: "SUSE Bug 1065729", url: "https://bugzilla.suse.com/1065729", }, { category: "self", summary: "SUSE Bug 1207341", url: "https://bugzilla.suse.com/1207341", }, { category: "self", summary: "SUSE Bug 1223777", url: "https://bugzilla.suse.com/1223777", }, { category: "self", summary: "SUSE Bug 1225316", url: "https://bugzilla.suse.com/1225316", }, { category: "self", summary: "SUSE Bug 1226669", url: "https://bugzilla.suse.com/1226669", }, { category: "self", summary: "SUSE Bug 1226846", url: "https://bugzilla.suse.com/1226846", }, { category: "self", summary: "SUSE Bug 1226860", url: "https://bugzilla.suse.com/1226860", }, { category: "self", summary: "SUSE Bug 1226878", url: "https://bugzilla.suse.com/1226878", }, { category: "self", summary: "SUSE Bug 1227487", url: "https://bugzilla.suse.com/1227487", }, { category: "self", summary: "SUSE Bug 1227867", url: "https://bugzilla.suse.com/1227867", }, { category: "self", summary: "SUSE Bug 1227890", url: "https://bugzilla.suse.com/1227890", }, { category: "self", summary: "SUSE Bug 1227917", url: "https://bugzilla.suse.com/1227917", }, { category: "self", summary: "SUSE Bug 1227941", url: "https://bugzilla.suse.com/1227941", }, { category: "self", summary: "SUSE Bug 1227952", url: "https://bugzilla.suse.com/1227952", }, { category: "self", summary: "SUSE Bug 1227953", url: "https://bugzilla.suse.com/1227953", }, { category: "self", summary: "SUSE Bug 1228000", url: "https://bugzilla.suse.com/1228000", }, { category: "self", summary: "SUSE Bug 1228002", url: "https://bugzilla.suse.com/1228002", }, { category: "self", summary: "SUSE Bug 1228068", url: "https://bugzilla.suse.com/1228068", }, { category: "self", summary: "SUSE Bug 1228507", url: "https://bugzilla.suse.com/1228507", }, { category: "self", summary: "SUSE Bug 1228615", url: "https://bugzilla.suse.com/1228615", }, { category: "self", summary: "SUSE Bug 1228620", url: "https://bugzilla.suse.com/1228620", }, { category: "self", summary: "SUSE Bug 1228635", url: "https://bugzilla.suse.com/1228635", }, { category: "self", summary: "SUSE Bug 1229334", url: "https://bugzilla.suse.com/1229334", }, { category: "self", summary: "SUSE Bug 1229362", url: "https://bugzilla.suse.com/1229362", }, { category: "self", summary: "SUSE Bug 1229363", url: "https://bugzilla.suse.com/1229363", }, { category: "self", summary: "SUSE Bug 1229456", url: "https://bugzilla.suse.com/1229456", }, { category: "self", summary: "SUSE Bug 1229457", url: "https://bugzilla.suse.com/1229457", }, { category: "self", summary: "SUSE Bug 1229633", url: "https://bugzilla.suse.com/1229633", }, { category: "self", summary: "SUSE Bug 1229645", url: "https://bugzilla.suse.com/1229645", }, { category: "self", summary: "SUSE Bug 1229739", url: "https://bugzilla.suse.com/1229739", }, { category: "self", summary: "SUSE Bug 1229753", url: "https://bugzilla.suse.com/1229753", }, { category: "self", summary: "SUSE Bug 1229764", url: "https://bugzilla.suse.com/1229764", }, { category: "self", summary: "SUSE Bug 1229768", url: "https://bugzilla.suse.com/1229768", }, { category: "self", summary: "SUSE Bug 1229790", url: "https://bugzilla.suse.com/1229790", }, { category: "self", summary: "SUSE Bug 1229830", url: "https://bugzilla.suse.com/1229830", }, { category: "self", summary: "SUSE Bug 1229912", url: "https://bugzilla.suse.com/1229912", }, { category: "self", summary: "SUSE Bug 1230015", url: "https://bugzilla.suse.com/1230015", }, { category: "self", summary: "SUSE Bug 1230151", url: "https://bugzilla.suse.com/1230151", }, { category: "self", summary: "SUSE Bug 1230171", url: "https://bugzilla.suse.com/1230171", }, { category: "self", summary: "SUSE Bug 1230174", url: "https://bugzilla.suse.com/1230174", }, { category: "self", summary: "SUSE Bug 1230176", url: "https://bugzilla.suse.com/1230176", }, { category: "self", summary: "SUSE Bug 1230178", url: "https://bugzilla.suse.com/1230178", }, { category: "self", summary: "SUSE Bug 1230180", url: "https://bugzilla.suse.com/1230180", }, { category: "self", summary: "SUSE Bug 1230185", url: "https://bugzilla.suse.com/1230185", }, { category: "self", summary: "SUSE Bug 1230200", url: "https://bugzilla.suse.com/1230200", }, { category: "self", summary: "SUSE Bug 1230204", url: "https://bugzilla.suse.com/1230204", }, { category: "self", summary: "SUSE Bug 1230212", url: "https://bugzilla.suse.com/1230212", }, { category: "self", summary: "SUSE Bug 1230233", url: "https://bugzilla.suse.com/1230233", }, { category: "self", summary: "SUSE Bug 1230248", url: "https://bugzilla.suse.com/1230248", }, { category: "self", summary: "SUSE Bug 1230270", url: "https://bugzilla.suse.com/1230270", }, { category: "self", summary: "SUSE Bug 1230398", url: "https://bugzilla.suse.com/1230398", }, { category: "self", summary: "SUSE Bug 1230506", url: "https://bugzilla.suse.com/1230506", }, { category: "self", summary: "SUSE Bug 1230515", url: "https://bugzilla.suse.com/1230515", }, { category: "self", summary: "SUSE Bug 1230517", url: "https://bugzilla.suse.com/1230517", }, { category: "self", summary: "SUSE Bug 1230533", url: "https://bugzilla.suse.com/1230533", }, { category: "self", summary: "SUSE Bug 1230535", url: "https://bugzilla.suse.com/1230535", }, { category: "self", summary: "SUSE Bug 1230549", url: "https://bugzilla.suse.com/1230549", }, { category: "self", summary: "SUSE Bug 1230556", url: "https://bugzilla.suse.com/1230556", }, { category: "self", summary: "SUSE Bug 1230582", url: "https://bugzilla.suse.com/1230582", }, { category: "self", summary: "SUSE Bug 1230589", url: "https://bugzilla.suse.com/1230589", }, { category: "self", summary: "SUSE Bug 1230620", url: "https://bugzilla.suse.com/1230620", }, { category: "self", summary: "SUSE Bug 1230699", url: "https://bugzilla.suse.com/1230699", }, { category: "self", summary: "SUSE Bug 1230700", url: "https://bugzilla.suse.com/1230700", }, { category: "self", summary: "SUSE Bug 1230702", url: "https://bugzilla.suse.com/1230702", }, { category: "self", summary: "SUSE Bug 1230707", url: "https://bugzilla.suse.com/1230707", }, { category: "self", summary: "SUSE Bug 1230709", url: "https://bugzilla.suse.com/1230709", }, { category: "self", summary: "SUSE Bug 1230710", url: "https://bugzilla.suse.com/1230710", }, { category: "self", summary: "SUSE Bug 1230712", url: "https://bugzilla.suse.com/1230712", }, { category: "self", summary: "SUSE Bug 1230719", url: "https://bugzilla.suse.com/1230719", }, { category: "self", summary: "SUSE Bug 1230724", url: "https://bugzilla.suse.com/1230724", }, { category: "self", summary: "SUSE Bug 1230730", url: "https://bugzilla.suse.com/1230730", }, { category: "self", summary: "SUSE Bug 1230731", url: "https://bugzilla.suse.com/1230731", }, { category: "self", summary: "SUSE Bug 1230732", url: "https://bugzilla.suse.com/1230732", }, { category: "self", summary: "SUSE Bug 1230747", url: "https://bugzilla.suse.com/1230747", }, { category: "self", summary: "SUSE Bug 1230748", url: "https://bugzilla.suse.com/1230748", }, { category: "self", summary: "SUSE Bug 1230751", url: "https://bugzilla.suse.com/1230751", }, { category: "self", summary: "SUSE Bug 1230752", url: "https://bugzilla.suse.com/1230752", }, { category: "self", summary: "SUSE Bug 1230756", url: "https://bugzilla.suse.com/1230756", }, { category: "self", summary: "SUSE Bug 1230761", url: "https://bugzilla.suse.com/1230761", }, { category: "self", summary: "SUSE Bug 1230763", url: "https://bugzilla.suse.com/1230763", }, { category: "self", summary: "SUSE Bug 1230767", url: "https://bugzilla.suse.com/1230767", }, { category: "self", summary: "SUSE Bug 1230771", url: "https://bugzilla.suse.com/1230771", }, { category: "self", summary: "SUSE Bug 1230772", url: "https://bugzilla.suse.com/1230772", }, { category: "self", summary: "SUSE Bug 1230776", url: "https://bugzilla.suse.com/1230776", }, { category: "self", summary: "SUSE Bug 1230783", url: "https://bugzilla.suse.com/1230783", }, { category: "self", summary: "SUSE Bug 1230791", url: "https://bugzilla.suse.com/1230791", }, { category: "self", summary: "SUSE Bug 1230796", url: "https://bugzilla.suse.com/1230796", }, { category: "self", summary: "SUSE Bug 1230810", url: "https://bugzilla.suse.com/1230810", }, { category: "self", summary: "SUSE Bug 1230814", url: "https://bugzilla.suse.com/1230814", }, { category: "self", summary: "SUSE Bug 1230815", url: "https://bugzilla.suse.com/1230815", }, { category: "self", summary: "SUSE Bug 1230826", url: "https://bugzilla.suse.com/1230826", }, { category: "self", summary: "SUSE Bug 1231083", url: "https://bugzilla.suse.com/1231083", }, { category: "self", summary: "SUSE Bug 1231084", url: "https://bugzilla.suse.com/1231084", }, { category: "self", summary: "SUSE Bug 1231089", url: "https://bugzilla.suse.com/1231089", }, { category: "self", summary: "SUSE Bug 1231120", url: "https://bugzilla.suse.com/1231120", }, { category: "self", summary: "SUSE Bug 1231146", url: "https://bugzilla.suse.com/1231146", }, { category: "self", summary: "SUSE Bug 1231184", url: "https://bugzilla.suse.com/1231184", }, { category: "self", summary: "SUSE CVE CVE-2021-4442 page", url: "https://www.suse.com/security/cve/CVE-2021-4442/", }, { category: "self", summary: "SUSE CVE CVE-2021-47387 page", url: "https://www.suse.com/security/cve/CVE-2021-47387/", }, { category: "self", summary: "SUSE CVE CVE-2021-47408 page", url: "https://www.suse.com/security/cve/CVE-2021-47408/", }, { category: "self", summary: "SUSE CVE CVE-2021-47620 page", url: "https://www.suse.com/security/cve/CVE-2021-47620/", }, { category: "self", summary: "SUSE CVE CVE-2021-47622 page", url: "https://www.suse.com/security/cve/CVE-2021-47622/", }, { category: "self", summary: "SUSE CVE CVE-2022-48788 page", url: "https://www.suse.com/security/cve/CVE-2022-48788/", }, { category: "self", summary: "SUSE CVE CVE-2022-48789 page", url: "https://www.suse.com/security/cve/CVE-2022-48789/", }, { category: "self", summary: "SUSE CVE CVE-2022-48790 page", url: "https://www.suse.com/security/cve/CVE-2022-48790/", }, { category: "self", summary: "SUSE CVE CVE-2022-48791 page", url: "https://www.suse.com/security/cve/CVE-2022-48791/", }, { category: "self", summary: "SUSE CVE CVE-2022-48799 page", url: "https://www.suse.com/security/cve/CVE-2022-48799/", }, { category: "self", summary: "SUSE CVE CVE-2022-48844 page", url: "https://www.suse.com/security/cve/CVE-2022-48844/", }, { category: "self", summary: "SUSE CVE CVE-2022-48911 page", url: "https://www.suse.com/security/cve/CVE-2022-48911/", }, { category: "self", summary: "SUSE CVE CVE-2022-48943 page", url: "https://www.suse.com/security/cve/CVE-2022-48943/", }, { category: "self", summary: "SUSE CVE CVE-2022-48945 page", url: "https://www.suse.com/security/cve/CVE-2022-48945/", }, { category: "self", summary: "SUSE CVE CVE-2023-52766 page", url: "https://www.suse.com/security/cve/CVE-2023-52766/", }, { category: "self", summary: "SUSE CVE CVE-2023-52915 page", url: "https://www.suse.com/security/cve/CVE-2023-52915/", }, { category: "self", summary: "SUSE CVE CVE-2024-27024 page", url: "https://www.suse.com/security/cve/CVE-2024-27024/", }, { category: "self", summary: "SUSE CVE CVE-2024-38381 page", url: "https://www.suse.com/security/cve/CVE-2024-38381/", }, { category: "self", summary: "SUSE CVE CVE-2024-38596 page", url: "https://www.suse.com/security/cve/CVE-2024-38596/", }, { category: "self", summary: "SUSE CVE CVE-2024-38632 page", url: "https://www.suse.com/security/cve/CVE-2024-38632/", }, { category: "self", summary: "SUSE CVE CVE-2024-40973 page", url: "https://www.suse.com/security/cve/CVE-2024-40973/", }, { category: "self", summary: "SUSE CVE CVE-2024-41000 page", url: "https://www.suse.com/security/cve/CVE-2024-41000/", }, { category: "self", summary: "SUSE CVE CVE-2024-41073 page", url: "https://www.suse.com/security/cve/CVE-2024-41073/", }, { category: "self", summary: "SUSE CVE CVE-2024-41079 page", url: "https://www.suse.com/security/cve/CVE-2024-41079/", }, { category: "self", summary: "SUSE CVE CVE-2024-41082 page", url: "https://www.suse.com/security/cve/CVE-2024-41082/", }, { category: "self", summary: "SUSE CVE CVE-2024-42154 page", url: "https://www.suse.com/security/cve/CVE-2024-42154/", }, { category: "self", summary: "SUSE CVE CVE-2024-42265 page", url: "https://www.suse.com/security/cve/CVE-2024-42265/", }, { category: "self", summary: "SUSE CVE CVE-2024-42305 page", url: "https://www.suse.com/security/cve/CVE-2024-42305/", }, { category: "self", summary: "SUSE CVE CVE-2024-42306 page", url: "https://www.suse.com/security/cve/CVE-2024-42306/", }, { category: "self", summary: "SUSE CVE CVE-2024-43884 page", url: "https://www.suse.com/security/cve/CVE-2024-43884/", }, { category: "self", summary: "SUSE CVE CVE-2024-43890 page", url: "https://www.suse.com/security/cve/CVE-2024-43890/", }, { category: "self", summary: "SUSE CVE CVE-2024-43898 page", url: "https://www.suse.com/security/cve/CVE-2024-43898/", }, { category: "self", summary: "SUSE CVE CVE-2024-43904 page", url: "https://www.suse.com/security/cve/CVE-2024-43904/", }, { category: "self", summary: "SUSE CVE CVE-2024-43912 page", url: "https://www.suse.com/security/cve/CVE-2024-43912/", }, { category: "self", summary: "SUSE CVE CVE-2024-43914 page", url: "https://www.suse.com/security/cve/CVE-2024-43914/", }, { category: "self", summary: "SUSE CVE CVE-2024-44946 page", url: "https://www.suse.com/security/cve/CVE-2024-44946/", }, { category: "self", summary: "SUSE CVE CVE-2024-44947 page", url: "https://www.suse.com/security/cve/CVE-2024-44947/", }, { category: "self", summary: "SUSE CVE CVE-2024-44948 page", url: "https://www.suse.com/security/cve/CVE-2024-44948/", }, { category: "self", summary: "SUSE CVE CVE-2024-44950 page", url: "https://www.suse.com/security/cve/CVE-2024-44950/", }, { category: "self", summary: "SUSE CVE CVE-2024-44952 page", url: "https://www.suse.com/security/cve/CVE-2024-44952/", }, { category: "self", summary: "SUSE CVE CVE-2024-44954 page", url: "https://www.suse.com/security/cve/CVE-2024-44954/", }, { category: "self", summary: "SUSE CVE CVE-2024-44969 page", url: "https://www.suse.com/security/cve/CVE-2024-44969/", }, { category: "self", summary: "SUSE CVE CVE-2024-44972 page", url: "https://www.suse.com/security/cve/CVE-2024-44972/", }, { category: "self", summary: "SUSE CVE CVE-2024-44982 page", url: "https://www.suse.com/security/cve/CVE-2024-44982/", }, { category: "self", summary: "SUSE CVE CVE-2024-44987 page", url: "https://www.suse.com/security/cve/CVE-2024-44987/", }, { category: "self", summary: "SUSE CVE CVE-2024-44998 page", url: "https://www.suse.com/security/cve/CVE-2024-44998/", }, { category: "self", summary: "SUSE CVE CVE-2024-44999 page", url: "https://www.suse.com/security/cve/CVE-2024-44999/", }, { category: "self", summary: "SUSE CVE CVE-2024-45008 page", url: "https://www.suse.com/security/cve/CVE-2024-45008/", }, { category: "self", summary: "SUSE CVE CVE-2024-46673 page", url: "https://www.suse.com/security/cve/CVE-2024-46673/", }, { category: "self", summary: "SUSE CVE CVE-2024-46675 page", url: "https://www.suse.com/security/cve/CVE-2024-46675/", }, { category: "self", summary: "SUSE CVE CVE-2024-46676 page", url: "https://www.suse.com/security/cve/CVE-2024-46676/", }, { category: "self", summary: "SUSE CVE CVE-2024-46677 page", url: "https://www.suse.com/security/cve/CVE-2024-46677/", }, { category: "self", summary: "SUSE CVE CVE-2024-46679 page", url: "https://www.suse.com/security/cve/CVE-2024-46679/", }, { category: "self", summary: "SUSE CVE CVE-2024-46685 page", url: "https://www.suse.com/security/cve/CVE-2024-46685/", }, { category: "self", summary: "SUSE CVE CVE-2024-46686 page", url: "https://www.suse.com/security/cve/CVE-2024-46686/", }, { category: "self", summary: "SUSE CVE CVE-2024-46702 page", url: "https://www.suse.com/security/cve/CVE-2024-46702/", }, { category: "self", summary: "SUSE CVE CVE-2024-46707 page", url: "https://www.suse.com/security/cve/CVE-2024-46707/", }, { category: "self", summary: "SUSE CVE CVE-2024-46714 page", url: "https://www.suse.com/security/cve/CVE-2024-46714/", }, { category: "self", summary: "SUSE CVE CVE-2024-46715 page", url: "https://www.suse.com/security/cve/CVE-2024-46715/", }, { category: "self", summary: "SUSE CVE CVE-2024-46717 page", url: "https://www.suse.com/security/cve/CVE-2024-46717/", }, { category: "self", summary: "SUSE CVE CVE-2024-46720 page", url: "https://www.suse.com/security/cve/CVE-2024-46720/", }, { category: "self", summary: "SUSE CVE CVE-2024-46721 page", url: "https://www.suse.com/security/cve/CVE-2024-46721/", }, { category: "self", summary: "SUSE CVE CVE-2024-46722 page", url: "https://www.suse.com/security/cve/CVE-2024-46722/", }, { category: "self", summary: "SUSE CVE CVE-2024-46723 page", url: "https://www.suse.com/security/cve/CVE-2024-46723/", }, { category: "self", summary: "SUSE CVE CVE-2024-46727 page", url: "https://www.suse.com/security/cve/CVE-2024-46727/", }, { category: "self", summary: "SUSE CVE CVE-2024-46731 page", url: "https://www.suse.com/security/cve/CVE-2024-46731/", }, { category: "self", summary: "SUSE CVE CVE-2024-46737 page", url: "https://www.suse.com/security/cve/CVE-2024-46737/", }, { category: "self", summary: "SUSE CVE CVE-2024-46738 page", url: "https://www.suse.com/security/cve/CVE-2024-46738/", }, { category: "self", summary: "SUSE CVE CVE-2024-46739 page", url: "https://www.suse.com/security/cve/CVE-2024-46739/", }, { category: "self", summary: "SUSE CVE CVE-2024-46743 page", url: "https://www.suse.com/security/cve/CVE-2024-46743/", }, { category: "self", summary: "SUSE CVE CVE-2024-46744 page", url: "https://www.suse.com/security/cve/CVE-2024-46744/", }, { category: "self", summary: "SUSE CVE CVE-2024-46745 page", url: "https://www.suse.com/security/cve/CVE-2024-46745/", }, { category: "self", summary: "SUSE CVE CVE-2024-46746 page", url: "https://www.suse.com/security/cve/CVE-2024-46746/", }, { category: "self", summary: "SUSE CVE CVE-2024-46747 page", url: "https://www.suse.com/security/cve/CVE-2024-46747/", }, { category: "self", summary: "SUSE CVE CVE-2024-46750 page", url: "https://www.suse.com/security/cve/CVE-2024-46750/", }, { category: "self", summary: "SUSE CVE CVE-2024-46753 page", url: "https://www.suse.com/security/cve/CVE-2024-46753/", }, { category: "self", summary: "SUSE CVE CVE-2024-46759 page", url: "https://www.suse.com/security/cve/CVE-2024-46759/", }, { category: "self", summary: "SUSE CVE CVE-2024-46761 page", url: "https://www.suse.com/security/cve/CVE-2024-46761/", }, { category: "self", summary: "SUSE CVE CVE-2024-46770 page", url: "https://www.suse.com/security/cve/CVE-2024-46770/", }, { category: "self", summary: "SUSE CVE CVE-2024-46772 page", url: "https://www.suse.com/security/cve/CVE-2024-46772/", }, { category: "self", summary: "SUSE CVE CVE-2024-46773 page", url: "https://www.suse.com/security/cve/CVE-2024-46773/", }, { category: "self", summary: "SUSE CVE CVE-2024-46774 page", url: "https://www.suse.com/security/cve/CVE-2024-46774/", }, { category: "self", summary: "SUSE CVE CVE-2024-46778 page", url: "https://www.suse.com/security/cve/CVE-2024-46778/", }, { category: "self", summary: "SUSE CVE CVE-2024-46783 page", url: "https://www.suse.com/security/cve/CVE-2024-46783/", }, { category: "self", summary: "SUSE CVE CVE-2024-46784 page", url: "https://www.suse.com/security/cve/CVE-2024-46784/", }, { category: "self", summary: "SUSE CVE CVE-2024-46787 page", url: "https://www.suse.com/security/cve/CVE-2024-46787/", }, { category: "self", summary: "SUSE CVE CVE-2024-46822 page", url: "https://www.suse.com/security/cve/CVE-2024-46822/", }, { category: "self", summary: "SUSE CVE CVE-2024-46853 page", url: "https://www.suse.com/security/cve/CVE-2024-46853/", }, { category: "self", summary: "SUSE CVE CVE-2024-46854 page", url: "https://www.suse.com/security/cve/CVE-2024-46854/", }, { category: "self", summary: "SUSE CVE CVE-2024-46859 page", url: "https://www.suse.com/security/cve/CVE-2024-46859/", }, ], title: "Security update for the Linux Kernel", tracking: { current_release_date: "2024-10-09T09:43:40Z", generator: { date: "2024-10-09T09:43:40Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2024:3566-1", initial_release_date: "2024-10-09T09:43:40Z", revision_history: [ { date: "2024-10-09T09:43:40Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kernel-devel-rt-4.12.14-10.203.1.noarch", product: { name: "kernel-devel-rt-4.12.14-10.203.1.noarch", product_id: "kernel-devel-rt-4.12.14-10.203.1.noarch", }, }, { category: "product_version", name: "kernel-source-rt-4.12.14-10.203.1.noarch", product: { name: "kernel-source-rt-4.12.14-10.203.1.noarch", product_id: "kernel-source-rt-4.12.14-10.203.