Overview

File _patchinfo of Package patchinfo.35624

<patchinfo incident="35624">
  <issue id="1196018" tracker="bnc">VUL-0: CVE-2022-28748: kernel-source: malicious hardware can cause a leak of kernel memory over the network by ax88179_178a devices</issue>
  <issue id="1196823" tracker="bnc">VUL-0:  CVE-2022-0854: kernel-source: swiotlb: fix info leak with DMA_FROM_DEVICE</issue>
  <issue id="1202346" tracker="bnc">VUL-0: CVE-2022-20368: kernel: slab-out-of-bounds access in packet_recvmsg()</issue>
  <issue id="1209636" tracker="bnc">VUL-0: CVE-2023-1582: kernel: Soft lockup occurred during __page_mapcount</issue>
  <issue id="1209799" tracker="bnc">sched/psi: Fix use-after-free in ep_remove_wait_queue()</issue>
  <issue id="1210629" tracker="bnc">VUL-0: CVE-2023-2176: kernel: Slab-out-of-bound read in compare_netdev_and_ip</issue>
  <issue id="1216834" tracker="bnc">L3: System crashing intermittent with OCFS2</issue>
  <issue id="1220185" tracker="bnc">VUL-0: CVE-2024-26583: kernel: tls: fix race between async notify and socket close</issue>
  <issue id="1220186" tracker="bnc">VUL-0: CVE-2024-26584: kernel: net: tls: handle backlogging of crypto requests</issue>
  <issue id="1222251" tracker="bnc">Btrfs balance failing, FS marked ROref:_00D1igLOd._500Tr80inh:ref</issue>
  <issue id="1222728" tracker="bnc">VUL-0: CVE-2024-26800: kernel: tls: use-after-free on failed backlog decryption</issue>
  <issue id="1223948" tracker="bnc">VUL-0: CVE-2022-48686: kernel: nvme-tcp: fix UAF when detecting digest errors</issue>
  <issue id="1225109" tracker="bnc">VUL-0: CVE-2023-52707: kernel: sched/psi: Fix use-after-free in ep_remove_wait_queue()</issue>
  <issue id="1225584" tracker="bnc">VUL-0: CVE-2023-52854: kernel: padata: Fix refcnt handling in padata_free_shell()</issue>
  <issue id="1227942" tracker="bnc">VUL-0: CVE-2022-48802: kernel: fs/proc: task_mmu.c: don't read mapcount for migration entry</issue>
  <issue id="1227969" tracker="bnc">VUL-0: CVE-2022-48805: kernel: net: usb: ax88179_178a: fix out-of-bounds accesses in RX fixup</issue>
  <issue id="1227985" tracker="bnc">VUL-0: CVE-2022-48839: kernel: net/packet: fix slab-out-of-bounds access in packet_recvmsg()</issue>
  <issue id="1228002" tracker="bnc">VUL-0: CVE-2022-48791: kernel: scsi: pm8001: Fix use-after-free for aborted TMF sas_task</issue>
  <issue id="1228015" tracker="bnc">VUL-0: CVE-2022-48853: kernel: swiotlb: fix info leak with DMA_FROM_DEVICE</issue>
  <issue id="1228114" tracker="bnc">VUL-0: CVE-2024-41011: kernel: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages</issue>
  <issue id="1228516" tracker="bnc">VUL-0: CVE-2024-42077: kernel: ocfs2: fix DIO failure due to insufficient transaction credits</issue>
  <issue id="1228576" tracker="bnc">VUL-0: CVE-2024-41062: kernel: bluetooth/l2cap: sync sock recv cb and release</issue>
  <issue id="1228959" tracker="bnc">VUL-0: CVE-2024-42232: kernel: libceph: fix race between delayed_work() and ceph_monc_stop()</issue>
  <issue id="1229400" tracker="bnc">VUL-0: CVE-2024-42271: kernel: net/iucv: fix use after free in iucv_sock_close()</issue>
  <issue id="1229454" tracker="bnc">fuse: Initialize beyond-EOF page contents before setting uptodate</issue>
  <issue id="1229500" tracker="bnc">VUL-0: CVE-2024-43861: kernel: net: usb: qmi_wwan: fix memory leak for not ip packets</issue>
