SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:21...

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2184-1 advisory.

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220513).
- CVE-2021-47074: Fixed memory leak in nvme_loop_create_ctrl() (bsc#1220854).
- CVE-2021-47113: Abort btrfs rename_exchange if we fail to insert the second ref (bsc#1221543).
- CVE-2021-47131: Fixed a use-after-free after the TLS device goes down and up (bsc#1221545).
- CVE-2021-47206: Check return value after calling platform_get_resource() (bsc#1222894).
- CVE-2021-47238: Fixed memory leak in ip_mc_add1_src (bsc#1224847)
- CVE-2021-47245: Fixed out of bounds when parsing TCP options (bsc#1224838)
- CVE-2021-47246: Fixed page reclaim for dead peer hairpin (CVE-2021-47246 bsc#1224831).
- CVE-2021-47249: Fixed memory leak in rds_recvmsg (bsc#1224880)
- CVE-2021-47250: Fixed memory leak in netlbl_cipsov4_add_std (bsc#1224827)
- CVE-2021-47265: Verify port when creating flow rule (bsc#1224957)
- CVE-2021-47277: Avoid speculation-based attacks from out-of-range memslot accesses (bsc#1224960).
- CVE-2021-47281: Fixed race of snd_seq_timer_open() (bsc#1224983).
- CVE-2021-47334: Fixed two use after free in ibmasm_init_one (bsc#1225112).
- CVE-2021-47352: Add validation for used length (bsc#1225124).
- CVE-2021-47355: Fixed possible use-after-free in nicstar_cleanup() (bsc#1225141).
- CVE-2021-47357: Fixed possible use-after-free in ia_module_exit() (bsc#1225144).
- CVE-2021-47361: Fixed error handling in mcb_alloc_bus() (bsc#1225151).
- CVE-2021-47362: Update intermediate power state for SI (bsc#1225153).
- CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225201).
- CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit (bsc#1225208).
- CVE-2021-47397: Break out if skb_header_pointer returns NULL in sctp_rcv_ootb (bsc#1225082)
- CVE-2021-47401: Fixed stack information leak (bsc#1225242).
- CVE-2021-47423: Fixed file release memory leak (bsc#1225366).
- CVE-2021-47431: Fixed gart.bo pin_count leak (bsc#1225390).
- CVE-2021-47469: Add SPI fix commit to be ignored (bsc#1225347)
- CVE-2021-47483: Fixed possible double-free in regcache_rbtree_exit() (bsc#1224907).
- CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354)
- CVE-2021-47497: Fixed shift-out-of-bound (UBSAN) with byte size cells (bsc#1225355).
- CVE-2021-47500: Fixed trigger reference couting (bsc#1225360).
- CVE-2021-47509: Limit the period size to 16MB (bsc#1225409).
- CVE-2021-47511: Fixed negative period/buffer sizes (bsc#1225411).
- CVE-2021-47548: Fixed a possible array out-of=bounds (bsc#1225506)
- CVE-2022-48672: Fixed off-by-one error in unflatten_dt_nodes() (CVE-2022-48672 bsc#1223931).
- CVE-2022-48686: Fixed UAF when detecting digest errors (bsc#1223948).
- CVE-2022-48697: Fixed a use-after-free (bsc#1223922).
- CVE-2022-48702: Fixed out of bounds access in snd_emu10k1_pcm_channel_alloc() (bsc#1223923).
- CVE-2022-48704: Add a force flush to delay work when radeon (bsc#1223932)
- CVE-2022-48708: Fixed potential NULL dereference (bsc#1224942).
- CVE-2022-48710: Fixed a possible null pointer dereference (bsc#1225230).
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-42755: Check user supplied offsets (bsc#1215702).
- CVE-2023-52586: Fixed mutex lock in control vblank irq (bsc#1221081).
- CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169).
- CVE-2023-52664: Eliminate double free in error handling logic (bsc#1224747).
- CVE-2023-52691: Fixed a double-free in si_dpm_init (bsc#1224607).
- CVE-2023-52698: Fixed memory leak in netlbl_calipso_add_pass() (bsc#1224621)
- CVE-2023-52730: Fixed possible resource leaks in some error paths (bsc#1224956).
- CVE-2023-52732: Blocklist the kclient when receiving corrupted snap trace (bsc#1225222).
- CVE-2023-52747: Restore allocated resources on failed copyout (bsc#1224931)
- CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930).
- CVE-2023-52821: Fixed a possible null pointer dereference (bsc#1225022).
- CVE-2023-52864: Fixed opening of char device (bsc#1225132).
- CVE-2023-52865: Add check for mtk_alloc_clk_data (bsc#1225086).