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", product: { name: "cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", product_id: "cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", }, }, { category: "product_version", name: "cluster-md-kmp-rt_debug-4.12.14-10.203.1.x86_64", product: { name: "cluster-md-kmp-rt_debug-4.12.14-10.203.1.x86_64", product_id: "cluster-md-kmp-rt_debug-4.12.14-10.203.1.x86_64", }, }, { category: "product_version", name: "dlm-kmp-rt-4.12.14-10.203.1.x86_64", product: { name: "dlm-kmp-rt-4.12.14-10.203.1.x86_64", product_id: "dlm-kmp-rt-4.12.14-10.203.1.x86_64", }, }, { category: "product_version", name: "dlm-kmp-rt_debug-4.12.14-10.203.1.x86_64", product: { name: "dlm-kmp-rt_debug-4.12.14-10.203.1.x86_64", product_id: "dlm-kmp-rt_debug-4.12.14-10.203.1.x86_64", }, }, { category: "product_version", name: "gfs2-kmp-rt-4.12.14-10.203.1.x86_64", product: { name: "gfs2-kmp-rt-4.12.14-10.203.1.x86_64", product_id: "gfs2-kmp-rt-4.12.14-10.203.1.x86_64", }, }, { category: "product_version", name: "gfs2-kmp-rt_debug-4.12.14-10.203.1.x86_64", product: { name: "gfs2-kmp-rt_debug-4.12.14-10.203.1.x86_64", product_id: "gfs2-kmp-rt_debug-4.12.14-10.203.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-4.12.14-10.203.1.x86_64", product: { name: "kernel-rt-4.12.14-10.203.1.x86_64", product_id: "kernel-rt-4.12.14-10.203.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-base-4.12.14-10.203.1.x86_64", product: { name: "kernel-rt-base-4.12.14-10.203.1.x86_64", product_id: "kernel-rt-base-4.12.14-10.203.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-devel-4.12.14-10.203.1.x86_64", product: { name: "kernel-rt-devel-4.12.14-10.203.1.x86_64", product_id: "kernel-rt-devel-4.12.14-10.203.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-extra-4.12.14-10.203.1.x86_64", product: { name: "kernel-rt-extra-4.12.14-10.203.1.x86_64", product_id: "kernel-rt-extra-4.12.14-10.203.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-kgraft-devel-4.12.14-10.203.1.x86_64", product: { name: "kernel-rt-kgraft-devel-4.12.14-10.203.1.x86_64", product_id: "kernel-rt-kgraft-devel-4.12.14-10.203.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-4.12.14-10.203.1.x86_64", product: { name: "kernel-rt_debug-4.12.14-10.203.1.x86_64", product_id: "kernel-rt_debug-4.12.14-10.203.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-base-4.12.14-10.203.1.x86_64", product: { name: "kernel-rt_debug-base-4.12.14-10.203.1.x86_64", product_id: "kernel-rt_debug-base-4.12.14-10.203.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", product: { name: "kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", product_id: "kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-extra-4.12.14-10.203.1.x86_64", product: { name: "kernel-rt_debug-extra-4.12.14-10.203.1.x86_64", product_id: "kernel-rt_debug-extra-4.12.14-10.203.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-kgraft-devel-4.12.14-10.203.1.x86_64", product: { name: "kernel-rt_debug-kgraft-devel-4.12.14-10.203.1.x86_64", product_id: "kernel-rt_debug-kgraft-devel-4.12.14-10.203.1.x86_64", }, }, { category: "product_version", name: "kernel-syms-rt-4.12.14-10.203.1.x86_64", product: { name: "kernel-syms-rt-4.12.14-10.203.1.x86_64", product_id: "kernel-syms-rt-4.12.14-10.203.1.x86_64", }, }, { category: "product_version", name: "kselftests-kmp-rt-4.12.14-10.203.1.x86_64", product: { name: "kselftests-kmp-rt-4.12.14-10.203.1.x86_64", product_id: "kselftests-kmp-rt-4.12.14-10.203.1.x86_64", }, }, { category: "product_version", name: "kselftests-kmp-rt_debug-4.12.14-10.203.1.x86_64", product: { name: "kselftests-kmp-rt_debug-4.12.14-10.203.1.x86_64", product_id: "kselftests-kmp-rt_debug-4.12.14-10.203.1.x86_64", }, }, { category: "product_version", name: "ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", product: { name: "ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", product_id: "ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", }, }, { category: "product_version", name: "ocfs2-kmp-rt_debug-4.12.14-10.203.1.x86_64", product: { name: "ocfs2-kmp-rt_debug-4.12.14-10.203.1.x86_64", product_id: "ocfs2-kmp-rt_debug-4.12.14-10.203.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Real Time 12 SP5", product: { name: "SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:suse-linux-enterprise-rt:12:sp5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "cluster-md-kmp-rt-4.12.14-10.203.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", }, product_reference: "cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "dlm-kmp-rt-4.12.14-10.203.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", }, product_reference: "dlm-kmp-rt-4.12.14-10.203.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "gfs2-kmp-rt-4.12.14-10.203.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", }, product_reference: "gfs2-kmp-rt-4.12.14-10.203.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-devel-rt-4.12.14-10.203.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", }, product_reference: "kernel-devel-rt-4.12.14-10.203.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-4.12.14-10.203.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", }, product_reference: "kernel-rt-4.12.14-10.203.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-base-4.12.14-10.203.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", }, product_reference: "kernel-rt-base-4.12.14-10.203.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-devel-4.12.14-10.203.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", }, product_reference: "kernel-rt-devel-4.12.14-10.203.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_debug-4.12.14-10.203.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", }, product_reference: "kernel-rt_debug-4.12.14-10.203.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_debug-devel-4.12.14-10.203.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", }, product_reference: "kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-source-rt-4.12.14-10.203.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", }, product_reference: "kernel-source-rt-4.12.14-10.203.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-syms-rt-4.12.14-10.203.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", }, product_reference: "kernel-syms-rt-4.12.14-10.203.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "ocfs2-kmp-rt-4.12.14-10.203.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", }, product_reference: "ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, ], }, vulnerabilities: [ { cve: "CVE-2021-4442", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-4442", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: add sanity tests to TCP_QUEUE_SEQ\n\nQingyu Li reported a syzkaller bug where the repro\nchanges RCV SEQ _after_ restoring data in the receive queue.\n\nmprotect(0x4aa000, 12288, PROT_READ) = 0\nmmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000\nmmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000\nmmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000\nsocket(AF_INET6, SOCK_STREAM, IPPROTO_IP) = 3\nsetsockopt(3, SOL_TCP, TCP_REPAIR, [1], 4) = 0\nconnect(3, {sa_family=AF_INET6, sin6_port=htons(0), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, \"::1\", &sin6_addr), sin6_scope_id=0}, 28) = 0\nsetsockopt(3, SOL_TCP, TCP_REPAIR_QUEUE, [1], 4) = 0\nsendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=\"0x0000000000000003\\0\\0\", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 20\nsetsockopt(3, SOL_TCP, TCP_REPAIR, [0], 4) = 0\nsetsockopt(3, SOL_TCP, TCP_QUEUE_SEQ, [128], 4) = 0\nrecvfrom(3, NULL, 20, 0, NULL, NULL) = -1 ECONNRESET (Connection reset by peer)\n\nsyslog shows:\n[ 111.205099] TCP recvmsg seq # bug 2: copied 80, seq 0, rcvnxt 80, fl 0\n[ 111.207894] WARNING: CPU: 1 PID: 356 at net/ipv4/tcp.c:2343 tcp_recvmsg_locked+0x90e/0x29a0\n\nThis should not be allowed. TCP_QUEUE_SEQ should only be used\nwhen queues are empty.\n\nThis patch fixes this case, and the tx path as well.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-4442", url: "https://www.suse.com/security/cve/CVE-2021-4442", }, { category: "external", summary: "SUSE Bug 1229912 for CVE-2021-4442", url: "https://bugzilla.suse.com/1229912", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2021-4442", }, { cve: "CVE-2021-47387", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-47387", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: schedutil: Use kobject release() method to free sugov_tunables\n\nThe struct sugov_tunables is protected by the kobject, so we can't free\nit directly. Otherwise we would get a call trace like this:\n ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x30\n WARNING: CPU: 3 PID: 720 at lib/debugobjects.c:505 debug_print_object+0xb8/0x100\n Modules linked in:\n CPU: 3 PID: 720 Comm: a.sh Tainted: G W 5.14.0-rc1-next-20210715-yocto-standard+ #507\n Hardware name: Marvell OcteonTX CN96XX board (DT)\n pstate: 40400009 (nZcv daif +PAN -UAO -TCO BTYPE=--)\n pc : debug_print_object+0xb8/0x100\n lr : debug_print_object+0xb8/0x100\n sp : ffff80001ecaf910\n x29: ffff80001ecaf910 x28: ffff00011b10b8d0 x27: ffff800011043d80\n x26: ffff00011a8f0000 x25: ffff800013cb3ff0 x24: 0000000000000000\n x23: ffff80001142aa68 x22: ffff800011043d80 x21: ffff00010de46f20\n x20: ffff800013c0c520 x19: ffff800011d8f5b0 x18: 0000000000000010\n x17: 6e6968207473696c x16: 5f72656d6974203a x15: 6570797420746365\n x14: 6a626f2029302065 x13: 303378302f307830 x12: 2b6e665f72656d69\n x11: ffff8000124b1560 x10: ffff800012331520 x9 : ffff8000100ca6b0\n x8 : 000000000017ffe8 x7 : c0000000fffeffff x6 : 0000000000000001\n x5 : ffff800011d8c000 x4 : ffff800011d8c740 x3 : 0000000000000000\n x2 : ffff0001108301c0 x1 : ab3c90eedf9c0f00 x0 : 0000000000000000\n Call trace:\n debug_print_object+0xb8/0x100\n __debug_check_no_obj_freed+0x1c0/0x230\n debug_check_no_obj_freed+0x20/0x88\n slab_free_freelist_hook+0x154/0x1c8\n kfree+0x114/0x5d0\n sugov_exit+0xbc/0xc0\n cpufreq_exit_governor+0x44/0x90\n cpufreq_set_policy+0x268/0x4a8\n store_scaling_governor+0xe0/0x128\n store+0xc0/0xf0\n sysfs_kf_write+0x54/0x80\n kernfs_fop_write_iter+0x128/0x1c0\n new_sync_write+0xf0/0x190\n vfs_write+0x2d4/0x478\n ksys_write+0x74/0x100\n __arm64_sys_write+0x24/0x30\n invoke_syscall.constprop.0+0x54/0xe0\n do_el0_svc+0x64/0x158\n el0_svc+0x2c/0xb0\n el0t_64_sync_handler+0xb0/0xb8\n el0t_64_sync+0x198/0x19c\n irq event stamp: 5518\n hardirqs last enabled at (5517): [<ffff8000100cbd7c>] console_unlock+0x554/0x6c8\n hardirqs last disabled at (5518): [<ffff800010fc0638>] el1_dbg+0x28/0xa0\n softirqs last enabled at (5504): [<ffff8000100106e0>] __do_softirq+0x4d0/0x6c0\n softirqs last disabled at (5483): [<ffff800010049548>] irq_exit+0x1b0/0x1b8\n\nSo split the original sugov_tunables_free() into two functions,\nsugov_clear_global_tunables() is just used to clear the global_tunables\nand the new sugov_tunables_free() is used as kobj_type::release to\nrelease the sugov_tunables safely.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-47387", url: "https://www.suse.com/security/cve/CVE-2021-47387", }, { category: "external", summary: "SUSE Bug 1225316 for CVE-2021-47387", url: "https://bugzilla.suse.com/1225316", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2021-47387", }, { cve: "CVE-2021-47408", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-47408", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: serialize hash resizes and cleanups\n\nSyzbot was able to trigger the following warning [1]\n\nNo repro found by syzbot yet but I was able to trigger similar issue\nby having 2 scripts running in parallel, changing conntrack hash sizes,\nand:\n\nfor j in `seq 1 1000` ; do unshare -n /bin/true >/dev/null ; done\n\nIt would take more than 5 minutes for net_namespace structures\nto be cleaned up.\n\nThis is because nf_ct_iterate_cleanup() has to restart everytime\na resize happened.\n\nBy adding a mutex, we can serialize hash resizes and cleanups\nand also make get_next_corpse() faster by skipping over empty\nbuckets.\n\nEven without resizes in the picture, this patch considerably\nspeeds up network namespace dismantles.\n\n[1]\nINFO: task syz-executor.0:8312 can't die for more than 144 seconds.\ntask:syz-executor.0 state:R running task stack:25672 pid: 8312 ppid: 6573 flags:0x00004006\nCall Trace:\n context_switch kernel/sched/core.c:4955 [inline]\n __schedule+0x940/0x26f0 kernel/sched/core.c:6236\n preempt_schedule_common+0x45/0xc0 kernel/sched/core.c:6408\n preempt_schedule_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:35\n __local_bh_enable_ip+0x109/0x120 kernel/softirq.c:390\n local_bh_enable include/linux/bottom_half.h:32 [inline]\n get_next_corpse net/netfilter/nf_conntrack_core.c:2252 [inline]\n nf_ct_iterate_cleanup+0x15a/0x450 net/netfilter/nf_conntrack_core.c:2275\n nf_conntrack_cleanup_net_list+0x14c/0x4f0 net/netfilter/nf_conntrack_core.c:2469\n ops_exit_list+0x10d/0x160 net/core/net_namespace.c:171\n setup_net+0x639/0xa30 net/core/net_namespace.c:349\n copy_net_ns+0x319/0x760 net/core/net_namespace.c:470\n create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc1/0x1f0 kernel/nsproxy.c:226\n ksys_unshare+0x445/0x920 kernel/fork.c:3128\n __do_sys_unshare kernel/fork.c:3202 [inline]\n __se_sys_unshare kernel/fork.c:3200 [inline]\n __x64_sys_unshare+0x2d/0x40 kernel/fork.c:3200\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f63da68e739\nRSP: 002b:00007f63d7c05188 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00007f63da792f80 RCX: 00007f63da68e739\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000\nRBP: 00007f63da6e8cc4 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007f63da792f80\nR13: 00007fff50b75d3f R14: 00007f63d7c05300 R15: 0000000000022000\n\nShowing all locks held in the system:\n1 lock held by khungtaskd/27:\n #0: ffffffff8b980020 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6446\n2 locks held by kworker/u4:2/153:\n #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]\n #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]\n #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline]\n #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:634 [inline]\n #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline]\n #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x896/0x1690 kernel/workqueue.c:2268\n #1: ffffc9000140fdb0 ((kfence_timer).work){+.+.}-{0:0}, at: process_one_work+0x8ca/0x1690 kernel/workqueue.c:2272\n1 lock held by systemd-udevd/2970:\n1 lock held by in:imklog/6258:\n #0: ffff88807f970ff0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:990\n3 locks held by kworker/1:6/8158:\n1 lock held by syz-executor.0/8312:\n2 locks held by kworker/u4:13/9320:\n1 lock held by\n---truncated---", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-47408", url: "https://www.suse.com/security/cve/CVE-2021-47408", }, { category: "external", summary: "SUSE Bug 1225236 for CVE-2021-47408", url: "https://bugzilla.suse.com/1225236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2021-47408", }, { cve: "CVE-2021-47620", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-47620", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: refactor malicious adv data check\n\nCheck for out-of-bound read was being performed at the end of while\nnum_reports loop, and would fill journal with false positives. Added\ncheck to beginning of loop processing so that it doesn't get checked\nafter ptr has been advanced.