  <issue id="1229503" tracker="bnc">VUL-0: CVE-2024-43882: kernel: exec: Fix ToCToU between perm check and set-uid/gid usage</issue>
  <issue id="1229510" tracker="bnc">VUL-0: CVE-2022-48872: kernel: misc: fastrpc: Fix use-after-free race condition for maps</issue>
  <issue id="1229512" tracker="bnc">VUL-0: CVE-2022-48873: kernel: misc: fastrpc: Don't remove map on creater_process and device_release</issue>
  <issue id="1229607" tracker="bnc">VUL-0: CVE-2022-48901: kernel: btrfs: do not start relocation until in progress drops are done</issue>
  <issue id="1229630" tracker="bnc">VUL-0: CVE-2022-48925: kernel: RDMA/cma: Do not change route.addr.src_addr outside state checks</issue>
  <issue id="1229641" tracker="bnc">VUL-0: CVE-2022-48912: kernel: netfilter: fix use-after-free in __nf_register_net_hook()</issue>
  <issue id="1229657" tracker="bnc">VUL-0: CVE-2022-48919: kernel: cifs: fix double free race when mount fails in cifs_get_root()</issue>
  <issue id="1229707" tracker="bnc">VUL-0: CVE-2024-43883: kernel: usb: vhci-hcd: do not drop references before new references are gained</issue>
  <issue id="2023-2176" tracker="cve" />
  <issue id="2022-48925" tracker="cve" />
  <issue id="2022-48901" tracker="cve" />
  <issue id="2024-41011" tracker="cve" />
  <issue id="2024-42077" tracker="cve" />
  <issue id="2023-1582" tracker="cve" />
  <issue id="2022-48802" tracker="cve" />
  <issue id="2022-20368" tracker="cve" />
  <issue id="2022-48839" tracker="cve" />
  <issue id="2022-28748" tracker="cve" />
  <issue id="2022-2964" tracker="cve" />
  <issue id="2022-48805" tracker="cve" />
  <issue id="2022-0854" tracker="cve" />
  <issue id="2022-48853" tracker="cve" />
  <issue id="2024-26583" tracker="cve" />
  <issue id="2024-26584" tracker="cve" />
  <issue id="2024-26800" tracker="cve" />
  <issue id="2022-48791" tracker="cve" />
  <issue id="2024-44947" tracker="cve" />
  <issue id="2022-48919" tracker="cve" />
  <issue id="2023-52854" tracker="cve" />
  <issue id="2024-43883" tracker="cve" />
  <issue id="2024-41062" tracker="cve" />
  <issue id="2024-43861" tracker="cve" />
  <issue id="2024-43882" tracker="cve" />
  <issue id="2022-48912" tracker="cve" />
  <issue id="2022-48872" tracker="cve" />
  <issue id="2022-48873" tracker="cve" />
  <issue id="2024-42271" tracker="cve" />
  <issue id="2024-42232" tracker="cve" />
  <issue id="2022-48686" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>jdelvare</packager>
  <reboot_needed/>
  <description>
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2022-48919: Fix double free race when mount fails in cifs_get_root() (bsc#1229657).
- CVE-2023-52854: Fix refcnt handling in padata_free_shell() (bsc#1225584).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2022-48872: Fix use-after-free race condition for maps (bsc#1229510).
- CVE-2022-48873: Do not remove map on creater_process and device_release (bsc#1229512).
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2022-48686: Fixed UAF when detecting digest errors (bsc#1223948).

The following non-security bugs were fixed:

- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error).
- sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799 bsc#1225109).
- scsi: pm80xx: Fix TMF task completion race condition (bsc#1228002)
</description>
	<summary>Security update for the Linux Kernel</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places