SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:18...

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1870-1 advisory.

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2019-25160: Fixed out-of-bounds memory accesses in netlabel (bsc#1220394).
- CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bsc#1184509).
- CVE-2021-23134: Fixed a use-after-free issue in nfc sockets (bsc#1186060).
- CVE-2021-46904: Fixed NULL pointer dereference during tty device unregistration (bsc#1220416).
- CVE-2021-46905: Fixed NULL pointer dereference on disconnect regression (bsc#1220418).
- CVE-2021-46909: Fixed PCI interrupt mapping in ARM footbridge (bsc#1220442).
- CVE-2021-46938: Fixed double free of blk_mq_tag_set in dev remove after table load fails (bsc#1220554).
- CVE-2021-46939: Fixed possible hung in trace_clock_global() (bsc#1220580).
- CVE-2021-46941: Fixed core softreset when switch mode in usb dwc3 (bsc#1220628).
- CVE-2021-46950: Fixed possible data corruption in md/raid1 when ending a failed write request (bsc#1220662).
- CVE-2021-46958: Fixed race between transaction aborts and fsyncs that could lead to use-after-free in btrfs (bsc#1220521).
- CVE-2021-46960: Fixed wrong error code from smb2_get_enc_key() (bsc#1220528).
- CVE-2021-46963: Fixed crash in qla2xxx_mqueuecommand() (bsc#1220536).
- CVE-2021-46964: Fixed unreserved extra IRQ vectors in qla2xxx (bsc#1220538).
- CVE-2021-46966: Fixed potential use-after-free issue in cm_write() (bsc#1220572).
- CVE-2021-46981: Fixed NULL pointer in flush_workqueue (bsc#1220611).
- CVE-2021-46988: Fixed possible crash in userfaultfd due to unreleased page (bsc#1220706).
- CVE-2021-46990: Fixed crashes when toggling entry flush barrier in powerpc/64s (bsc#1220743).
- CVE-2021-46998: Fixed a use after free bug in enic_hard_start_xmit() (bsc#1220625).
- CVE-2021-47006: Fixed wrong check in overflow_handler hook in ARM 9064/1 hw_breakpoint (bsc#1220751).
- CVE-2021-47015: Fixed RX consumer index logic in the error path in bnxt_en (bsc#1220794).
- CVE-2021-47024: Fixed possible memory leak in vsock/virtio when closing socket (bsc#1220637).
- CVE-2021-47034: Fixed resolved pte update for kernel memory on radix in powerpc/64s (bsc#1220687).
- CVE-2021-47045: Fixed null pointer dereference in lpfc_prep_els_iocb() (bsc#1220640).
- CVE-2021-47049: Fixed Use after free in __vmbus_open() (bsc#1220692).
- CVE-2021-47055: Fixed missing permissions for locking and badblock ioctls in mtd (bsc#1220768).
- CVE-2021-47056: Fixed uninitialized lock in adf_vf2pf_shutdown() (bsc#1220769).
- CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1220742).
- CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_ sync'ing SRCU (bsc#1220745).
- CVE-2021-47063: Fixed possible use-after-free in panel_bridge_detach() (bsc#1220777).
- CVE-2021-47068: Fixed a use-after-free issue in llcp_sock_bind/connect (bsc#1220739).
- CVE-2021-47070: Fixed memory leak in error handling paths in uio_hv_generic (bsc#1220829).
- CVE-2021-47071: Fixed memory leak in error handling paths in uio_hv_generic (bsc#1220846).
- CVE-2021-47073: Fixed oops on rmmod dell_smbios init_dell_smbios_wmi() (bsc#1220850).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
- CVE-2021-47110: Fixed possible memory corruption when restoring from hibernation in x86/kvm (bsc#1221532).
- CVE-2021-47112: Fixed possible memory corruption when restoring from hibernation in x86/kvm (bsc#1221541).
- CVE-2021-47114: Fixed data corruption by fallocate in ocfs2 (bsc#1221548).
- CVE-2021-47117: Fixed bug on in ext4_es_cache_extent() as ext4_split_extent_at() failed (bsc#1221575).
- CVE-2021-47118: Fixed possible use-after-free when initializing `cad_pid` (bsc#1221605).
- CVE-2021-47119: Fixed memory leak in ext4_fill_super() (bsc#1221608).
- CVE-2021-47138: Fixed possible out-of-bound memory access in cxgb4 when clearing filters (bsc#1221934).
- CVE-2021-47141: Fixed possible NULL pointer dereference when freeing irqs (bsc#1221949).