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-47620", url: "https://www.suse.com/security/cve/CVE-2021-47620", }, { category: "external", summary: "SUSE Bug 1226669 for CVE-2021-47620", url: "https://bugzilla.suse.com/1226669", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "low", }, ], title: "CVE-2021-47620", }, { cve: "CVE-2021-47622", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-47622", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: Fix a deadlock in the error handler\n\nThe following deadlock has been observed on a test setup:\n\n - All tags allocated\n\n - The SCSI error handler calls ufshcd_eh_host_reset_handler()\n\n - ufshcd_eh_host_reset_handler() queues work that calls\n ufshcd_err_handler()\n\n - ufshcd_err_handler() locks up as follows:\n\nWorkqueue: ufs_eh_wq_0 ufshcd_err_handler.cfi_jt\nCall trace:\n __switch_to+0x298/0x5d8\n __schedule+0x6cc/0xa94\n schedule+0x12c/0x298\n blk_mq_get_tag+0x210/0x480\n __blk_mq_alloc_request+0x1c8/0x284\n blk_get_request+0x74/0x134\n ufshcd_exec_dev_cmd+0x68/0x640\n ufshcd_verify_dev_init+0x68/0x35c\n ufshcd_probe_hba+0x12c/0x1cb8\n ufshcd_host_reset_and_restore+0x88/0x254\n ufshcd_reset_and_restore+0xd0/0x354\n ufshcd_err_handler+0x408/0xc58\n process_one_work+0x24c/0x66c\n worker_thread+0x3e8/0xa4c\n kthread+0x150/0x1b4\n ret_from_fork+0x10/0x30\n\nFix this lockup by making ufshcd_exec_dev_cmd() allocate a reserved\nrequest.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-47622", url: "https://www.suse.com/security/cve/CVE-2021-47622", }, { category: "external", summary: "SUSE Bug 1227917 for CVE-2021-47622", url: "https://bugzilla.suse.com/1227917", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2021-47622", }, { cve: "CVE-2022-48788", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-48788", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-rdma: fix possible use-after-free in transport error_recovery work\n\nWhile nvme_rdma_submit_async_event_work is checking the ctrl and queue\nstate before preparing the AER command and scheduling io_work, in order\nto fully prevent a race where this check is not reliable the error\nrecovery work must flush async_event_work before continuing to destroy\nthe admin queue after setting the ctrl state to RESETTING such that\nthere is no race .submit_async_event and the error recovery handler\nitself changing the ctrl state.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-48788", url: "https://www.suse.com/security/cve/CVE-2022-48788", }, { category: "external", summary: "SUSE Bug 1227952 for CVE-2022-48788", url: "https://bugzilla.suse.com/1227952", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2022-48788", }, { cve: "CVE-2022-48789", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-48789", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix possible use-after-free in transport error_recovery work\n\nWhile nvme_tcp_submit_async_event_work is checking the ctrl and queue\nstate before preparing the AER command and scheduling io_work, in order\nto fully prevent a race where this check is not reliable the error\nrecovery work must flush async_event_work before continuing to destroy\nthe admin queue after setting the ctrl state to RESETTING such that\nthere is no race .submit_async_event and the error recovery handler\nitself changing the ctrl state.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-48789", url: "https://www.suse.com/security/cve/CVE-2022-48789", }, { category: "external", summary: "SUSE Bug 1228000 for CVE-2022-48789", url: "https://bugzilla.suse.com/1228000", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2022-48789", }, { cve: "CVE-2022-48790", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-48790", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix a possible use-after-free in controller reset during load\n\nUnlike .queue_rq, in .submit_async_event drivers may not check the ctrl\nreadiness for AER submission. This may lead to a use-after-free\ncondition that was observed with nvme-tcp.\n\nThe race condition may happen in the following scenario:\n1. driver executes its reset_ctrl_work\n2. -> nvme_stop_ctrl - flushes ctrl async_event_work\n3. ctrl sends AEN which is received by the host, which in turn\n schedules AEN handling\n4. teardown admin queue (which releases the queue socket)\n5. AEN processed, submits another AER, calling the driver to submit\n6. driver attempts to send the cmd\n==> use-after-free\n\nIn order to fix that, add ctrl state check to validate the ctrl\nis actually able to accept the AER submission.\n\nThis addresses the above race in controller resets because the driver\nduring teardown should:\n1. change ctrl state to RESETTING\n2. flush async_event_work (as well as other async work elements)\n\nSo after 1,2, any other AER command will find the\nctrl state to be RESETTING and bail out without submitting the AER.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-48790", url: "https://www.suse.com/security/cve/CVE-2022-48790", }, { category: "external", summary: "SUSE Bug 1227941 for CVE-2022-48790", url: "https://bugzilla.suse.com/1227941", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2022-48790", }, { cve: "CVE-2022-48791", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-48791", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix use-after-free for aborted TMF sas_task\n\nCurrently a use-after-free may occur if a TMF sas_task is aborted before we\nhandle the IO completion in mpi_ssp_completion(). The abort occurs due to\ntimeout.\n\nWhen the timeout occurs, the SAS_TASK_STATE_ABORTED flag is set and the\nsas_task is freed in pm8001_exec_internal_tmf_task().\n\nHowever, if the I/O completion occurs later, the I/O completion still\nthinks that the sas_task is available. Fix this by clearing the ccb->task\nif the TMF times out - the I/O completion handler does nothing if this\npointer is cleared.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-48791", url: "https://www.suse.com/security/cve/CVE-2022-48791", }, { category: "external", summary: "SUSE Bug 1228002 for CVE-2022-48791", url: "https://bugzilla.suse.com/1228002", }, { category: "external", summary: "SUSE Bug 1228012 for CVE-2022-48791", url: "https://bugzilla.suse.com/1228012", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2022-48791", }, { cve: "CVE-2022-48799", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-48799", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix list corruption in perf_cgroup_switch()\n\nThere's list corruption on cgrp_cpuctx_list. This happens on the\nfollowing path:\n\n perf_cgroup_switch: list_for_each_entry(cgrp_cpuctx_list)\n cpu_ctx_sched_in\n ctx_sched_in\n ctx_pinned_sched_in\n merge_sched_in\n perf_cgroup_event_disable: remove the event from the list\n\nUse list_for_each_entry_safe() to allow removing an entry during\niteration.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-48799", url: "https://www.suse.com/security/cve/CVE-2022-48799", }, { category: "external", summary: "SUSE Bug 1227953 for CVE-2022-48799", url: "https://bugzilla.suse.com/1227953", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2022-48799", }, { cve: "CVE-2022-48844", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-48844", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Fix leaking sent_cmd skb\n\nsent_cmd memory is not freed before freeing hci_dev causing it to leak\nit contents.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-48844", url: "https://www.suse.com/security/cve/CVE-2022-48844", }, { category: "external", summary: "SUSE Bug 1228068 for CVE-2022-48844", url: "https://bugzilla.suse.com/1228068", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "low", }, ], title: "CVE-2022-48844", }, { cve: "CVE-2022-48911", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-48911", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_queue: fix possible use-after-free\n\nEric Dumazet says:\n The sock_hold() side seems suspect, because there is no guarantee\n that sk_refcnt is not already 0.\n\nOn failure, we cannot queue the packet and need to indicate an\nerror. The packet will be dropped by the caller.\n\nv2: split skb prefetch hunk into separate change", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-48911", url: "https://www.suse.com/security/cve/CVE-2022-48911", }, { category: "external", summary: "SUSE Bug 1229633 for CVE-2022-48911", url: "https://bugzilla.suse.com/1229633", }, { category: "external", summary: "SUSE Bug 1229640 for CVE-2022-48911", url: "https://bugzilla.suse.com/1229640", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2022-48911", }, { cve: "CVE-2022-48943", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-48943", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: make apf token non-zero to fix bug\n\nIn current async pagefault logic, when a page is ready, KVM relies on\nkvm_arch_can_dequeue_async_page_present() to determine whether to deliver\na READY event to the Guest. This function test token value of struct\nkvm_vcpu_pv_apf_data, which must be reset to zero by Guest kernel when a\nREADY event is finished by Guest. If value is zero meaning that a READY\nevent is done, so the KVM can deliver another.\nBut the kvm_arch_setup_async_pf() may produce a valid token with zero\nvalue, which is confused with previous mention and may lead the loss of\nthis READY event.\n\nThis bug may cause task blocked forever in Guest:\n INFO: task stress:7532 blocked for more than 1254 seconds.\n Not tainted 5.10.0 #16\n \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:stress state:D stack: 0 pid: 7532 ppid: 1409\n flags:0x00000080\n Call Trace:\n __schedule+0x1e7/0x650\n schedule+0x46/0xb0\n kvm_async_pf_task_wait_schedule+0xad/0xe0\n ? exit_to_user_mode_prepare+0x60/0x70\n __kvm_handle_async_pf+0x4f/0xb0\n ? asm_exc_page_fault+0x8/0x30\n exc_page_fault+0x6f/0x110\n ? asm_exc_page_fault+0x8/0x30\n asm_exc_page_fault+0x1e/0x30\n RIP: 0033:0x402d00\n RSP: 002b:00007ffd31912500 EFLAGS: 00010206\n RAX: 0000000000071000 RBX: ffffffffffffffff RCX: 00000000021a32b0\n RDX: 000000000007d011 RSI: 000000000007d000 RDI: 00000000021262b0\n RBP: 00000000021262b0 R08: 0000000000000003 R09: 0000000000000086\n R10: 00000000000000eb R11: 00007fefbdf2baa0 R12: 0000000000000000\n R13: 0000000000000002 R14: 000000000007d000 R15: 0000000000001000", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-48943", url: "https://www.suse.com/security/cve/CVE-2022-48943", }, { category: "external", summary: "SUSE Bug 1229645 for CVE-2022-48943", url: "https://bugzilla.suse.com/1229645", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2022-48943", }, { cve: "CVE-2022-48945", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-48945", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vivid: fix compose size exceed boundary\n\nsyzkaller found a bug:\n\n BUG: unable to handle page fault for address: ffffc9000a3b1000\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 100000067 P4D 100000067 PUD 10015f067 PMD 1121ca067 PTE 0\n Oops: 0002 [#1] PREEMPT SMP\n CPU: 0 PID: 23489 Comm: vivid-000-vid-c Not tainted 6.1.0-rc1+ #512\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n RIP: 0010:memcpy_erms+0x6/0x10\n[...]\n Call Trace:\n <TASK>\n ? tpg_fill_plane_buffer+0x856/0x15b0\n vivid_fillbuff+0x8ac/0x1110\n vivid_thread_vid_cap_tick+0x361/0xc90\n vivid_thread_vid_cap+0x21a/0x3a0\n kthread+0x143/0x180\n ret_from_fork+0x1f/0x30\n </TASK>\n\nThis is because we forget to check boundary after adjust compose->height\nint V4L2_SEL_TGT_CROP case. Add v4l2_rect_map_inside() to fix this problem\nfor this case.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-48945", url: "https://www.suse.com/security/cve/CVE-2022-48945", }, { category: "external", summary: "SUSE Bug 1230398 for CVE-2022-48945", url: "https://bugzilla.suse.com/1230398", }, { category: "external", summary: "SUSE Bug 1235889 for CVE-2022-48945", url: "https://bugzilla.suse.com/1235889", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "important", }, ], title: "CVE-2022-48945", }, { cve: "CVE-2023-52766", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-52766", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler\n\nDo not loop over ring headers in hci_dma_irq_handler() that are not\nallocated and enabled in hci_dma_init(). Otherwise out of bounds access\nwill occur from rings->headers[i] access when i >= number of allocated\nring headers.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-52766", url: "https://www.suse.com/security/cve/CVE-2023-52766", }, { category: "external", summary: "SUSE Bug 1230620 for CVE-2023-52766", url: "https://bugzilla.suse.com/1230620", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2023-52766", }, { cve: "CVE-2023-52915", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-52915", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer\n\nIn af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf\nis null and msg[i].len is zero, former checks on msg[i].buf would be\npassed. Malicious data finally reach af9035_i2c_master_xfer. If accessing\nmsg[i].buf[0] without sanity check, null ptr deref would happen.\nWe add check on msg[i].len to prevent crash.\n\nSimilar commit:\ncommit 0ed554fd769a\n(\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-52915", url: "https://www.suse.com/security/cve/CVE-2023-52915", }, { category: "external", summary: "SUSE Bug 1230270 for CVE-2023-52915", url: "https://bugzilla.suse.com/1230270", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2023-52915", }, { cve: "CVE-2024-27024", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-27024", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: fix WARNING in rds_conn_connect_if_down\n\nIf connection isn't established yet, get_mr() will fail, trigger connection after\nget_mr().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-27024", url: "https://www.suse.com/security/cve/CVE-2024-27024", }, { category: "external", summary: "SUSE Bug 1223777 for CVE-2024-27024", url: "https://bugzilla.suse.com/1223777", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-27024", }, { cve: "CVE-2024-38381", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-38381", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: Fix uninit-value in nci_rx_work\n\nsyzbot reported the following uninit-value access issue [1]\n\nnci_rx_work() parses received packet from ndev->rx_q. It should be\nvalidated header size, payload size and total packet size before\nprocessing the packet. If an invalid packet is detected, it should be\nsilently discarded.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-38381", url: "https://www.suse.com/security/cve/CVE-2024-38381", }, { category: "external", summary: "SUSE Bug 1226878 for CVE-2024-38381", url: "https://bugzilla.suse.com/1226878", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-38381", }, { cve: "CVE-2024-38596", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-38596", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix data races in unix_release_sock/unix_stream_sendmsg\n\nA data-race condition has been identified in af_unix. In one data path,\nthe write function unix_release_sock() atomically writes to\nsk->sk_shutdown using WRITE_ONCE. However, on the reader side,\nunix_stream_sendmsg() does not read it atomically. Consequently, this\nissue is causing the following KCSAN splat to occur:\n\n\tBUG: KCSAN: data-race in unix_release_sock / unix_stream_sendmsg\n\n\twrite (marked) to 0xffff88867256ddbb of 1 bytes by task 7270 on cpu 28:\n\tunix_release_sock (net/unix/af_unix.c:640)\n\tunix_release (net/unix/af_unix.c:1050)\n\tsock_close (net/socket.c:659 net/socket.c:1421)\n\t__fput (fs/file_table.c:422)\n\t__fput_sync (fs/file_table.c:508)\n\t__se_sys_close (fs/open.c:1559 fs/open.c:1541)\n\t__x64_sys_close (fs/open.c:1541)\n\tx64_sys_call (arch/x86/entry/syscall_64.c:33)\n\tdo_syscall_64 (arch/x86/entry/common.c:?)\n\tentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n\tread to 0xffff88867256ddbb of 1 bytes by task 989 on cpu 14:\n\tunix_stream_sendmsg (net/unix/af_unix.c:2273)\n\t__sock_sendmsg (net/socket.c:730 net/socket.c:745)\n\t____sys_sendmsg (net/socket.c:2584)\n\t__sys_sendmmsg (net/socket.c:2638 net/socket.c:2724)\n\t__x64_sys_sendmmsg (net/socket.c:2753 net/socket.c:2750 net/socket.c:2750)\n\tx64_sys_call (arch/x86/entry/syscall_64.c:33)\n\tdo_syscall_64 (arch/x86/entry/common.c:?)\n\tentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n\tvalue changed: 0x01 -> 0x03\n\nThe line numbers are related to commit dd5a440a31fa (\"Linux 6.9-rc7\").\n\nCommit e1d09c2c2f57 (\"af_unix: Fix data races around sk->sk_shutdown.\")\naddressed a comparable issue in the past regarding sk->sk_shutdown.\nHowever, it overlooked resolving this particular data path.\nThis patch only offending unix_stream_sendmsg() function, since the\nother reads seem to be protected by unix_state_lock() as discussed in", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-38596", url: "https://www.suse.com/security/cve/CVE-2024-38596", }, { category: "external", summary: "SUSE Bug 1226846 for CVE-2024-38596", url: "https://bugzilla.suse.com/1226846", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "low", }, ], title: "CVE-2024-38596", }, { cve: "CVE-2024-38632", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-38632", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: fix potential memory leak in vfio_intx_enable()\n\nIf vfio_irq_ctx_alloc() failed will lead to 'name' memory leak.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-38632", url: "https://www.suse.com/security/cve/CVE-2024-38632", }, { category: "external", summary: "SUSE Bug 1226860 for CVE-2024-38632", url: "https://bugzilla.suse.com/1226860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-38632", }, { cve: "CVE-2024-40973", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-40973", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mtk-vcodec: potential null pointer deference in SCP\n\nThe return value of devm_kzalloc() needs to be checked to avoid\nNULL pointer deference. This is similar to CVE-2022-3113.