Overview

File _patchinfo of Package patchinfo.34563

<patchinfo incident="34563">
  <issue id="1195775" tracker="bnc">apparmor fails to build with 5.16.7</issue>
  <issue id="1216124" tracker="bnc">L3: system get stuck in boot due lpfc driver issue post 5.14.21-150400.24.63 kernel  - ref:_00D1igLOd._5005qUvoAy:ref</issue>
  <issue id="1218148" tracker="bnc">VUL-0: CVE-2023-24023: BLUFFS: kernel: Bluetooth Forward and Future Secrecy Attacks and Defenses</issue>
  <issue id="1219224" tracker="bnc">OCFS2 writes delay on large volumes - slow la window lookup from global_bitmap</issue>
  <issue id="1220492" tracker="bnc">SLES15SP6 - kdump is failing over NFS configured over HNV device with IOMMU call traces</issue>
  <issue id="1222015" tracker="bnc">L3: TSC clocksource spuriously declared invalid in 12+ socket Sapphire Rapids systems</issue>
  <issue id="1222254" tracker="bnc">L3: Unresponsive /run/systemd/userdb/io.systemd.DynamicUser adding 45 second delay to su commands</issue>
  <issue id="1222678" tracker="bnc">VUL-0: CVE-2024-26745: kernel: powerpc/pseries/iommu: NULL pointer exception when kdump over SR-IOV</issue>
  <issue id="1223384" tracker="bnc">VUL-0: CVE-2024-26923: kernel: af_unix: fix garbage collector racing against connect()</issue>
  <issue id="1224020" tracker="bnc">[TRACKERBUG] SLE15-SP5 backports for cifs.ko</issue>
  <issue id="1224679" tracker="bnc">VUL-0: CVE-2024-35869: kernel: smb: client: guarantee refcounted children from parent session</issue>
  <issue id="1224696" tracker="bnc">VUL-0: CVE-2023-52670: kernel: rpmsg: virtio: Free driver_override when rpmsg_remove()</issue>
  <issue id="1224703" tracker="bnc">VUL-0: CVE-2024-35950: kernel: drm/client: Fully protect modes[] with dev-&gt;mode_config.mutex</issue>
  <issue id="1224749" tracker="bnc">VUL-0: CVE-2024-35789: kernel: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes</issue>
  <issue id="1224764" tracker="bnc">VUL-0: CVE-2024-35862: kernel: smb: client: fix potential UAF in smb2_is_network_name_deleted()</issue>
  <issue id="1224765" tracker="bnc">VUL-0: CVE-2024-35864: kernel: smb: client: fix potential UAF in smb2_is_valid_lease_break()</issue>
  <issue id="1224766" tracker="bnc">VUL-0: CVE-2024-35861: kernel: smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()</issue>
  <issue id="1224935" tracker="bnc">VUL-0: CVE-2023-52837: kernel: nbd: fix uaf in nbd_open</issue>
  <issue id="1225098" tracker="bnc">VUL-0: CVE-2023-52846: kernel: hsr: Prevent use after free in prp_create_tagged_frame()</issue>
  <issue id="1225467" tracker="bnc">VUL-0: CVE-2021-47555: kernel: net: vlan: fix underflow for the real_dev refcnt</issue>
  <issue id="1225487" tracker="bnc">VUL-0: CVE-2023-52752: kernel: smb: client: fix use-after-free bug in cifs_debug_data_proc_show()</issue>
  <issue id="1225518" tracker="bnc">VUL-0: CVE-2021-47571: kernel: staging: rtl8192e: fix use after free in _rtl92e_pci_disconnect()</issue>
  <issue id="1225611" tracker="bnc">VUL-0: CVE-2023-52881: kernel: tcp: do not accept ACK of bytes we never sent</issue>
  <issue id="1225732" tracker="bnc">VUL-0: CVE-2024-36904: kernel: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().</issue>
  <issue id="1225737" tracker="bnc">VUL-0: CVE-2024-36899: kernel: gpiolib: cdev: Fix use after free in lineinfo_changed_notify</issue>
  <issue id="1225749" tracker="bnc">VUL-0: CVE-2024-36894: kernel: usb: gadget: f_fs: fix race between aio_cancel() and AIO request complete</issue>
  <issue id="1225840" tracker="bnc">VUL-0: CVE-2024-36940: kernel: pinctrl: core: delete incorrect free in pinctrl_enable()</issue>
  <issue id="1225866" tracker="bnc">VUL-0: CVE-2024-36964: kernel: fs/9p: only translate RWX permissions for plain 9P2000</issue>
  <issue id="1226145" tracker="bnc">VUL-0: CVE-2024-36971: kernel: fix __dst_negative_advice() race</issue>
  <issue id="1226211" tracker="bnc">kernel-obs-build missing network modules for Docker build</issue>