- CVE-2021-47142: Fixed a use-after-free in drm/amdgpu (bsc#1221952).
- CVE-2021-47143: Fixed possible corruption in net/smc after failed device_add() (bsc#1221988).
- CVE-2021-47150: Fixed the potential memory leak in fec_enet_init() (bsc#1221973).
- CVE-2021-47153: Fixed wrongly generated interrupt on bus reset in i2c/i801 (bsc#1221969).
- CVE-2021-47165: Fixed shutdown crash when component not probed in drm/meson (bsc#1221965).
- CVE-2021-47166: Fixed possible corruptionb in nfs_do_recoalesce() (bsc#1221998).
- CVE-2021-47167: Fixed an Oopsable condition in __nfs_pageio_add_request() (bsc#1221991).
- CVE-2021-47168: Fixed an incorrect limit in filelayout_decode_layout() (bsc#1222002).
- CVE-2021-47169: Fixed possible NULL pointer dereference in serial/rp2 (bsc#1222000).
- CVE-2021-47171: Fixed memory leak in smsc75xx_bind() (bsc#1221994).
- CVE-2021-47173: Fixed memory leak in uss720_probe() (bsc#1221993).
- CVE-2021-47177: Fixed sysfs leak in alloc_iommu() (bsc#1221997).
- CVE-2021-47179: Fixed a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (bsc#1222001).
- CVE-2021-47180: Fixed memory leak in nci_allocate_device() (bsc#1221999).
- CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660).
- CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664).
- CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
- CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706).
- CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878)
- CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516).
- CVE-2022-48619: Fixed a denial-of-service issue in drivers/input/input.c (bsc#1218220).
- CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
- CVE-2023-52469: Fixed use-after-free in kv_parse_power_table() (bsc#1220411).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#122041).
- CVE-2023-52474: Fixed bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests in hfi1 (bsc#1220445).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
- CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
- CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082).
- CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace (bsc#1221060).
- CVE-2023-52607: Fixed NULL pointer dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
- CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie (bsc#1222300).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-7042: Fixed a NULL pointer dereference vulnerability in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-22099: Fixed NULL Pointer Dereference vulnerability in /net/bluetooth/rfcomm/core.c (bsc#1219170).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-24855: Fixed a null pointer dereference due to race condition in scsi device driver in lpfc_unregister_fcf_rescan() function (bsc#1219618).
- CVE-2024-24861: Fixed an overflow due to race condition in media/xc4000 device driver in xc4000 xc4000_get_frequency() function (bsc#1219623).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
- CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677)
- CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449)
- CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp (bsc#1222632).
- CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt (bsc#1222720).
- CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma (bsc#1222610)
- CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp (bsc#1222428).
- CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink (bsc#1222630).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
- CVE-2021-47161: Fixed a resource leak in an error handling path in the error handling path of the probe function in spi spi-fsl-dspi (bsc#1221966).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2024-26816: Ignore relocations in .notes section when building with CONFIG_XEN_PV=y (bsc#1222624).
- CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618).
- CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662).
- CVE-2022-48701: Fixed an out-of-bounds bug in __snd_usb_parse_audio_interface() (bsc#1223921).