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-40973", url: "https://www.suse.com/security/cve/CVE-2024-40973", }, { category: "external", summary: "SUSE Bug 1227890 for CVE-2024-40973", url: "https://bugzilla.suse.com/1227890", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-40973", }, { cve: "CVE-2024-41000", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-41000", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nblock/ioctl: prefer different overflow check\n\nRunning syzkaller with the newly reintroduced signed integer overflow\nsanitizer shows this report:\n\n[ 62.982337] ------------[ cut here ]------------\n[ 62.985692] cgroup: Invalid name\n[ 62.986211] UBSAN: signed-integer-overflow in ../block/ioctl.c:36:46\n[ 62.989370] 9pnet_fd: p9_fd_create_tcp (7343): problem connecting socket to 127.0.0.1\n[ 62.992992] 9223372036854775807 + 4095 cannot be represented in type 'long long'\n[ 62.997827] 9pnet_fd: p9_fd_create_tcp (7345): problem connecting socket to 127.0.0.1\n[ 62.999369] random: crng reseeded on system resumption\n[ 63.000634] GUP no longer grows the stack in syz-executor.2 (7353): 20002000-20003000 (20001000)\n[ 63.000668] CPU: 0 PID: 7353 Comm: syz-executor.2 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1\n[ 63.000677] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 63.000682] Call Trace:\n[ 63.000686] <TASK>\n[ 63.000731] dump_stack_lvl+0x93/0xd0\n[ 63.000919] __get_user_pages+0x903/0xd30\n[ 63.001030] __gup_longterm_locked+0x153e/0x1ba0\n[ 63.001041] ? _raw_read_unlock_irqrestore+0x17/0x50\n[ 63.001072] ? try_get_folio+0x29c/0x2d0\n[ 63.001083] internal_get_user_pages_fast+0x1119/0x1530\n[ 63.001109] iov_iter_extract_pages+0x23b/0x580\n[ 63.001206] bio_iov_iter_get_pages+0x4de/0x1220\n[ 63.001235] iomap_dio_bio_iter+0x9b6/0x1410\n[ 63.001297] __iomap_dio_rw+0xab4/0x1810\n[ 63.001316] iomap_dio_rw+0x45/0xa0\n[ 63.001328] ext4_file_write_iter+0xdde/0x1390\n[ 63.001372] vfs_write+0x599/0xbd0\n[ 63.001394] ksys_write+0xc8/0x190\n[ 63.001403] do_syscall_64+0xd4/0x1b0\n[ 63.001421] ? arch_exit_to_user_mode_prepare+0x3a/0x60\n[ 63.001479] entry_SYSCALL_64_after_hwframe+0x6f/0x77\n[ 63.001535] RIP: 0033:0x7f7fd3ebf539\n[ 63.001551] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\n[ 63.001562] RSP: 002b:00007f7fd32570c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 63.001584] RAX: ffffffffffffffda RBX: 00007f7fd3ff3f80 RCX: 00007f7fd3ebf539\n[ 63.001590] RDX: 4db6d1e4f7e43360 RSI: 0000000020000000 RDI: 0000000000000004\n[ 63.001595] RBP: 00007f7fd3f1e496 R08: 0000000000000000 R09: 0000000000000000\n[ 63.001599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n[ 63.001604] R13: 0000000000000006 R14: 00007f7fd3ff3f80 R15: 00007ffd415ad2b8\n...\n[ 63.018142] ---[ end trace ]---\n\nHistorically, the signed integer overflow sanitizer did not work in the\nkernel due to its interaction with `-fwrapv` but this has since been\nchanged [1] in the newest version of Clang; It was re-enabled in the\nkernel with Commit 557f8c582a9ba8ab (\"ubsan: Reintroduce signed overflow\nsanitizer\").\n\nLet's rework this overflow checking logic to not actually perform an\noverflow during the check itself, thus avoiding the UBSAN splat.\n\n[1]: https://github.com/llvm/llvm-project/pull/82432", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-41000", url: "https://www.suse.com/security/cve/CVE-2024-41000", }, { category: "external", summary: "SUSE Bug 1227867 for CVE-2024-41000", url: "https://bugzilla.suse.com/1227867", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-41000", }, { cve: "CVE-2024-41073", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-41073", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: avoid double free special payload\n\nIf a discard request needs to be retried, and that retry may fail before\na new special payload is added, a double free will result. Clear the\nRQF_SPECIAL_LOAD when the request is cleaned.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-41073", url: "https://www.suse.com/security/cve/CVE-2024-41073", }, { category: "external", summary: "SUSE Bug 1228635 for CVE-2024-41073", url: "https://bugzilla.suse.com/1228635", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-41073", }, { cve: "CVE-2024-41079", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-41079", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: always initialize cqe.result\n\nThe spec doesn't mandate that the first two double words (aka results)\nfor the command queue entry need to be set to 0 when they are not\nused (not specified). Though, the target implemention returns 0 for TCP\nand FC but not for RDMA.\n\nLet's make RDMA behave the same and thus explicitly initializing the\nresult field. This prevents leaking any data from the stack.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-41079", url: "https://www.suse.com/security/cve/CVE-2024-41079", }, { category: "external", summary: "SUSE Bug 1228615 for CVE-2024-41079", url: "https://bugzilla.suse.com/1228615", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-41079", }, { cve: "CVE-2024-41082", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-41082", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fabrics: use reserved tag for reg read/write command\n\nIn some scenarios, if too many commands are issued by nvme command in\nthe same time by user tasks, this may exhaust all tags of admin_q. If\na reset (nvme reset or IO timeout) occurs before these commands finish,\nreconnect routine may fail to update nvme regs due to insufficient tags,\nwhich will cause kernel hang forever. In order to workaround this issue,\nmaybe we can let reg_read32()/reg_read64()/reg_write32() use reserved\ntags. This maybe safe for nvmf:\n\n1. For the disable ctrl path, we will not issue connect command\n2. For the enable ctrl / fw activate path, since connect and reg_xx()\n are called serially.\n\nSo the reserved tags may still be enough while reg_xx() use reserved tags.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-41082", url: "https://www.suse.com/security/cve/CVE-2024-41082", }, { category: "external", summary: "SUSE Bug 1228620 for CVE-2024-41082", url: "https://bugzilla.suse.com/1228620", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-41082", }, { cve: "CVE-2024-42154", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-42154", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_metrics: validate source addr length\n\nI don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4\nis at least 4 bytes long, and the policy doesn't have an entry\nfor this attribute at all (neither does it for IPv6 but v6 is\nmanually validated).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-42154", url: "https://www.suse.com/security/cve/CVE-2024-42154", }, { category: "external", summary: "SUSE Bug 1228507 for CVE-2024-42154", url: "https://bugzilla.suse.com/1228507", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-42154", }, { cve: "CVE-2024-42265", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-42265", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nprotect the fetch of ->fd[fd] in do_dup2() from mispredictions\n\nboth callers have verified that fd is not greater than ->max_fds;\nhowever, misprediction might end up with\n tofree = fdt->fd[fd];\nbeing speculatively executed. That's wrong for the same reasons\nwhy it's wrong in close_fd()/file_close_fd_locked(); the same\nsolution applies - array_index_nospec(fd, fdt->max_fds) could differ\nfrom fd only in case of speculative execution on mispredicted path.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-42265", url: "https://www.suse.com/security/cve/CVE-2024-42265", }, { category: "external", summary: "SUSE Bug 1229334 for CVE-2024-42265", url: "https://bugzilla.suse.com/1229334", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-42265", }, { cve: "CVE-2024-42305", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-42305", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\next4: check dot and dotdot of dx_root before making dir indexed\n\nSyzbot reports a issue as follows:\n============================================\nBUG: unable to handle page fault for address: ffffed11022e24fe\nPGD 23ffee067 P4D 23ffee067 PUD 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 PID: 5079 Comm: syz-executor306 Not tainted 6.10.0-rc5-g55027e689933 #0\nCall Trace:\n <TASK>\n make_indexed_dir+0xdaf/0x13c0 fs/ext4/namei.c:2341\n ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2451\n ext4_rename fs/ext4/namei.c:3936 [inline]\n ext4_rename2+0x26e5/0x4370 fs/ext4/namei.c:4214\n[...]\n============================================\n\nThe immediate cause of this problem is that there is only one valid dentry\nfor the block to be split during do_split, so split==0 results in out of\nbounds accesses to the map triggering the issue.\n\n do_split\n unsigned split\n dx_make_map\n count = 1\n split = count/2 = 0;\n continued = hash2 == map[split - 1].hash;\n ---> map[4294967295]\n\nThe maximum length of a filename is 255 and the minimum block size is 1024,\nso it is always guaranteed that the number of entries is greater than or\nequal to 2 when do_split() is called.\n\nBut syzbot's crafted image has no dot and dotdot in dir, and the dentry\ndistribution in dirblock is as follows:\n\n bus dentry1 hole dentry2 free\n|xx--|xx-------------|...............|xx-------------|...............|\n0 12 (8+248)=256 268 256 524 (8+256)=264 788 236 1024\n\nSo when renaming dentry1 increases its name_len length by 1, neither hole\nnor free is sufficient to hold the new dentry, and make_indexed_dir() is\ncalled.\n\nIn make_indexed_dir() it is assumed that the first two entries of the\ndirblock must be dot and dotdot, so bus and dentry1 are left in dx_root\nbecause they are treated as dot and dotdot, and only dentry2 is moved\nto the new leaf block. That's why count is equal to 1.\n\nTherefore add the ext4_check_dx_root() helper function to add more sanity\nchecks to dot and dotdot before starting the conversion to avoid the above\nissue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-42305", url: "https://www.suse.com/security/cve/CVE-2024-42305", }, { category: "external", summary: "SUSE Bug 1229363 for CVE-2024-42305", url: "https://bugzilla.suse.com/1229363", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-42305", }, { cve: "CVE-2024-42306", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-42306", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid using corrupted block bitmap buffer\n\nWhen the filesystem block bitmap is corrupted, we detect the corruption\nwhile loading the bitmap and fail the allocation with error. However the\nnext allocation from the same bitmap will notice the bitmap buffer is\nalready loaded and tries to allocate from the bitmap with mixed results\n(depending on the exact nature of the bitmap corruption). Fix the\nproblem by using BH_verified bit to indicate whether the bitmap is valid\nor not.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-42306", url: "https://www.suse.com/security/cve/CVE-2024-42306", }, { category: "external", summary: "SUSE Bug 1229362 for CVE-2024-42306", url: "https://bugzilla.suse.com/1229362", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-42306", }, { cve: "CVE-2024-43884", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-43884", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Add error handling to pair_device()\n\nhci_conn_params_add() never checks for a NULL value and could lead to a NULL\npointer dereference causing a crash.\n\nFixed by adding error handling in the function.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-43884", url: "https://www.suse.com/security/cve/CVE-2024-43884", }, { category: "external", summary: "SUSE Bug 1229739 for CVE-2024-43884", url: "https://bugzilla.suse.com/1229739", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-43884", }, { cve: "CVE-2024-43890", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-43890", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix overflow in get_free_elt()\n\n\"tracing_map->next_elt\" in get_free_elt() is at risk of overflowing.\n\nOnce it overflows, new elements can still be inserted into the tracing_map\neven though the maximum number of elements (`max_elts`) has been reached.\nContinuing to insert elements after the overflow could result in the\ntracing_map containing \"tracing_map->max_size\" elements, leaving no empty\nentries.\nIf any attempt is made to insert an element into a full tracing_map using\n`__tracing_map_insert()`, it will cause an infinite loop with preemption\ndisabled, leading to a CPU hang problem.\n\nFix this by preventing any further increments to \"tracing_map->next_elt\"\nonce it reaches \"tracing_map->max_elt\".", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-43890", url: "https://www.suse.com/security/cve/CVE-2024-43890", }, { category: "external", summary: "SUSE Bug 1229764 for CVE-2024-43890", url: "https://bugzilla.suse.com/1229764", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-43890", }, { cve: "CVE-2024-43898", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-43898", }, ], notes: [ { category: "general", text: "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-43898", url: "https://www.suse.com/security/cve/CVE-2024-43898", }, { category: "external", summary: "SUSE Bug 1229753 for CVE-2024-43898", url: "https://bugzilla.suse.com/1229753", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-43898", }, { cve: "CVE-2024-43904", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-43904", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing\n\nThis commit adds null checks for the 'stream' and 'plane' variables in\nthe dcn30_apply_idle_power_optimizations function. These variables were\npreviously assumed to be null at line 922, but they were used later in\nthe code without checking if they were null. This could potentially lead\nto a null pointer dereference, which would cause a crash.\n\nThe null checks ensure that 'stream' and 'plane' are not null before\nthey are used, preventing potential crashes.\n\nFixes the below static smatch checker:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed 'stream' could be null (see line 922)\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed 'plane' could be null (see line 922)", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-43904", url: "https://www.suse.com/security/cve/CVE-2024-43904", }, { category: "external", summary: "SUSE Bug 1229768 for CVE-2024-43904", url: "https://bugzilla.suse.com/1229768", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-43904", }, { cve: "CVE-2024-43912", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-43912", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: disallow setting special AP channel widths\n\nSetting the AP channel width is meant for use with the normal\n20/40/... MHz channel width progression, and switching around\nin S1G or narrow channels isn't supported. Disallow that.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-43912", url: "https://www.suse.com/security/cve/CVE-2024-43912", }, { category: "external", summary: "SUSE Bug 1229830 for CVE-2024-43912", url: "https://bugzilla.suse.com/1229830", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-43912", }, { cve: "CVE-2024-43914", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-43914", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: avoid BUG_ON() while continue reshape after reassembling\n\nCurrently, mdadm support --revert-reshape to abort the reshape while\nreassembling, as the test 07revert-grow. However, following BUG_ON()\ncan be triggerred by the test:\n\nkernel BUG at drivers/md/raid5.c:6278!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nirq event stamp: 158985\nCPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94\nRIP: 0010:reshape_request+0x3f1/0xe60\nCall Trace:\n <TASK>\n raid5_sync_request+0x43d/0x550\n md_do_sync+0xb7a/0x2110\n md_thread+0x294/0x2b0\n kthread+0x147/0x1c0\n ret_from_fork+0x59/0x70\n ret_from_fork_asm+0x1a/0x30\n </TASK>\n\nRoot cause is that --revert-reshape update the raid_disks from 5 to 4,\nwhile reshape position is still set, and after reassembling the array,\nreshape position will be read from super block, then during reshape the\nchecking of 'writepos' that is caculated by old reshape position will\nfail.\n\nFix this panic the easy way first, by converting the BUG_ON() to\nWARN_ON(), and stop the reshape if checkings fail.\n\nNoted that mdadm must fix --revert-shape as well, and probably md/raid\nshould enhance metadata validation as well, however this means\nreassemble will fail and there must be user tools to fix the wrong\nmetadata.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-43914", url: "https://www.suse.com/security/cve/CVE-2024-43914", }, { category: "external", summary: "SUSE Bug 1229790 for CVE-2024-43914", url: "https://bugzilla.suse.com/1229790", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-43914", }, { cve: "CVE-2024-44946", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-44946", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: Serialise kcm_sendmsg() for the same socket.\n\nsyzkaller reported UAF in kcm_release(). [0]\n\nThe scenario is\n\n 1. Thread A builds a skb with MSG_MORE and sets kcm->seq_skb.\n\n 2. Thread A resumes building skb from kcm->seq_skb but is blocked\n by sk_stream_wait_memory()\n\n 3. Thread B calls sendmsg() concurrently, finishes building kcm->seq_skb\n and puts the skb to the write queue\n\n 4. Thread A faces an error and finally frees skb that is already in the\n write queue\n\n 5. kcm_release() does double-free the skb in the write queue\n\nWhen a thread is building a MSG_MORE skb, another thread must not touch it.\n\nLet's add a per-sk mutex and serialise kcm_sendmsg().