  <issue id="1226212" tracker="bnc">kernel-obs-build doesn't find "iso9660" when building containers with podman</issue>
  <issue id="1226270" tracker="bnc">L3: vmcore (ppc64le) crash due to running out of memory left XFS fs corruption - RCA help requested</issue>
  <issue id="1226587" tracker="bnc">VUL-0: CVE-2024-38541: kernel: of: module: add buffer overflow check in of_modalias()</issue>
  <issue id="1226595" tracker="bnc">VUL-0: CVE-2024-38545: kernel: RDMA/hns: Fix UAF for cq async event</issue>
  <issue id="1226634" tracker="bnc">VUL-0: CVE-2024-38578: kernel: ecryptfs: fix buffer size for tag 66 packet</issue>
  <issue id="1226758" tracker="bnc">VUL-0: CVE-2024-38610: kernel: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map()</issue>
  <issue id="1226786" tracker="bnc">VUL-0: CVE-2024-38560: kernel: scsi: bfa: ensure the copied buf is NUL terminated</issue>
  <issue id="1226789" tracker="bnc">VUL-0: CVE-2024-38564: kernel: bpf: add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE</issue>
  <issue id="1226953" tracker="bnc">[CC][GPOS][SLEM] kernel: disable CONFIG_RANDOM_TRUST_BOOTLOADER</issue>
  <issue id="1226962" tracker="bnc">TSC clocksource spuriously declared invalid in 12+ socket Sapphire Rapids systems</issue>
  <issue id="1226785" tracker="bnc">VUL-0: CVE-2024-38559: kernel: scsi: qedf: ensure the copied buf is NUL terminated</issue>
  <issue id="2024-26745" tracker="cve" />
  <issue id="2023-52846" tracker="cve" />
  <issue id="2024-36904" tracker="cve" />
  <issue id="2023-52881" tracker="cve" />
  <issue id="2024-35869" tracker="cve" />
  <issue id="2024-38564" tracker="cve" />
  <issue id="2024-38559" tracker="cve" />
  <issue id="2024-38560" tracker="cve" />
  <issue id="2024-38578" tracker="cve" />
  <issue id="2024-38545" tracker="cve" />
  <issue id="2023-52837" tracker="cve" />
  <issue id="2024-38541" tracker="cve" />
  <issue id="2024-36971" tracker="cve" />
  <issue id="2024-35864" tracker="cve" />
  <issue id="2024-35862" tracker="cve" />
  <issue id="2024-35861" tracker="cve" />
  <issue id="2023-52752" tracker="cve" />
  <issue id="2024-36899" tracker="cve" />
  <issue id="2023-52670" tracker="cve" />
  <issue id="2024-35789" tracker="cve" />
  <issue id="2024-36964" tracker="cve" />
  <issue id="2024-36940" tracker="cve" />
  <issue id="2021-47571" tracker="cve" />
  <issue id="2021-47555" tracker="cve" />
  <issue id="2023-24023" tracker="cve" />
  <issue id="2024-36894" tracker="cve" />
  <issue id="2024-35950" tracker="cve" />
  <issue id="2024-26923" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>rhopkins</packager>
  <reboot_needed/>
  <description>The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.


The following security bugs were fixed:

- CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679).
- CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
- CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595)
- CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
- CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587).
- CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()(bsc#1224766).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
- CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467).
- CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).

The following non-security bugs were fixed:

- Revert "build initrd without systemd" (bsc#1195775)"
- cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953).
- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212).
- rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211).
- scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1216124).
- smb: client: ensure to try all targets when finding nested links (bsc#1224020).
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
- xfs: do not include bnobt blocks when reserving free block pool (bsc#1226270).
</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places