- CVE-2023-52867: Fixed possible buffer overflow (bsc#1225009).
- CVE-2023-52875: Add check for mtk_alloc_clk_data (bsc#1225096).
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086)
- CVE-2024-26775: Fixed potential deadlock at set_capacity (bsc#1222627).
- CVE-2024-26791: Fixed properly validate device names in btrfs (bsc#1222793)
- CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2024-26846: Do not wait in vain when unloading module (bsc#1223023).
- CVE-2024-26874: Fixed a null pointer crash in (bsc#1223048)
- CVE-2024-26876: Fixed crash on irq during probe (bsc#1223119).
- CVE-2024-26900: Fixed kmemleak of rdev->serial (bsc#1223046).
- CVE-2024-26915: Reset IH OVERFLOW_CLEAR bit (bsc#1223207)
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2024-26957: Fixed reference counting on zcrypt card objects (bsc#1223666).
- CVE-2024-26958: Fixed UAF in direct writes (bsc#1223653).
- CVE-2024-26984: Fixed instmem race condition around ptr stores (bsc#1223633)
- CVE-2024-26996: Fixed UAF ncm object at re-bind after usb ep transport error (bsc#1223752).
- CVE-2024-27008: Fixed out of bounds access (CVE-2024-27008 bsc#1223802).
- CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834).
- CVE-2024-27396: Fixed Use-After-Free in gtp_dellink (bsc#1224096).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2024-27401: Fixed user_length taken into account when fetching packet contents (bsc#1224181).
- CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759)
- CVE-2024-27436: Stop parsing channels bits when all channels are found (bsc#1224803).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-35791: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (bsc#1224725).
- CVE-2024-35809: Drain runtime-idle callbacks before driver removal (bsc#1224738).
- CVE-2024-35830: Register v4l2 async device only after successful setup (bsc#1224680).
- CVE-2024-35849: Fixed information leak in btrfs_ioctl_logical_to_ino() (bsc#1224733).
- CVE-2024-35877: Fixed VM_PAT handling in COW mappings (bsc#1224525).
- CVE-2024-35878: Prevent NULL pointer dereference in vsnprintf() (bsc#1224671).
- CVE-2024-35887: Fixed use-after-free bugs caused by ax25_ds_del_timer (bsc#1224663)
- CVE-2024-35932: Do not check if plane->state->fb == state->fb (bsc#1224650).
- CVE-2024-35935: Handle path ref underflow in header iterate_inode_ref() (bsc#1224645)
- CVE-2024-35936: Add missing mutex_unlock in btrfs_relocate_sys_chunks() (bsc#1224644)
- CVE-2024-35944: Fixed memcpy() run-time warning in dg_dispatch_as_host() (bsc#1224648).
- CVE-2024-35969: Fixed race condition between ipv6_get_ifaddr and ipv6_del_addr (bsc#1224580).
- CVE-2024-35982: Avoid infinite loop trying to resize local TT (bsc#1224566)
- CVE-2024-36029: Prevent access to suspended controller (bsc#1225708)

The following non-security bugs were fixed:

- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (git-fixes).
- assoc_array: Fix BUG_ON during garbage collect.
- autofs: fix a leak in autofs_expire_indirect() (git-fixes)
- Bluetooth: btusb: Some Qualcomm Bluetooth adapters stop working (git-fixes).