\n\n[0]:\nBUG: KASAN: slab-use-after-free in __skb_unlink include/linux/skbuff.h:2366 [inline]\nBUG: KASAN: slab-use-after-free in __skb_dequeue include/linux/skbuff.h:2385 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge include/linux/skbuff.h:3181 [inline]\nBUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\nRead of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167\n\nCPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G B 6.8.0-rc5-syzkaller-g9abbc24128bc #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nCall trace:\n dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x178/0x518 mm/kasan/report.c:488\n kasan_report+0xd8/0x138 mm/kasan/report.c:601\n __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381\n __skb_unlink include/linux/skbuff.h:2366 [inline]\n __skb_dequeue include/linux/skbuff.h:2385 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\n __skb_queue_purge include/linux/skbuff.h:3181 [inline]\n kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\n __sock_release net/socket.c:659 [inline]\n sock_close+0xa4/0x1e8 net/socket.c:1421\n __fput+0x30c/0x738 fs/file_table.c:376\n ____fput+0x20/0x30 fs/file_table.c:404\n task_work_run+0x230/0x2e0 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x618/0x1f64 kernel/exit.c:871\n do_group_exit+0x194/0x22c kernel/exit.c:1020\n get_signal+0x1500/0x15ec kernel/signal.c:2893\n do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249\n do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148\n exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]\n exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]\n el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\n\nAllocated by task 6166:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626\n unpoison_slab_object mm/kasan/common.c:314 [inline]\n __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3813 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n kmem_cache_alloc_node+0x204/0x4c0 mm/slub.c:3903\n __alloc_skb+0x19c/0x3d8 net/core/skbuff.c:641\n alloc_skb include/linux/skbuff.h:1296 [inline]\n kcm_sendmsg+0x1d3c/0x2124 net/kcm/kcmsock.c:783\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_sendmsg+0x220/0x2c0 net/socket.c:768\n splice_to_socket+0x7cc/0xd58 fs/splice.c:889\n do_splice_from fs/splice.c:941 [inline]\n direct_splice_actor+0xec/0x1d8 fs/splice.c:1164\n splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108\n do_splice_direct_actor \n---truncated---", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-44946", url: "https://www.suse.com/security/cve/CVE-2024-44946", }, { category: "external", summary: "SUSE Bug 1230015 for CVE-2024-44946", url: "https://bugzilla.suse.com/1230015", }, { category: "external", summary: "SUSE Bug 1230016 for CVE-2024-44946", url: "https://bugzilla.suse.com/1230016", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "important", }, ], title: "CVE-2024-44946", }, { cve: "CVE-2024-44947", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-44947", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-44947", url: "https://www.suse.com/security/cve/CVE-2024-44947", }, { category: "external", summary: "SUSE Bug 1229456 for CVE-2024-44947", url: "https://bugzilla.suse.com/1229456", }, { category: "external", summary: "SUSE Bug 1230098 for CVE-2024-44947", url: "https://bugzilla.suse.com/1230098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "important", }, ], title: "CVE-2024-44947", }, { cve: "CVE-2024-44948", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-44948", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mtrr: Check if fixed MTRRs exist before saving them\n\nMTRRs have an obsolete fixed variant for fine grained caching control\nof the 640K-1MB region that uses separate MSRs. This fixed variant has\na separate capability bit in the MTRR capability MSR.\n\nSo far all x86 CPUs which support MTRR have this separate bit set, so it\nwent unnoticed that mtrr_save_state() does not check the capability bit\nbefore accessing the fixed MTRR MSRs.\n\nThough on a CPU that does not support the fixed MTRR capability this\nresults in a #GP. The #GP itself is harmless because the RDMSR fault is\nhandled gracefully, but results in a WARN_ON().\n\nAdd the missing capability check to prevent this.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-44948", url: "https://www.suse.com/security/cve/CVE-2024-44948", }, { category: "external", summary: "SUSE Bug 1230174 for CVE-2024-44948", url: "https://bugzilla.suse.com/1230174", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-44948", }, { cve: "CVE-2024-44950", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-44950", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix invalid FIFO access with special register set\n\nWhen enabling access to the special register set, Receiver time-out and\nRHR interrupts can happen. In this case, the IRQ handler will try to read\nfrom the FIFO thru the RHR register at address 0x00, but address 0x00 is\nmapped to DLL register, resulting in erroneous FIFO reading.\n\nCall graph example:\n sc16is7xx_startup(): entry\n sc16is7xx_ms_proc(): entry\n sc16is7xx_set_termios(): entry\n sc16is7xx_set_baud(): DLH/DLL = $009C --> access special register set\n sc16is7xx_port_irq() entry --> IIR is 0x0C\n sc16is7xx_handle_rx() entry\n sc16is7xx_fifo_read(): --> unable to access FIFO (RHR) because it is\n mapped to DLL (LCR=LCR_CONF_MODE_A)\n sc16is7xx_set_baud(): exit --> Restore access to general register set\n\nFix the problem by claiming the efr_lock mutex when accessing the Special\nregister set.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-44950", url: "https://www.suse.com/security/cve/CVE-2024-44950", }, { category: "external", summary: "SUSE Bug 1230180 for CVE-2024-44950", url: "https://bugzilla.suse.com/1230180", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-44950", }, { cve: "CVE-2024-44952", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-44952", }, ], notes: [ { category: "general", text: "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-44952", url: "https://www.suse.com/security/cve/CVE-2024-44952", }, { category: "external", summary: "SUSE Bug 1230178 for CVE-2024-44952", url: "https://bugzilla.suse.com/1230178", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-44952", }, { cve: "CVE-2024-44954", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-44954", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: line6: Fix racy access to midibuf\n\nThere can be concurrent accesses to line6 midibuf from both the URB\ncompletion callback and the rawmidi API access. This could be a cause\nof KMSAN warning triggered by syzkaller below (so put as reported-by\nhere).\n\nThis patch protects the midibuf call of the former code path with a\nspinlock for avoiding the possible races.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-44954", url: "https://www.suse.com/security/cve/CVE-2024-44954", }, { category: "external", summary: "SUSE Bug 1230176 for CVE-2024-44954", url: "https://bugzilla.suse.com/1230176", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-44954", }, { cve: "CVE-2024-44969", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-44969", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Prevent release of buffer in I/O\n\nWhen a task waiting for completion of a Store Data operation is\ninterrupted, an attempt is made to halt this operation. If this attempt\nfails due to a hardware or firmware problem, there is a chance that the\nSCLP facility might store data into buffers referenced by the original\noperation at a later time.\n\nHandle this situation by not releasing the referenced data buffers if\nthe halt attempt fails. For current use cases, this might result in a\nleak of few pages of memory in case of a rare hardware/firmware\nmalfunction.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-44969", url: "https://www.suse.com/security/cve/CVE-2024-44969", }, { category: "external", summary: "SUSE Bug 1230200 for CVE-2024-44969", url: "https://bugzilla.suse.com/1230200", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-44969", }, { cve: "CVE-2024-44972", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-44972", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not clear page dirty inside extent_write_locked_range()\n\n[BUG]\nFor subpage + zoned case, the following workload can lead to rsv data\nleak at unmount time:\n\n # mkfs.btrfs -f -s 4k $dev\n # mount $dev $mnt\n # fsstress -w -n 8 -d $mnt -s 1709539240\n 0/0: fiemap - no filename\n 0/1: copyrange read - no filename\n 0/2: write - no filename\n 0/3: rename - no source filename\n 0/4: creat f0 x:0 0 0\n 0/4: creat add id=0,parent=-1\n 0/5: writev f0[259 1 0 0 0 0] [778052,113,965] 0\n 0/6: ioctl(FIEMAP) f0[259 1 0 0 224 887097] [1294220,2291618343991484791,0x10000] -1\n 0/7: dwrite - xfsctl(XFS_IOC_DIOINFO) f0[259 1 0 0 224 887097] return 25, fallback to stat()\n 0/7: dwrite f0[259 1 0 0 224 887097] [696320,102400] 0\n # umount $mnt\n\nThe dmesg includes the following rsv leak detection warning (all call\ntrace skipped):\n\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8653 btrfs_destroy_inode+0x1e0/0x200 [btrfs]\n ---[ end trace 0000000000000000 ]---\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8654 btrfs_destroy_inode+0x1a8/0x200 [btrfs]\n ---[ end trace 0000000000000000 ]---\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8660 btrfs_destroy_inode+0x1a0/0x200 [btrfs]\n ---[ end trace 0000000000000000 ]---\n BTRFS info (device sda): last unmount of filesystem 1b4abba9-de34-4f07-9e7f-157cf12a18d6\n ------------[ cut here ]------------\n WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n ---[ end trace 0000000000000000 ]---\n BTRFS info (device sda): space_info DATA has 268218368 free, is not full\n BTRFS info (device sda): space_info total=268435456, used=204800, pinned=0, reserved=0, may_use=12288, readonly=0 zone_unusable=0\n BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n ------------[ cut here ]------------\n WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n ---[ end trace 0000000000000000 ]---\n BTRFS info (device sda): space_info METADATA has 267796480 free, is not full\n BTRFS info (device sda): space_info total=268435456, used=131072, pinned=0, reserved=0, may_use=262144, readonly=0 zone_unusable=245760\n BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n\nAbove $dev is a tcmu-runner emulated zoned HDD, which has a max zone\nappend size of 64K, and the system has 64K page size.\n\n[CAUSE]\nI have added several trace_printk() to show the events (header skipped):\n\n > btrfs_dirty_pages: r/i=5/259 dirty start=774144 len=114688\n > btrfs_dirty_pages: r/i=5/259 dirty part of page=720896 off_in_page=53248 len_in_page=12288\n > btrfs_dirty_pages: r/i=5/259 dirty part of page=786432 off_in_page=0 len_in_page=65536\n > btrfs_dirty_pages: r/i=5/259 dirty part of page=851968 off_in_page=0 len_in_page=36864\n\nThe above lines show our buffered write has dirtied 3 pages of inode\n259 of root 5:\n\n 704K 768K 832K 896K\n I |////I/////////////////I///////////| I\n 756K 868K\n\n |///| is the dirtied range using subpage bitmaps. and 'I' is the page\n boundary.\n\n Meanwhile all three pages (704K, 768K, 832K) have their PageDirty\n flag set.\n\n > btrfs_direct_write: r/i=5/259 start dio filepos=696320 len=102400\n\nThen direct IO writ\n---truncated---", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-44972", url: "https://www.suse.com/security/cve/CVE-2024-44972", }, { category: "external", summary: "SUSE Bug 1230212 for CVE-2024-44972", url: "https://bugzilla.suse.com/1230212", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-44972", }, { cve: "CVE-2024-44982", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-44982", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: cleanup FB if dpu_format_populate_layout fails\n\nIf the dpu_format_populate_layout() fails, then FB is prepared, but not\ncleaned up. This ends up leaking the pin_count on the GEM object and\ncauses a splat during DRM file closure:\n\nmsm_obj->pin_count\nWARNING: CPU: 2 PID: 569 at drivers/gpu/drm/msm/msm_gem.c:121 update_lru_locked+0xc4/0xcc\n[...]\nCall trace:\n update_lru_locked+0xc4/0xcc\n put_pages+0xac/0x100\n msm_gem_free_object+0x138/0x180\n drm_gem_object_free+0x1c/0x30\n drm_gem_object_handle_put_unlocked+0x108/0x10c\n drm_gem_object_release_handle+0x58/0x70\n idr_for_each+0x68/0xec\n drm_gem_release+0x28/0x40\n drm_file_free+0x174/0x234\n drm_release+0xb0/0x160\n __fput+0xc0/0x2c8\n __fput_sync+0x50/0x5c\n __arm64_sys_close+0x38/0x7c\n invoke_syscall+0x48/0x118\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x4c/0x120\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194\nirq event stamp: 129818\nhardirqs last enabled at (129817): [<ffffa5f6d953fcc0>] console_unlock+0x118/0x124\nhardirqs last disabled at (129818): [<ffffa5f6da7dcf04>] el1_dbg+0x24/0x8c\nsoftirqs last enabled at (129808): [<ffffa5f6d94afc18>] handle_softirqs+0x4c8/0x4e8\nsoftirqs last disabled at (129785): [<ffffa5f6d94105e4>] __do_softirq+0x14/0x20\n\nPatchwork: https://patchwork.freedesktop.org/patch/600714/", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-44982", url: "https://www.suse.com/security/cve/CVE-2024-44982", }, { category: "external", summary: "SUSE Bug 1230204 for CVE-2024-44982", url: "https://bugzilla.suse.com/1230204", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-44982", }, { cve: "CVE-2024-44987", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-44987", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent UAF in ip6_send_skb()\n\nsyzbot reported an UAF in ip6_send_skb() [1]\n\nAfter ip6_local_out() has returned, we no longer can safely\ndereference rt, unless we hold rcu_read_lock().\n\nA similar issue has been fixed in commit\na688caa34beb (\"ipv6: take rcu lock in rawv6_send_hdrinc()\")\n\nAnother potential issue in ip6_finish_output2() is handled in a\nseparate patch.\n\n[1]\n BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\nRead of size 8 at addr ffff88806dde4858 by task syz.1.380/6530\n\nCPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\n rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588\n rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n sock_write_iter+0x2dd/0x400 net/socket.c:1160\n do_iter_readv_writev+0x60a/0x890\n vfs_writev+0x37c/0xbb0 fs/read_write.c:971\n do_writev+0x1b1/0x350 fs/read_write.c:1018\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f936bf79e79\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79\nRDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004\nRBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8\n </TASK>\n\nAllocated by task 6530:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:312 [inline]\n __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3988 [inline]\n slab_alloc_node mm/slub.c:4037 [inline]\n kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044\n dst_alloc+0x12b/0x190 net/core/dst.c:89\n ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670\n make_blackhole net/xfrm/xfrm_policy.c:3120 [inline]\n xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313\n ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257\n rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n ___sys_sendmsg net/socket.c:2651 [inline]\n __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 45:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2252 [inline]\n slab_free mm/slub.c:4473 [inline]\n kmem_cache_free+0x145/0x350 mm/slub.c:4548\n dst_destroy+0x2ac/0x460 net/core/dst.c:124\n rcu_do_batch kernel/rcu/tree.c:2569 [inline]\n rcu_core+0xafd/0x1830 kernel/rcu/tree.\n---truncated---", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-44987", url: "https://www.suse.com/security/cve/CVE-2024-44987", }, { category: "external", summary: "SUSE Bug 1230185 for CVE-2024-44987", url: "https://bugzilla.suse.com/1230185", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-44987", }, { cve: "CVE-2024-44998", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-44998", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\natm: idt77252: prevent use after free in dequeue_rx()\n\nWe can't dereference \"skb\" after calling vcc->push() because the skb\nis released.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-44998", url: "https://www.suse.com/security/cve/CVE-2024-44998", }, { category: "external", summary: "SUSE Bug 1230171 for CVE-2024-44998", url: "https://bugzilla.suse.com/1230171", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-44998", }, { cve: "CVE-2024-44999", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-44999", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: pull network headers in gtp_dev_xmit()\n\nsyzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1]\n\nWe must make sure the IPv4 or Ipv6 header is pulled in skb->head\nbefore accessing fields in them.\n\nUse pskb_inet_may_pull() to fix this issue.\n\n[1]\nBUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n __netdev_start_xmit include/linux/netdevice.h:4913 [inline]\n netdev_start_xmit include/linux/netdevice.h:4922 [inline]\n xmit_one net/core/dev.c:3580 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596\n __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423\n dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3145 [inline]\n packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:745\n __sys_sendto+0x685/0x830 net/socket.c:2204\n __do_sys_sendto net/socket.c:2216 [inline]\n __se_sys_sendto net/socket.c:2212 [inline]\n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3994 [inline]\n slab_alloc_node mm/slub.c:4037 [inline]\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674\n alloc_skb include/linux/skbuff.h:1320 [inline]\n alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526\n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815\n packet_alloc_skb net/packet/af_packet.c:2994 [inline]\n packet_snd net/packet/af_packet.c:3088 [inline]\n packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:745\n __sys_sendto+0x685/0x830 net/socket.c:2204\n __do_sys_sendto net/socket.c:2216 [inline]\n __se_sys_sendto net/socket.c:2212 [inline]\n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-44999", url: "https://www.suse.com/security/cve/CVE-2024-44999", }, { category: "external", summary: "SUSE Bug 1230233 for CVE-2024-44999", url: "https://bugzilla.suse.com/1230233", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-44999", }, { cve: "CVE-2024-45008", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-45008", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: MT - limit max slots\n\nsyzbot is reporting too large allocation at input_mt_init_slots(), for\nnum_slots is supplied from userspace using ioctl(UI_DEV_CREATE).\n\nSince nobody knows possible max slots, this patch chose 1024.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-45008", url: "https://www.suse.com/security/cve/CVE-2024-45008", }, { category: "external", summary: "SUSE Bug 1230248 for CVE-2024-45008", url: "https://bugzilla.suse.com/1230248", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-45008", }, { cve: "CVE-2024-46673", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46673", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: aacraid: Fix double-free on probe failure\n\naac_probe_one() calls hardware-specific init functions through the\naac_driver_ident::init pointer, all of which eventually call down to\naac_init_adapter().\n\nIf aac_init_adapter() fails after allocating memory for aac_dev::queues,\nit frees the memory but does not clear that member.\n\nAfter the hardware-specific init function returns an error,\naac_probe_one() goes down an error path that frees the memory pointed to\nby aac_dev::queues, resulting.in a double-free.