File _patchinfo of Package patchinfo.37379
<patchinfo incident="37379"> <issue id="1230697" tracker="bnc">VUL-0: CVE-2024-8805: kernel: BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability</issue> <issue id="1231847" tracker="bnc">L3: performance degradation after kernel update from 5.3.18-150300.59.167 to 5.3.18-150300.59.170 - ref:_00D1igLOd._500TrKqPID:ref</issue> <issue id="1233112" tracker="bnc">VUL-0: CVE-2024-50199: kernel: mm/swapfile: skip HugeTLB pages for unuse_vma</issue> <issue id="1233642" tracker="bnc">VUL-0: CVE-2024-53095: kernel: smb: client: Fix use-after-free of network namespace.</issue> <issue id="1234025" tracker="bnc">VUL-0: CVE-2024-53104: kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format</issue> <issue id="1234690" tracker="bnc">VUL-0: CVE-2024-53144: kernel: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE</issue> <issue id="1234884" tracker="bnc">VUL-0: CVE-2024-53166: kernel: block, bfq: fix bfqq uaf in bfq_limit_depth()</issue> <issue id="1234896" tracker="bnc">VUL-0: CVE-2024-53177: kernel: smb: prevent use-after-free due to open_cached_dir error paths</issue> <issue id="1234931" tracker="bnc">VUL-0: CVE-2024-56661: kernel: tipc: fix NULL deref in cleanup_bearer()</issue> <issue id="1235134" tracker="bnc">VUL-0: CVE-2024-56645: kernel: can: j1939: j1939_session_new(): fix skb reference counting</issue> <issue id="1235217" tracker="bnc">VUL-0: CVE-2024-56600: kernel: net: inet6: do not leave a dangling sk pointer in inet6_create()</issue> <issue id="1235230" tracker="bnc">VUL-0: CVE-2024-56601: kernel: net: inet: do not leave a dangling sk pointer in inet_create()</issue> <issue id="1235249" tracker="bnc">VUL-0: CVE-2024-56664: kernel: bpf, sockmap: fix race between element replace and close()</issue> <issue id="1235430" tracker="bnc">VUL-0: CVE-2024-56650: kernel: netfilter: x_tables: fix LED ID check in led_tg_check()</issue> <issue id="1235433" tracker="bnc">VUL-0: CVE-2024-56642: kernel: tipc: fix use-after-free of kernel socket in cleanup_bearer().</issue> <issue id="1235441" tracker="bnc">VUL-0: CVE-2024-56658: kernel: net: defer final 'struct net' free in netns dismantle</issue> <issue id="1235451" tracker="bnc">VUL-0: CVE-2024-56648: kernel: net: hsr: avoid potential out-of-bound access in fill_frame_info()</issue> <issue id="1235466" tracker="bnc">VUL-0: CVE-2024-56623: kernel: scsi: qla2xxx: Fix use after free on unload</issue> <issue id="1235480" tracker="bnc">VUL-0: CVE-2024-56631: kernel: scsi: sg: Fix slab-use-after-free read in sg_release()</issue> <issue id="1235521" tracker="bnc">VUL-0: CVE-2024-56602: kernel: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()</issue> <issue id="1235584" tracker="bnc">VUL-0: CVE-2024-56704: kernel: 9p/xen: fix release of IRQ</issue> <issue id="1235645" tracker="bnc">VUL-0: CVE-2024-56759: kernel: btrfs: fix use-after-free when COWing tree bock and tracing is enabled</issue> <issue id="1235723" tracker="bnc">VUL-0: CVE-2024-54680: kernel: smb: client: fix TCP timers deadlock after rmmod</issue> <issue id="1235759" tracker="bnc">VUL-0: CVE-2024-57791: kernel: net/smc: check return value of sock_recvmsg when draining clc data</issue> <issue id="1235764" tracker="bnc">VUL-0: CVE-2024-57792: kernel: power: supply: gpio-charger: fix set charge current limits</issue> <issue id="1235814" tracker="bnc">VUL-0: CVE-2024-57849: kernel: s390/cpum_sf: handle CPU hotplug remove during sampling</issue> <issue id="1235818" tracker="bnc">VUL-0: CVE-2024-57798: kernel: drm/dp_mst: ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req()</issue> <issue id="1235920" tracker="bnc">VUL-0: CVE-2024-57893: kernel: ALSA: seq: oss: fix races at processing SysEx messages</issue> <issue id="1235969" tracker="bnc">VUL-0: CVE-2024-57897: kernel: drm/amdkfd: Correct the migration DMA map direction</issue> <issue id="1236628" tracker="bnc">Partner-L3: Crashes on SP4 through SP6 in idpf</issue> <issue id="2024-50199" tracker="cve" /> <issue id="2024-53095" tracker="cve" /> <issue id="2024-53104" tracker="cve" /> <issue id="2024-53144" tracker="cve" /> <issue id="2024-53166" tracker="cve" /> <issue id="2024-53177" tracker="cve" /> <issue id="2024-54680" tracker="cve" /> <issue id="2024-56600" tracker="cve" /> <issue id="2024-56601" tracker="cve" /> <issue id="2024-56602" tracker="cve" /> <issue id="2024-56623" tracker="cve" /> <issue id="2024-56631" tracker="cve" /> <issue id="2024-56642" tracker="cve" /> <issue id="2024-56645" tracker="cve" /> <issue id="2024-56648" tracker="cve" /> <issue id="2024-56650" tracker="cve" /> <issue id="2024-56658" tracker="cve" /> <issue id="2024-56661" tracker="cve" /> <issue id="2024-56664" tracker="cve" /> <issue id="2024-56704" tracker="cve" /> <issue id="2024-56759" tracker="cve" /> <issue id="2024-57791" tracker="cve" /> <issue id="2024-57792" tracker="cve" /> <issue id="2024-57798" tracker="cve" /> <issue id="2024-57849" tracker="cve" /> <issue id="2024-57893" tracker="cve" /> <issue id="2024-57897" tracker="cve" /> <issue id="2024-8805" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>alix82</packager> <reboot_needed/> <description> The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025). - CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234884). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521). - CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433). - CVE-2024-56645: can: j1939: j1939_session_new(): fix skb reference counting (bsc#1235134). - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-57792: power: supply: gpio-charger: Fix set charge current limits (bsc#1235764). - CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818). - CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814). - CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920). - CVE-2024-57897: drm/amdkfd: Correct the migration DMA map direction (bsc#1235969). The following non-security bugs were fixed: - NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847). - NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847). - NFS: Improve heuristic for readdirplus (bsc#1231847). - NFS: Trigger the "ls -l" readdir heuristic sooner (bsc#1231847). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes). </description> <summary>Security update for the Linux Kernel</summary> </patchinfo>