- CVE-2024-26993: Fixed a reference leak in sysfs_break_active_protection() (bsc#1223693)
- CVE-2023-52650: Added missing check for of_find_device_by_node() (bsc#1223770)
- CVE-2024-26948: Added a dc_state NULL check in dc_state_release (bsc#1223664)
- CVE-2024-27013: Limited printing rate when illegal packet received by tun dev (bsc#1223745).
- CVE-2024-27014: Prevented deadlock while disabling aRFS (bsc#1223735).
- CVE-2024-27046: Handled acti_netdevs allocation failure (bsc#1223827).
- CVE-2021-47162: Fixed a possible memory leak in tipc_buf_append (bsc#1221977).
- CVE-2024-27072: Removed useless locks in usbtv_video_free() (bsc#1223837).
- CVE-2024-27075: Avoided stack overflow warnings with clang (bsc#1223842).
- CVE-2024-27073: Fixed a memory leak in budget_av_attach() (bsc#1223843).
- CVE-2024-27074: Fixed a memory leak in go7007_load_encoder() (bsc#1223844).
- CVE-2024-27078: Fixed a memory leak in tpg_alloc() (bsc#1223781).
- CVE-2023-52652: Fixed a possible name leak in ntb_register_device() (bsc#1223686).
- CVE-2024-23848: Fixed a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c (bsc#1219104).
- CVE-2024-26859: Prevent access to a freed page in page_pool in bnx2x (bsc#1223049).
- CVE-2024-26817: Used calloc instead of kzalloc to avoid integer overflow (bsc#1222812)
- CVE-2021-47149: Fixed a potential null pointer deref in fmvj18x_get_hwinfo() (bsc#1221972).
- CVE-2023-52620: Disallowed timeout for anonymous sets in nf_tables (bsc#1221825).
- CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223057).
- CVE-2024-26878: Fixed potential NULL pointer dereference, related to dquots (bsc#1223060).
- CVE-2024-26901: Used kzalloc() to fix information leak in do_sys_name_to_handle() (bsc#1223198).
- CVE-2024-26671: Fixed an IO hang from sbitmap wakeup race in blk_mq_mark_tag_wait() (bsc#1222357).
- CVE-2024-26772: Avoided allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613).
- CVE-2023-52614: Fixed a buffer overflow in trans_stat_show() (bsc#1221617).
- CVE-2024-26855: Fixed a potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051).
- CVE-2024-26857: Made sure to pull inner header in geneve_rx() (bsc#1223058).
- CVE-2024-26675: Limited MRU to 64K in ppp_async_ioctl() (bsc#1222379).
- CVE-2024-26907: Fixed a fortify source warning while accessing Eth segment in mlx5 (bsc#1223203).
- CVE-2023-52488: Converted from _raw_ to _noinc_ regmap functions for FIFO in sc16is7xx (bsc#1221162).
- CVE-2024-26922: Validated the parameters of bo mapping operations more clearly (bsc#1223315).
- CVE-2021-47184: Fixed NULL pointer dereference on VSI filter sync (bsc#1222666).
- CVE-2023-52635: Synchronized devfreq_monitor_[start/stop] for devfreq (bsc#1222294).
- CVE-2024-26883: Checked for integer overflow when using roundup_pow_of_two() (bsc#1223035).
- CVE-2024-26884: Fixed a bpf hashtab overflow check on 32-bit architectures (bsc#1223189).
- CVE-2024-26839: Fixed a memleak in init_credit_return() (bsc#1222975)
- CVE-2023-52644: Stop/wake correct queue in DMA Tx path when QoS is disabled in b43 (bsc#1222961).
- CVE-2021-47205: Unregistered clocks/resets when unbinding in sunxi-ng (bsc#1222888).
- CVE-2021-47211: Fixed a null pointer dereference on pointer cs_desc in usb-audio (bsc#1222869).
- CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
- CVE-2024-26779: Fixed a race condition on enabling fast-xmit in mac80211 (bsc#1222772).
- CVE-2024-26777: Error out if pixclock equals zero in fbdev/sis (bsc#1222765)
- CVE-2024-26778: Error out if pixclock equals zero in fbdev/savage (bsc#1222770)
- CVE-2024-26747: Fixed a NULL pointer issue with USB parent module's reference (bsc#1222609).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Detections

Analytics

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1870-1)

high Nessus Plugin ID 198237

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

VPR

CVSS v2

CVSS v3

Vulnerability Information

Reference Information