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46673", url: "https://www.suse.com/security/cve/CVE-2024-46673", }, { category: "external", summary: "SUSE Bug 1230506 for CVE-2024-46673", url: "https://bugzilla.suse.com/1230506", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46673", }, { cve: "CVE-2024-46675", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46675", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: core: Prevent USB core invalid event buffer address access\n\nThis commit addresses an issue where the USB core could access an\ninvalid event buffer address during runtime suspend, potentially causing\nSMMU faults and other memory issues in Exynos platforms. The problem\narises from the following sequence.\n 1. In dwc3_gadget_suspend, there is a chance of a timeout when\n moving the USB core to the halt state after clearing the\n run/stop bit by software.\n 2. In dwc3_core_exit, the event buffer is cleared regardless of\n the USB core's status, which may lead to an SMMU faults and\n other memory issues. if the USB core tries to access the event\n buffer address.\n\nTo prevent this hardware quirk on Exynos platforms, this commit ensures\nthat the event buffer address is not cleared by software when the USB\ncore is active during runtime suspend by checking its status before\nclearing the buffer address.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46675", url: "https://www.suse.com/security/cve/CVE-2024-46675", }, { category: "external", summary: "SUSE Bug 1230533 for CVE-2024-46675", url: "https://bugzilla.suse.com/1230533", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46675", }, { cve: "CVE-2024-46676", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46676", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Add poll mod list filling check\n\nIn case of im_protocols value is 1 and tm_protocols value is 0 this\ncombination successfully passes the check\n'if (!im_protocols && !tm_protocols)' in the nfc_start_poll().\nBut then after pn533_poll_create_mod_list() call in pn533_start_poll()\npoll mod list will remain empty and dev->poll_mod_count will remain 0\nwhich lead to division by zero.\n\nNormally no im protocol has value 1 in the mask, so this combination is\nnot expected by driver. But these protocol values actually come from\nuserspace via Netlink interface (NFC_CMD_START_POLL operation). So a\nbroken or malicious program may pass a message containing a \"bad\"\ncombination of protocol parameter values so that dev->poll_mod_count\nis not incremented inside pn533_poll_create_mod_list(), thus leading\nto division by zero.\nCall trace looks like:\nnfc_genl_start_poll()\n nfc_start_poll()\n ->start_poll()\n pn533_start_poll()\n\nAdd poll mod list filling check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46676", url: "https://www.suse.com/security/cve/CVE-2024-46676", }, { category: "external", summary: "SUSE Bug 1230535 for CVE-2024-46676", url: "https://bugzilla.suse.com/1230535", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46676", }, { cve: "CVE-2024-46677", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46677", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix a potential NULL pointer dereference\n\nWhen sockfd_lookup() fails, gtp_encap_enable_socket() returns a\nNULL pointer, but its callers only check for error pointers thus miss\nthe NULL pointer case.\n\nFix it by returning an error pointer with the error code carried from\nsockfd_lookup().\n\n(I found this bug during code inspection.)", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46677", url: "https://www.suse.com/security/cve/CVE-2024-46677", }, { category: "external", summary: "SUSE Bug 1230549 for CVE-2024-46677", url: "https://bugzilla.suse.com/1230549", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46677", }, { cve: "CVE-2024-46679", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46679", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: check device is present when getting link settings\n\nA sysfs reader can race with a device reset or removal, attempting to\nread device state when the device is not actually present. eg:\n\n [exception RIP: qed_get_current_link+17]\n #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede]\n #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3\n #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4\n #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300\n #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c\n #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b\n #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3\n #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1\n #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f\n #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb\n\n crash> struct net_device.state ffff9a9d21336000\n state = 5,\n\nstate 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100).\nThe device is not present, note lack of __LINK_STATE_PRESENT (0b10).\n\nThis is the same sort of panic as observed in commit 4224cfd7fb65\n(\"net-sysfs: add check for netdevice being present to speed_show\").\n\nThere are many other callers of __ethtool_get_link_ksettings() which\ndon't have a device presence check.\n\nMove this check into ethtool to protect all callers.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46679", url: "https://www.suse.com/security/cve/CVE-2024-46679", }, { category: "external", summary: "SUSE Bug 1230556 for CVE-2024-46679", url: "https://bugzilla.suse.com/1230556", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46679", }, { cve: "CVE-2024-46685", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46685", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: single: fix potential NULL dereference in pcs_get_function()\n\npinmux_generic_get_function() can return NULL and the pointer 'function'\nwas dereferenced without checking against NULL. Add checking of pointer\n'function' in pcs_get_function().\n\nFound by code review.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46685", url: "https://www.suse.com/security/cve/CVE-2024-46685", }, { category: "external", summary: "SUSE Bug 1230515 for CVE-2024-46685", url: "https://bugzilla.suse.com/1230515", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46685", }, { cve: "CVE-2024-46686", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46686", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()\n\nThis happens when called from SMB2_read() while using rdma\nand reaching the rdma_readwrite_threshold.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46686", url: "https://www.suse.com/security/cve/CVE-2024-46686", }, { category: "external", summary: "SUSE Bug 1230517 for CVE-2024-46686", url: "https://bugzilla.suse.com/1230517", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46686", }, { cve: "CVE-2024-46702", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46702", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Mark XDomain as unplugged when router is removed\n\nI noticed that when we do discrete host router NVM upgrade and it gets\nhot-removed from the PCIe side as a result of NVM firmware authentication,\nif there is another host connected with enabled paths we hang in tearing\nthem down. This is due to fact that the Thunderbolt networking driver\nalso tries to cleanup the paths and ends up blocking in\ntb_disconnect_xdomain_paths() waiting for the domain lock.\n\nHowever, at this point we already cleaned the paths in tb_stop() so\nthere is really no need for tb_disconnect_xdomain_paths() to do that\nanymore. Furthermore it already checks if the XDomain is unplugged and\nbails out early so take advantage of that and mark the XDomain as\nunplugged when we remove the parent router.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46702", url: "https://www.suse.com/security/cve/CVE-2024-46702", }, { category: "external", summary: "SUSE Bug 1230589 for CVE-2024-46702", url: "https://bugzilla.suse.com/1230589", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46702", }, { cve: "CVE-2024-46707", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46707", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3\n\nOn a system with a GICv3, if a guest hasn't been configured with\nGICv3 and that the host is not capable of GICv2 emulation,\na write to any of the ICC_*SGI*_EL1 registers is trapped to EL2.\n\nWe therefore try to emulate the SGI access, only to hit a NULL\npointer as no private interrupt is allocated (no GIC, remember?).\n\nThe obvious fix is to give the guest what it deserves, in the\nshape of a UNDEF exception.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46707", url: "https://www.suse.com/security/cve/CVE-2024-46707", }, { category: "external", summary: "SUSE Bug 1230582 for CVE-2024-46707", url: "https://bugzilla.suse.com/1230582", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46707", }, { cve: "CVE-2024-46714", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46714", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip wbscl_set_scaler_filter if filter is null\n\nCallers can pass null in filter (i.e. from returned from the function\nwbscl_get_filter_coeffs_16p) and a null check is added to ensure that is\nnot the case.\n\nThis fixes 4 NULL_RETURNS issues reported by Coverity.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46714", url: "https://www.suse.com/security/cve/CVE-2024-46714", }, { category: "external", summary: "SUSE Bug 1230699 for CVE-2024-46714", url: "https://bugzilla.suse.com/1230699", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46714", }, { cve: "CVE-2024-46715", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46715", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver: iio: add missing checks on iio_info's callback access\n\nSome callbacks from iio_info structure are accessed without any check, so\nif a driver doesn't implement them trying to access the corresponding\nsysfs entries produce a kernel oops such as:\n\n[ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute\n[...]\n[ 2203.783416] Call trace:\n[ 2203.783429] iio_read_channel_info_avail from dev_attr_show+0x18/0x48\n[ 2203.789807] dev_attr_show from sysfs_kf_seq_show+0x90/0x120\n[ 2203.794181] sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4\n[ 2203.798555] seq_read_iter from vfs_read+0x238/0x2a0\n[ 2203.802236] vfs_read from ksys_read+0xa4/0xd4\n[ 2203.805385] ksys_read from ret_fast_syscall+0x0/0x54\n[ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0)\n[ 2203.812880] dfa0: 00000003 b6f10f80 00000003 b6eab000 00020000 00000000\n[ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000\n[ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0\n[ 2203.830363] Code: bad PC value\n[ 2203.832695] ---[ end trace 0000000000000000 ]---", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46715", url: "https://www.suse.com/security/cve/CVE-2024-46715", }, { category: "external", summary: "SUSE Bug 1230700 for CVE-2024-46715", url: "https://bugzilla.suse.com/1230700", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46715", }, { cve: "CVE-2024-46717", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46717", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix incorrect page release\n\nUnder the following conditions:\n1) No skb created yet\n2) header_size == 0 (no SHAMPO header)\n3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the\n last page fragment of a SHAMPO header page)\n\na new skb is formed with a page that is NOT a SHAMPO header page (it\nis a regular data page). Further down in the same function\n(mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page from\nheader_index is released. This is wrong and it leads to SHAMPO header\npages being released more than once.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46717", url: "https://www.suse.com/security/cve/CVE-2024-46717", }, { category: "external", summary: "SUSE Bug 1230719 for CVE-2024-46717", url: "https://bugzilla.suse.com/1230719", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46717", }, { cve: "CVE-2024-46720", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46720", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix dereference after null check\n\ncheck the pointer hive before use.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46720", url: "https://www.suse.com/security/cve/CVE-2024-46720", }, { category: "external", summary: "SUSE Bug 1230724 for CVE-2024-46720", url: "https://bugzilla.suse.com/1230724", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46720", }, { cve: "CVE-2024-46721", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46721", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix possible NULL pointer dereference\n\nprofile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made\nfrom __create_missing_ancestors(..) and 'ent->old' is NULL in\naa_replace_profiles(..).\nIn that case, it must return an error code and the code, -ENOENT represents\nits state that the path of its parent is not existed yet.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000030\nPGD 0 P4D 0\nPREEMPT SMP PTI\nCPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0\nCall Trace:\n <TASK>\n ? show_regs+0x6d/0x80\n ? __die+0x24/0x80\n ? page_fault_oops+0x99/0x1b0\n ? kernelmode_fixup_or_oops+0xb2/0x140\n ? __bad_area_nosemaphore+0x1a5/0x2c0\n ? find_vma+0x34/0x60\n ? bad_area_nosemaphore+0x16/0x30\n ? do_user_addr_fault+0x2a2/0x6b0\n ? exc_page_fault+0x83/0x1b0\n ? asm_exc_page_fault+0x27/0x30\n ? aafs_create.constprop.0+0x7f/0x130\n ? aafs_create.constprop.0+0x51/0x130\n __aafs_profile_mkdir+0x3d6/0x480\n aa_replace_profiles+0x83f/0x1270\n policy_update+0xe3/0x180\n profile_load+0xbc/0x150\n ? rw_verify_area+0x47/0x140\n vfs_write+0x100/0x480\n ? __x64_sys_openat+0x55/0xa0\n ? syscall_exit_to_user_mode+0x86/0x260\n ksys_write+0x73/0x100\n __x64_sys_write+0x19/0x30\n x64_sys_call+0x7e/0x25c0\n do_syscall_64+0x7f/0x180\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7be9f211c574\nCode: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89\nRSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574\nRDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004\nRBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000\nR10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80\nR13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30\n </TASK>\nModules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas\nCR2: 0000000000000030\n---[ end trace 0000000000000000 ]---\nRIP: 0010:aafs_create.constprop.0+0x7f/0x130\nCode: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae\nRSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000\n---truncated---", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46721", url: "https://www.suse.com/security/cve/CVE-2024-46721", }, { category: "external", summary: "SUSE Bug 1230710 for CVE-2024-46721", url: "https://bugzilla.suse.com/1230710", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46721", }, { cve: "CVE-2024-46722", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46722", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix mc_data out-of-bounds read warning\n\nClear warning that read mc_data[i-1] may out-of-bounds.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46722", url: "https://www.suse.com/security/cve/CVE-2024-46722", }, { category: "external", summary: "SUSE Bug 1230712 for CVE-2024-46722", url: "https://bugzilla.suse.com/1230712", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46722", }, { cve: "CVE-2024-46723", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46723", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix ucode out-of-bounds read warning\n\nClear warning that read ucode[] may out-of-bounds.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46723", url: "https://www.suse.com/security/cve/CVE-2024-46723", }, { category: "external", summary: "SUSE Bug 1230702 for CVE-2024-46723", url: "https://bugzilla.suse.com/1230702", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46723", }, { cve: "CVE-2024-46727", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46727", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update\n\n[Why]\nCoverity reports NULL_RETURN warning.\n\n[How]\nAdd otg_master NULL check.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46727", url: "https://www.suse.com/security/cve/CVE-2024-46727", }, { category: "external", summary: "SUSE Bug 1230707 for CVE-2024-46727", url: "https://bugzilla.suse.com/1230707", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46727", }, { cve: "CVE-2024-46731", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46731", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix the Out-of-bounds read warning\n\nusing index i - 1U may beyond element index\nfor mc_data[] when i = 0.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46731", url: "https://www.suse.com/security/cve/CVE-2024-46731", }, { category: "external", summary: "SUSE Bug 1230709 for CVE-2024-46731", url: "https://bugzilla.suse.com/1230709", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46731", }, { cve: "CVE-2024-46737", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46737", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: fix kernel crash if commands allocation fails\n\nIf the commands allocation fails in nvmet_tcp_alloc_cmds()\nthe kernel crashes in nvmet_tcp_release_queue_work() because of\na NULL pointer dereference.\n\n nvmet: failed to install queue 0 cntlid 1 ret 6\n Unable to handle kernel NULL pointer dereference at\n virtual address 0000000000000008\n\nFix the bug by setting queue->nr_cmds to zero in case\nnvmet_tcp_alloc_cmd() fails.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46737", url: "https://www.suse.com/security/cve/CVE-2024-46737", }, { category: "external", summary: "SUSE Bug 1230730 for CVE-2024-46737", url: "https://bugzilla.suse.com/1230730", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46737", }, { cve: "CVE-2024-46738", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46738", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: Fix use-after-free when removing resource in vmci_resource_remove()\n\nWhen removing a resource from vmci_resource_table in\nvmci_resource_remove(), the search is performed using the resource\nhandle by comparing context and resource fields.\n\nIt is possible though to create two resources with different types\nbut same handle (same context and resource fields).\n\nWhen trying to remove one of the resources, vmci_resource_remove()\nmay not remove the intended one, but the object will still be freed\nas in the case of the datagram type in vmci_datagram_destroy_handle().\nvmci_resource_table will still hold a pointer to this freed resource\nleading to a use-after-free vulnerability.\n\nBUG: KASAN: use-after-free in vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\nBUG: KASAN: use-after-free in vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\nRead of size 4 at addr ffff88801c16d800 by task syz-executor197/1592\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106\n print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239\n __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425\n kasan_report+0x38/0x51 mm/kasan/report.c:442\n vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]\n vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147\n vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182\n ctx_free_ctx+0x473/0xbe1 drivers/misc/vmw_vmci/vmci_context.c:444\n kref_put include/linux/kref.h:65 [inline]\n vmci_ctx_put drivers/misc/vmw_vmci/vmci_context.c:497 [inline]\n vmci_ctx_destroy+0x170/0x1d6 drivers/misc/vmw_vmci/vmci_context.c:195\n vmci_host_close+0x125/0x1ac drivers/misc/vmw_vmci/vmci_host.c:143\n __fput+0x261/0xa34 fs/file_table.c:282\n task_work_run+0xf0/0x194 kernel/task_work.c:164\n tracehook_notify_resume include/linux/tracehook.h:189 [inline]\n exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187\n exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220\n __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [inline]\n syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313\n do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x6e/0x0\n\nThis change ensures the type is also checked when removing\nthe resource from vmci_resource_table in vmci_resource_remove().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46738", url: "https://www.suse.com/security/cve/CVE-2024-46738", }, { category: "external", summary: "SUSE Bug 1230731 for CVE-2024-46738", url: "https://bugzilla.suse.com/1230731", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "important", }, ], title: "CVE-2024-46738", }, { cve: "CVE-2024-46739", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46739", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind\n\nFor primary VM Bus channels, primary_channel pointer is always NULL. This\npointer is valid only for the secondary channels. Also, rescind callback\nis meant for primary channels only.\n\nFix NULL pointer dereference by retrieving the device_obj from the parent\nfor the primary channel.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46739", url: "https://www.suse.com/security/cve/CVE-2024-46739", }, { category: "external", summary: "SUSE Bug 1230732 for CVE-2024-46739", url: "https://bugzilla.suse.com/1230732", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "important", }, ], title: "CVE-2024-46739", }, { cve: "CVE-2024-46743", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46743", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nof/irq: Prevent device address out-of-bounds read in interrupt map walk\n\nWhen of_irq_parse_raw() is invoked with a device address smaller than\nthe interrupt parent node (from #address-cells property), KASAN detects\nthe following out-of-bounds read when populating the initial match table\n(dyndbg=\"func of_irq_parse_* +p\"):\n\n OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0\n OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2\n OF: intspec=4\n OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2\n OF: -> addrsize=3\n ==================================================================\n BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0\n Read of size 4 at addr ffffff81beca5608 by task bash/764\n\n CPU: 1 PID: 764 Comm: bash Tainted: G O 6.1.67-484c613561-nokia_sm_arm64 #1\n Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023\n Call trace:\n dump_backtrace+0xdc/0x130\n show_stack+0x1c/0x30\n dump_stack_lvl+0x6c/0x84\n print_report+0x150/0x448\n kasan_report+0x98/0x140\n __asan_load4+0x78/0xa0\n of_irq_parse_raw+0x2b8/0x8d0\n of_irq_parse_one+0x24c/0x270\n parse_interrupts+0xc0/0x120\n of_fwnode_add_links+0x100/0x2d0\n fw_devlink_parse_fwtree+0x64/0xc0\n device_add+0xb38/0xc30\n of_device_add+0x64/0x90\n of_platform_device_create_pdata+0xd0/0x170\n of_platform_bus_create+0x244/0x600\n of_platform_notify+0x1b0/0x254\n blocking_notifier_call_chain+0x9c/0xd0\n __of_changeset_entry_notify+0x1b8/0x230\n __of_changeset_apply_notify+0x54/0xe4\n of_overlay_fdt_apply+0xc04/0xd94\n ...\n\n The buggy address belongs to the object at ffffff81beca5600\n which belongs to the cache kmalloc-128 of size 128\n The buggy address is located 8 bytes inside of\n 128-byte region [ffffff81beca5600, ffffff81beca5680)\n\n The buggy address belongs to the physical page:\n page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4\n head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0\n flags: 0x8000000000010200(slab|head|zone=2)\n raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300\n raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ^\n ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc\n ==================================================================\n OF: -> got it !\n\nPrevent the out-of-bounds read by copying the device address into a\nbuffer of sufficient size.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46743", url: "https://www.suse.com/security/cve/CVE-2024-46743", }, { category: "external", summary: "SUSE Bug 1230756 for CVE-2024-46743", url: "https://bugzilla.suse.com/1230756", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46743", }, { cve: "CVE-2024-46744", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46744", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: sanity check symbolic link size\n\nSyzkiller reports a \"KMSAN: uninit-value in pick_link\" bug.\n\nThis is caused by an uninitialised page, which is ultimately caused\nby a corrupted symbolic link size read from disk.\n\nThe reason why the corrupted symlink size causes an uninitialised\npage is due to the following sequence of events:\n\n1. squashfs_read_inode() is called to read the symbolic\n link from disk. This assigns the corrupted value\n 3875536935 to inode->i_size.\n\n2. Later squashfs_symlink_read_folio() is called, which assigns\n this corrupted value to the length variable, which being a\n signed int, overflows producing a negative number.\n\n3. The following loop that fills in the page contents checks that\n the copied bytes is less than length, which being negative means\n the loop is skipped, producing an uninitialised page.\n\nThis patch adds a sanity check which checks that the symbolic\nlink size is not larger than expected.\n\n--\n\nV2: fix spelling mistake.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46744", url: "https://www.suse.com/security/cve/CVE-2024-46744", }, { category: "external", summary: "SUSE Bug 1230747 for CVE-2024-46744", url: "https://bugzilla.suse.com/1230747", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46744", }, { cve: "CVE-2024-46745", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46745", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - reject requests with unreasonable number of slots\n\n\nWhen exercising uinput interface syzkaller may try setting up device\nwith a really large number of slots, which causes memory allocation\nfailure in input_mt_init_slots(). While this allocation failure is\nhandled properly and request is rejected, it results in syzkaller\nreports. Additionally, such request may put undue burden on the\nsystem which will try to free a lot of memory for a bogus request.\n\nFix it by limiting allowed number of slots to 100. This can easily\nbe extended if we see devices that can track more than 100 contacts.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46745", url: "https://www.suse.com/security/cve/CVE-2024-46745", }, { category: "external", summary: "SUSE Bug 1230748 for CVE-2024-46745", url: "https://bugzilla.suse.com/1230748", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46745", }, { cve: "CVE-2024-46746", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46746", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: free driver_data after destroying hid device\n\nHID driver callbacks aren't called anymore once hid_destroy_device() has\nbeen called. Hence, hid driver_data should be freed only after the\nhid_destroy_device() function returned as driver_data is used in several\ncallbacks.\n\nI observed a crash with kernel 6.10.0 on my T14s Gen 3, after enabling\nKASAN to debug memory allocation, I got this output:\n\n [ 13.050438] ==================================================================\n [ 13.054060] BUG: KASAN: slab-use-after-free in amd_sfh_get_report+0x3ec/0x530 [amd_sfh]\n [ 13.054809] psmouse serio1: trackpoint: Synaptics TrackPoint firmware: 0x02, buttons: 3/3\n [ 13.056432] Read of size 8 at addr ffff88813152f408 by task (udev-worker)/479\n\n [ 13.060970] CPU: 5 PID: 479 Comm: (udev-worker) Not tainted 6.10.0-arch1-2 #1 893bb55d7f0073f25c46adbb49eb3785fefd74b0\n [ 13.063978] Hardware name: LENOVO 21CQCTO1WW/21CQCTO1WW, BIOS R22ET70W (1.40 ) 03/21/2024\n [ 13.067860] Call Trace:\n [ 13.069383] input: TPPS/2 Synaptics TrackPoint as /devices/platform/i8042/serio1/input/input8\n [ 13.071486] <TASK>\n [ 13.071492] dump_stack_lvl+0x5d/0x80\n [ 13.074870] snd_hda_intel 0000:33:00.6: enabling device (0000 -> 0002)\n [ 13.078296] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n [ 13.082199] print_report+0x174/0x505\n [ 13.085776] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n [ 13.089367] ? srso_alias_return_thunk+0x5/0xfbef5\n [ 13.093255] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n [ 13.097464] kasan_report+0xc8/0x150\n [ 13.101461] ? amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n [ 13.105802] amd_sfh_get_report+0x3ec/0x530 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n [ 13.110303] amdtp_hid_request+0xb8/0x110 [amd_sfh 05f43221435b5205f734cd9da29399130f398a38]\n [ 13.114879] ? srso_alias_return_thunk+0x5/0xfbef5\n [ 13.119450] sensor_hub_get_feature+0x1d3/0x540 [hid_sensor_hub 3f13be3016ff415bea03008d45d99da837ee3082]\n [ 13.124097] hid_sensor_parse_common_attributes+0x4d0/0xad0 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n [ 13.127404] ? srso_alias_return_thunk+0x5/0xfbef5\n [ 13.131925] ? __pfx_hid_sensor_parse_common_attributes+0x10/0x10 [hid_sensor_iio_common c3a5cbe93969c28b122609768bbe23efe52eb8f5]\n [ 13.136455] ? _raw_spin_lock_irqsave+0x96/0xf0\n [ 13.140197] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n [ 13.143602] ? devm_iio_device_alloc+0x34/0x50 [industrialio 3d261d5e5765625d2b052be40e526d62b1d2123b]\n [ 13.147234] ? srso_alias_return_thunk+0x5/0xfbef5\n [ 13.150446] ? __devm_add_action+0x167/0x1d0\n [ 13.155061] hid_gyro_3d_probe+0x120/0x7f0 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n [ 13.158581] ? srso_alias_return_thunk+0x5/0xfbef5\n [ 13.161814] platform_probe+0xa2/0x150\n [ 13.165029] really_probe+0x1e3/0x8a0\n [ 13.168243] __driver_probe_device+0x18c/0x370\n [ 13.171500] driver_probe_device+0x4a/0x120\n [ 13.175000] __driver_attach+0x190/0x4a0\n [ 13.178521] ? __pfx___driver_attach+0x10/0x10\n [ 13.181771] bus_for_each_dev+0x106/0x180\n [ 13.185033] ? __pfx__raw_spin_lock+0x10/0x10\n [ 13.188229] ? __pfx_bus_for_each_dev+0x10/0x10\n [ 13.191446] ? srso_alias_return_thunk+0x5/0xfbef5\n [ 13.194382] bus_add_driver+0x29e/0x4d0\n [ 13.197328] driver_register+0x1a5/0x360\n [ 13.200283] ? __pfx_hid_gyro_3d_platform_driver_init+0x10/0x10 [hid_sensor_gyro_3d 63da36a143b775846ab2dbb86c343b401b5e3172]\n [ 13.203362] do_one_initcall+0xa7/0x380\n [ 13.206432] ? __pfx_do_one_initcall+0x10/0x10\n [ 13.210175] ? srso_alias_return_thunk+0x5/0xfbef5\n [ 13.213211] ? kasan_unpoison+0x44/0x70\n [ 13.216688] do_init_module+0x238/0x750\n [ 13.2196\n---truncated---", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46746", url: "https://www.suse.com/security/cve/CVE-2024-46746", }, { category: "external", summary: "SUSE Bug 1230751 for CVE-2024-46746", url: "https://bugzilla.suse.com/1230751", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46746", }, { cve: "CVE-2024-46747", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46747", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup\n\nreport_fixup for the Cougar 500k Gaming Keyboard was not verifying\nthat the report descriptor size was correct before accessing it", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46747", url: "https://www.suse.com/security/cve/CVE-2024-46747", }, { category: "external", summary: "SUSE Bug 1230752 for CVE-2024-46747", url: "https://bugzilla.suse.com/1230752", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46747", }, { cve: "CVE-2024-46750", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46750", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Add missing bridge lock to pci_bus_lock()\n\nOne of the true positives that the cfg_access_lock lockdep effort\nidentified is this sequence:\n\n WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70\n RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70\n Call Trace:\n <TASK>\n ? __warn+0x8c/0x190\n ? pci_bridge_secondary_bus_reset+0x5d/0x70\n ? report_bug+0x1f8/0x200\n ? handle_bug+0x3c/0x70\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? pci_bridge_secondary_bus_reset+0x5d/0x70\n pci_reset_bus+0x1d8/0x270\n vmd_probe+0x778/0xa10\n pci_device_probe+0x95/0x120\n\nWhere pci_reset_bus() users are triggering unlocked secondary bus resets.\nIronically pci_bus_reset(), several calls down from pci_reset_bus(), uses\npci_bus_lock() before issuing the reset which locks everything *but* the\nbridge itself.\n\nFor the same motivation as adding:\n\n bridge = pci_upstream_bridge(dev);\n if (bridge)\n pci_dev_lock(bridge);\n\nto pci_reset_function() for the \"bus\" and \"cxl_bus\" reset cases, add\npci_dev_lock() for @bus->self to pci_bus_lock().\n\n[bhelgaas: squash in recursive locking deadlock fix from Keith Busch:\nhttps://lore.kernel.org/r/20240711193650.701834-1-kbusch@meta.com]", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46750", url: "https://www.suse.com/security/cve/CVE-2024-46750", }, { category: "external", summary: "SUSE Bug 1230783 for CVE-2024-46750", url: "https://bugzilla.suse.com/1230783", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46750", }, { cve: "CVE-2024-46753", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46753", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle errors from btrfs_dec_ref() properly\n\nIn walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is\nincorrect, we have proper error handling here, return the error.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46753", url: "https://www.suse.com/security/cve/CVE-2024-46753", }, { category: "external", summary: "SUSE Bug 1230796 for CVE-2024-46753", url: "https://bugzilla.suse.com/1230796", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46753", }, { cve: "CVE-2024-46759", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46759", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (adc128d818) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46759", url: "https://www.suse.com/security/cve/CVE-2024-46759", }, { category: "external", summary: "SUSE Bug 1230814 for CVE-2024-46759", url: "https://bugzilla.suse.com/1230814", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "low", }, ], title: "CVE-2024-46759", }, { cve: "CVE-2024-46761", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46761", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\npci/hotplug/pnv_php: Fix hotplug driver crash on Powernv\n\nThe hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel\ncrash when we try to hot-unplug/disable the PCIe switch/bridge from\nthe PHB.\n\nThe crash occurs because although the MSI data structure has been\nreleased during disable/hot-unplug path and it has been assigned\nwith NULL, still during unregistration the code was again trying to\nexplicitly disable the MSI which causes the NULL pointer dereference and\nkernel crash.\n\nThe patch fixes the check during unregistration path to prevent invoking\npci_disable_msi/msix() since its data structure is already freed.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46761", url: "https://www.suse.com/security/cve/CVE-2024-46761", }, { category: "external", summary: "SUSE Bug 1230761 for CVE-2024-46761", url: "https://bugzilla.suse.com/1230761", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46761", }, { cve: "CVE-2024-46770", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46770", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add netif_device_attach/detach into PF reset flow\n\nEthtool callbacks can be executed while reset is in progress and try to\naccess deleted resources, e.g. getting coalesce settings can result in a\nNULL pointer dereference seen below.\n\nReproduction steps:\nOnce the driver is fully initialized, trigger reset:\n\t# echo 1 > /sys/class/net/<interface>/device/reset\nwhen reset is in progress try to get coalesce settings using ethtool:\n\t# ethtool -c <interface>\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP PTI\nCPU: 11 PID: 19713 Comm: ethtool Tainted: G S 6.10.0-rc7+ #7\nRIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice]\nRSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206\nRAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000\nR13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40\nFS: 00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0\nCall Trace:\n<TASK>\nice_get_coalesce+0x17/0x30 [ice]\ncoalesce_prepare_data+0x61/0x80\nethnl_default_doit+0xde/0x340\ngenl_family_rcv_msg_doit+0xf2/0x150\ngenl_rcv_msg+0x1b3/0x2c0\nnetlink_rcv_skb+0x5b/0x110\ngenl_rcv+0x28/0x40\nnetlink_unicast+0x19c/0x290\nnetlink_sendmsg+0x222/0x490\n__sys_sendto+0x1df/0x1f0\n__x64_sys_sendto+0x24/0x30\ndo_syscall_64+0x82/0x160\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7faee60d8e27\n\nCalling netif_device_detach() before reset makes the net core not call\nthe driver when ethtool command is issued, the attempt to execute an\nethtool command during reset will result in the following message:\n\n netlink error: No such device\n\ninstead of NULL pointer dereference. Once reset is done and\nice_rebuild() is executing, the netif_device_attach() is called to allow\nfor ethtool operations to occur again in a safe manner.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46770", url: "https://www.suse.com/security/cve/CVE-2024-46770", }, { category: "external", summary: "SUSE Bug 1230763 for CVE-2024-46770", url: "https://bugzilla.suse.com/1230763", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46770", }, { cve: "CVE-2024-46772", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46772", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator crb_pipes before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 2 DIVIDE_BY_ZERO issues reported by Coverity.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46772", url: "https://www.suse.com/security/cve/CVE-2024-46772", }, { category: "external", summary: "SUSE Bug 1230772 for CVE-2024-46772", url: "https://bugzilla.suse.com/1230772", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46772", }, { cve: "CVE-2024-46773", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46773", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator pbn_div before used\n\n[WHAT & HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 1 DIVIDE_BY_ZERO issue reported by Coverity.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46773", url: "https://www.suse.com/security/cve/CVE-2024-46773", }, { category: "external", summary: "SUSE Bug 1230791 for CVE-2024-46773", url: "https://bugzilla.suse.com/1230791", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46773", }, { cve: "CVE-2024-46774", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46774", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()\n\nSmatch warns:\n\n arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential\n spectre issue 'args.args' [r] (local cap)\n\nThe 'nargs' and 'nret' locals come directly from a user-supplied\nbuffer and are used as indexes into a small stack-based array and as\ninputs to copy_to_user() after they are subject to bounds checks.\n\nUse array_index_nospec() after the bounds checks to clamp these values\nfor speculative execution.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46774", url: "https://www.suse.com/security/cve/CVE-2024-46774", }, { category: "external", summary: "SUSE Bug 1230767 for CVE-2024-46774", url: "https://bugzilla.suse.com/1230767", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46774", }, { cve: "CVE-2024-46778", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46778", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check UnboundedRequestEnabled's value\n\nCalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabled\nis a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thus\nif (p->UnboundedRequestEnabled) checks its address, not bool value.\n\nThis fixes 1 REVERSE_INULL issue reported by Coverity.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46778", url: "https://www.suse.com/security/cve/CVE-2024-46778", }, { category: "external", summary: "SUSE Bug 1230776 for CVE-2024-46778", url: "https://bugzilla.suse.com/1230776", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46778", }, { cve: "CVE-2024-46783", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46783", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: fix return value of tcp_bpf_sendmsg()\n\nWhen we cork messages in psock->cork, the last message triggers the\nflushing will result in sending a sk_msg larger than the current\nmessage size. In this case, in tcp_bpf_send_verdict(), 'copied' becomes\nnegative at least in the following case:\n\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta); // <==== HERE\n473 return -EACCES;\n\nTherefore, it could lead to the following BUG with a proper value of\n'copied' (thanks to syzbot). We should not use negative 'copied' as a\nreturn value here.\n\n ------------[ cut here ]------------\n kernel BUG at net/socket.c:733!\n Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n Modules linked in:\n CPU: 0 UID: 0 PID: 3265 Comm: syz-executor510 Not tainted 6.11.0-rc3-syzkaller-00060-gd07b43284ab3 #0\n Hardware name: linux,dummy-virt (DT)\n pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n pc : sock_sendmsg_nosec net/socket.c:733 [inline]\n pc : sock_sendmsg_nosec net/socket.c:728 [inline]\n pc : __sock_sendmsg+0x5c/0x60 net/socket.c:745\n lr : sock_sendmsg_nosec net/socket.c:730 [inline]\n lr : __sock_sendmsg+0x54/0x60 net/socket.c:745\n sp : ffff800088ea3b30\n x29: ffff800088ea3b30 x28: fbf00000062bc900 x27: 0000000000000000\n x26: ffff800088ea3bc0 x25: ffff800088ea3bc0 x24: 0000000000000000\n x23: f9f00000048dc000 x22: 0000000000000000 x21: ffff800088ea3d90\n x20: f9f00000048dc000 x19: ffff800088ea3d90 x18: 0000000000000001\n x17: 0000000000000000 x16: 0000000000000000 x15: 000000002002ffaf\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000000 x10: ffff8000815849c0 x9 : ffff8000815b49c0\n x8 : 0000000000000000 x7 : 000000000000003f x6 : 0000000000000000\n x5 : 00000000000007e0 x4 : fff07ffffd239000 x3 : fbf00000062bc900\n x2 : 0000000000000000 x1 : 0000000000000000 x0 : 00000000fffffdef\n Call trace:\n sock_sendmsg_nosec net/socket.c:733 [inline]\n __sock_sendmsg+0x5c/0x60 net/socket.c:745\n ____sys_sendmsg+0x274/0x2ac net/socket.c:2597\n ___sys_sendmsg+0xac/0x100 net/socket.c:2651\n __sys_sendmsg+0x84/0xe0 net/socket.c:2680\n __do_sys_sendmsg net/socket.c:2689 [inline]\n __se_sys_sendmsg net/socket.c:2687 [inline]\n __arm64_sys_sendmsg+0x24/0x30 net/socket.c:2687\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x48/0x110 arch/arm64/kernel/syscall.c:49\n el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151\n el0_svc+0x34/0xec arch/arm64/kernel/entry-common.c:712\n el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598\n Code: f9404463 d63f0060 3108441f 54fffe81 (d4210000)\n ---[ end trace 0000000000000000 ]---", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46783", url: "https://www.suse.com/security/cve/CVE-2024-46783", }, { category: "external", summary: "SUSE Bug 1230810 for CVE-2024-46783", url: "https://bugzilla.suse.com/1230810", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46783", }, { cve: "CVE-2024-46784", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46784", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup\n\nCurrently napi_disable() gets called during rxq and txq cleanup,\neven before napi is enabled and hrtimer is initialized. It causes\nkernel panic.\n\n? page_fault_oops+0x136/0x2b0\n ? page_counter_cancel+0x2e/0x80\n ? do_user_addr_fault+0x2f2/0x640\n ? refill_obj_stock+0xc4/0x110\n ? exc_page_fault+0x71/0x160\n ? asm_exc_page_fault+0x27/0x30\n ? __mmdrop+0x10/0x180\n ? __mmdrop+0xec/0x180\n ? hrtimer_active+0xd/0x50\n hrtimer_try_to_cancel+0x2c/0xf0\n hrtimer_cancel+0x15/0x30\n napi_disable+0x65/0x90\n mana_destroy_rxq+0x4c/0x2f0\n mana_create_rxq.isra.0+0x56c/0x6d0\n ? mana_uncfg_vport+0x50/0x50\n mana_alloc_queues+0x21b/0x320\n ? skb_dequeue+0x5f/0x80", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46784", url: "https://www.suse.com/security/cve/CVE-2024-46784", }, { category: "external", summary: "SUSE Bug 1230771 for CVE-2024-46784", url: "https://bugzilla.suse.com/1230771", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46784", }, { cve: "CVE-2024-46787", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46787", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: fix checks for huge PMDs\n\nPatch series \"userfaultfd: fix races around pmd_trans_huge() check\", v2.\n\nThe pmd_trans_huge() code in mfill_atomic() is wrong in three different\nways depending on kernel version:\n\n1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit\n the right two race windows) - I've tested this in a kernel build with\n some extra mdelay() calls. See the commit message for a description\n of the race scenario.\n On older kernels (before 6.5), I think the same bug can even\n theoretically lead to accessing transhuge page contents as a page table\n if you hit the right 5 narrow race windows (I haven't tested this case).\n2. As pointed out by Qi Zheng, pmd_trans_huge() is not sufficient for\n detecting PMDs that don't point to page tables.\n On older kernels (before 6.5), you'd just have to win a single fairly\n wide race to hit this.\n I've tested this on 6.1 stable by racing migration (with a mdelay()\n patched into try_to_migrate()) against UFFDIO_ZEROPAGE - on my x86\n VM, that causes a kernel oops in ptlock_ptr().\n3. On newer kernels (>=6.5), for shmem mappings, khugepaged is allowed\n to yank page tables out from under us (though I haven't tested that),\n so I think the BUG_ON() checks in mfill_atomic() are just wrong.\n\nI decided to write two separate fixes for these (one fix for bugs 1+2, one\nfix for bug 3), so that the first fix can be backported to kernels\naffected by bugs 1+2.\n\n\nThis patch (of 2):\n\nThis fixes two issues.\n\nI discovered that the following race can occur:\n\n mfill_atomic other thread\n ============ ============\n <zap PMD>\n pmdp_get_lockless() [reads none pmd]\n <bail if trans_huge>\n <if none:>\n <pagefault creates transhuge zeropage>\n __pte_alloc [no-op]\n <zap PMD>\n <bail if pmd_trans_huge(*dst_pmd)>\n BUG_ON(pmd_none(*dst_pmd))\n\nI have experimentally verified this in a kernel with extra mdelay() calls;\nthe BUG_ON(pmd_none(*dst_pmd)) triggers.\n\nOn kernels newer than commit 0d940a9b270b (\"mm/pgtable: allow\npte_offset_map[_lock]() to fail\"), this can't lead to anything worse than\na BUG_ON(), since the page table access helpers are actually designed to\ndeal with page tables concurrently disappearing; but on older kernels\n(<=6.4), I think we could probably theoretically race past the two\nBUG_ON() checks and end up treating a hugepage as a page table.\n\nThe second issue is that, as Qi Zheng pointed out, there are other types\nof huge PMDs that pmd_trans_huge() can't catch: devmap PMDs and swap PMDs\n(in particular, migration PMDs).\n\nOn <=6.4, this is worse than the first issue: If mfill_atomic() runs on a\nPMD that contains a migration entry (which just requires winning a single,\nfairly wide race), it will pass the PMD to pte_offset_map_lock(), which\nassumes that the PMD points to a page table.\n\nBreakage follows: First, the kernel tries to take the PTE lock (which will\ncrash or maybe worse if there is no \"struct page\" for the address bits in\nthe migration entry PMD - I think at least on X86 there usually is no\ncorresponding \"struct page\" thanks to the PTE inversion mitigation, amd64\nlooks different).\n\nIf that didn't crash, the kernel would next try to write a PTE into what\nit wrongly thinks is a page table.\n\nAs part of fixing these issues, get rid of the check for pmd_trans_huge()\nbefore __pte_alloc() - that's redundant, we're going to have to check for\nthat after the __pte_alloc() anyway.\n\nBackport note: pmdp_get_lockless() is pmd_read_atomic() in older kernels.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46787", url: "https://www.suse.com/security/cve/CVE-2024-46787", }, { category: "external", summary: "SUSE Bug 1230815 for CVE-2024-46787", url: "https://bugzilla.suse.com/1230815", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46787", }, { cve: "CVE-2024-46822", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46822", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry\n\nIn a review discussion of the changes to support vCPU hotplug where\na check was added on the GICC being enabled if was online, it was\nnoted that there is need to map back to the cpu and use that to index\ninto a cpumask. As such, a valid ID is needed.\n\nIf an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible\nfor the entry in cpu_madt_gicc[cpu] == NULL. This function would\nthen cause a NULL pointer dereference. Whilst a path to trigger\nthis has not been established, harden this caller against the\npossibility.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46822", url: "https://www.suse.com/security/cve/CVE-2024-46822", }, { category: "external", summary: "SUSE Bug 1231120 for CVE-2024-46822", url: "https://bugzilla.suse.com/1231120", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46822", }, { cve: "CVE-2024-46853", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46853", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: nxp-fspi: fix the KASAN report out-of-bounds bug\n\nChange the memcpy length to fix the out-of-bounds issue when writing the\ndata that is not 4 byte aligned to TX FIFO.\n\nTo reproduce the issue, write 3 bytes data to NOR chip.\n\ndd if=3b of=/dev/mtd0\n[ 36.926103] ==================================================================\n[ 36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838\n[ 36.940514] Read of size 4 at addr ffff00081037c2a0 by task dd/455\n[ 36.946721]\n[ 36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd Not tainted 6.11.0-rc5-gc7b0e37c8434 #1070\n[ 36.956185] Hardware name: Freescale i.MX8QM MEK (DT)\n[ 36.961260] Call trace:\n[ 36.963723] dump_backtrace+0x90/0xe8\n[ 36.967414] show_stack+0x18/0x24\n[ 36.970749] dump_stack_lvl+0x78/0x90\n[ 36.974451] print_report+0x114/0x5cc\n[ 36.978151] kasan_report+0xa4/0xf0\n[ 36.981670] __asan_report_load_n_noabort+0x1c/0x28\n[ 36.986587] nxp_fspi_exec_op+0x26ec/0x2838\n[ 36.990800] spi_mem_exec_op+0x8ec/0xd30\n[ 36.994762] spi_mem_no_dirmap_read+0x190/0x1e0\n[ 36.999323] spi_mem_dirmap_write+0x238/0x32c\n[ 37.003710] spi_nor_write_data+0x220/0x374\n[ 37.007932] spi_nor_write+0x110/0x2e8\n[ 37.011711] mtd_write_oob_std+0x154/0x1f0\n[ 37.015838] mtd_write_oob+0x104/0x1d0\n[ 37.019617] mtd_write+0xb8/0x12c\n[ 37.022953] mtdchar_write+0x224/0x47c\n[ 37.026732] vfs_write+0x1e4/0x8c8\n[ 37.030163] ksys_write+0xec/0x1d0\n[ 37.033586] __arm64_sys_write+0x6c/0x9c\n[ 37.037539] invoke_syscall+0x6c/0x258\n[ 37.041327] el0_svc_common.constprop.0+0x160/0x22c\n[ 37.046244] do_el0_svc+0x44/0x5c\n[ 37.049589] el0_svc+0x38/0x78\n[ 37.052681] el0t_64_sync_handler+0x13c/0x158\n[ 37.057077] el0t_64_sync+0x190/0x194\n[ 37.060775]\n[ 37.062274] Allocated by task 455:\n[ 37.065701] kasan_save_stack+0x2c/0x54\n[ 37.069570] kasan_save_track+0x20/0x3c\n[ 37.073438] kasan_save_alloc_info+0x40/0x54\n[ 37.077736] __kasan_kmalloc+0xa0/0xb8\n[ 37.081515] __kmalloc_noprof+0x158/0x2f8\n[ 37.085563] mtd_kmalloc_up_to+0x120/0x154\n[ 37.089690] mtdchar_write+0x130/0x47c\n[ 37.093469] vfs_write+0x1e4/0x8c8\n[ 37.096901] ksys_write+0xec/0x1d0\n[ 37.100332] __arm64_sys_write+0x6c/0x9c\n[ 37.104287] invoke_syscall+0x6c/0x258\n[ 37.108064] el0_svc_common.constprop.0+0x160/0x22c\n[ 37.112972] do_el0_svc+0x44/0x5c\n[ 37.116319] el0_svc+0x38/0x78\n[ 37.119401] el0t_64_sync_handler+0x13c/0x158\n[ 37.123788] el0t_64_sync+0x190/0x194\n[ 37.127474]\n[ 37.128977] The buggy address belongs to the object at ffff00081037c2a0\n[ 37.128977] which belongs to the cache kmalloc-8 of size 8\n[ 37.141177] The buggy address is located 0 bytes inside of\n[ 37.141177] allocated 3-byte region [ffff00081037c2a0, ffff00081037c2a3)\n[ 37.153465]\n[ 37.154971] The buggy address belongs to the physical page:\n[ 37.160559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89037c\n[ 37.168596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)\n[ 37.175149] page_type: 0xfdffffff(slab)\n[ 37.179021] raw: 0bfffe0000000000 ffff000800002500 dead000000000122 0000000000000000\n[ 37.186788] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000\n[ 37.194553] page dumped because: kasan: bad access detected\n[ 37.200144]\n[ 37.201647] Memory state around the buggy address:\n[ 37.206460] ffff00081037c180: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc\n[ 37.213701] ffff00081037c200: fa fc fc fc 05 fc fc fc 03 fc fc fc 02 fc fc fc\n[ 37.220946] >ffff00081037c280: 06 fc fc fc 03 fc fc fc fc fc fc fc fc fc fc fc\n[ 37.228186] ^\n[ 37.232473] ffff00081037c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 37.239718] ffff00081037c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 37.246962] ==============================================================\n---truncated---", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46853", url: "https://www.suse.com/security/cve/CVE-2024-46853", }, { category: "external", summary: "SUSE Bug 1231083 for CVE-2024-46853", url: "https://bugzilla.suse.com/1231083", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46853", }, { cve: "CVE-2024-46854", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46854", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dpaa: Pad packets to ETH_ZLEN\n\nWhen sending packets under 60 bytes, up to three bytes of the buffer\nfollowing the data may be leaked. Avoid this by extending all packets to\nETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be\nreproduced by running\n\n\t$ ping -s 11 destination", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46854", url: "https://www.suse.com/security/cve/CVE-2024-46854", }, { category: "external", summary: "SUSE Bug 1231084 for CVE-2024-46854", url: "https://bugzilla.suse.com/1231084", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46854", }, { cve: "CVE-2024-46859", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-46859", }, ], notes: [ { category: "general", text: "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: panasonic-laptop: Fix SINF array out of bounds accesses\n\nThe panasonic laptop code in various places uses the SINF array with index\nvalues of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array\nis big enough.\n\nNot all panasonic laptops have this many SINF array entries, for example\nthe Toughbook CF-18 model only has 10 SINF array entries. So it only\nsupports the AC+DC brightness entries and mute.\n\nCheck that the SINF array has a minimum size which covers all AC+DC\nbrightness entries and refuse to load if the SINF array is smaller.\n\nFor higher SINF indexes hide the sysfs attributes when the SINF array\ndoes not contain an entry for that attribute, avoiding show()/store()\naccessing the array out of bounds and add bounds checking to the probe()\nand resume() code accessing these.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-46859", url: "https://www.suse.com/security/cve/CVE-2024-46859", }, { category: "external", summary: "SUSE Bug 1231089 for CVE-2024-46859", url: "https://bugzilla.suse.com/1231089", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.203.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.203.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.203.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-09T09:43:40Z", details: "moderate", }, ], title: "CVE-2024-46859", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.