- btrfs: avoid null pointer dereference on fs_info when calling btrfs_crit (git-fixes)
- btrfs: check if root is readonly while setting security xattr (git-fixes)
- btrfs: defrag: use btrfs_mod_outstanding_extents in cluster_pages_for_defrag (git-fixes)
- btrfs: do not get an EINTR during drop_snapshot for reloc (git-fixes)
- btrfs: do not stop integrity writeback too early (git-fixes)
- btrfs: Explicitly handle btrfs_update_root failure (git-fixes)
- btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP (git-fixes)
- btrfs: fix btrfs_prev_leaf() to not return the same key twice (git-fixes)
- btrfs: fix deadlock when writing out space cache (git-fixes)
- Btrfs: fix incorrect {node,sector}size endianness from BTRFS_IOC_FS_INFO (git-fixes)
- btrfs: fix lockdep splat and potential deadlock after failure running delayed items (git-fixes)
- btrfs: fix lost error handling when looking up extended ref on log replay (git-fixes)
- btrfs: Fix NULL pointer exception in find_bio_stripe (git-fixes)
- btrfs: Fix out of bounds access in btrfs_search_slot (git-fixes)
- btrfs: fix race when deleting quota root from the dirty cow roots list (git-fixes)
- btrfs: fix range_end calculation in extent_write_locked_range (git-fixes)
- btrfs: fix return value mixup in btrfs_get_extent (git-fixes)
- btrfs: fix unaligned access in readdir (git-fixes)
- btrfs: limit device extents to the device size (git-fixes)
- btrfs: prevent to set invalid default subvolid (git-fixes)
- btrfs: record delayed inode root in transaction (git-fixes)
- btrfs: scrub: reject unsupported scrub flags (git-fixes)
- btrfs: send: ensure send_fd is writable (git-fixes)
- btrfs: send: in case of IO error log it (git-fixes)
- btrfs: send: limit number of clones and allocated memory size (git-fixes)
- btrfs: sysfs: use NOFS for device creation (git-fixes) Adjustment: add #include
- btrfs: tree-checker: add missing return after error in root_item (git-fixes)
- btrfs: tree-checker: add missing returns after data_ref alignment checks (git-fixes)
- btrfs: tree-checker: do not error out if extent ref hash does not match (git-fixes)
- btrfs: tree-checker: fix inline ref size in error messages (git-fixes)
- btrfs: tree-checker: Fix misleading group system information (git-fixes)
- btrfs: undo writable superblocke when sprouting fails (git-fixes)
- btrfs: validate qgroup inherit for SNAP_CREATE_V2 ioctl (git-fixes)
- ecryptfs: fix a memory leak bug in ecryptfs_init_messaging() (git-fixes)
- ecryptfs: fix a memory leak bug in parse_tag_1_packet() (git-fixes)
- ecryptfs: fix kernel panic with null dev_name (git-fixes)
- ecryptfs: Fix typo in message (git-fixes)
- ep_create_wakeup_source(): dentry name can change under you (git-fixes)
- exportfs_decode_fh(): negative pinned may become positive without the parent locked (git-fixes)
- fscrypt: clean up some BUG_ON()s in block encryption/decryption (git-fixes)
- fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes (git-fixes)
- ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() (git-fixes).
- ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() (git-fixes).
- kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes).
- KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M (git-fixes bsc#1225059).
- l2tp: pass correct message length to ip6_append_data (git-fixes).
- lib/mpi: use kcalloc in mpi_resize (git-fixes).
- list: fix a data-race around ep->rdllist (git-fixes).
- livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539).
- mass-cve: Add convenience KBUILD_USER environment variable
- mass-cve: Always use bash in Makefile Some constrcts are just too convenient to leave them in favor of POSIX'd /bin/sh. Switch to explicit bash.
- mass-cve: Fail early without data files curl >$@ would create/update the file even if download fails.
Use explicit argument to prevent continuation with empty cve2bugzilla file.
- mass-cve: Fix update detection with packed-refs Per-branch files are thing of the past, git may non- deterministically pack the ref files. Therefore use the timestamp of the whole packed-ref file (better false positive detection of update than breakage or false negative). Add unified approach to read packed- refs regardless of KSOURCE_GIT worktree or not.
- mass-cve: Make BRANCH mandatory
- mass-cve: Use dedicated worktree for reference updates So that any checkout in KSOURCE_GIT is not changed.
- net: 9p: avoid freeing uninit memory in p9pdu_vreadf (git-fixes).
- netfilter: nf_queue: augment nfqa_cfg_policy (git-fixes).
- netfilter: nft_compat: explicitly reject ERROR and standard target (git-fixes).
- netfilter: x_tables: set module owner for icmp(6) matches (git-fixes).
- net/smc: fix fallback failed while sendmsg with fastopen (git-fixes).
- net: tcp: fix unexcepted socket die when snd_wnd is 0 (git-fixes).
- net/tls: Remove the context from the list in tls_device_down (bsc#1221545).
- net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes).
- net: usb: smsc95xx: stop lying about skb->truesize (git-fixes).
- net: usb: sr9700: stop lying about skb->truesize (git-fixes).
- net: vmxnet3: Fix NULL pointer dereference in vmxnet3_rq_rx_complete() (bsc#1223360).
- nfc: change order inside nfc_se_io error path (git-fixes).
- powerpc/pseries/lparcfg: drop error message from guest name lookup (bsc#1187716 ltc#193451 git-fixes).
- ppdev: Add an error check in register_device (git-fixes).
- printk: Disable passing console lock owner completely during panic() (bsc#1197894).
- printk: Update @console_may_schedule in console_trylock_spinning() (bsc#1223969).
- rds: avoid unenecessary cong_update in loop transport (git-fixes).
- rds: ib: Fix missing call to rds_ib_dev_put in rds_ib_setup_qp (git-fixes).
- ring-buffer: Clean ring_buffer_poll_wait() error return (git-fixes).
- ring-buffer: Fix a race between readers and resize checks (bsc#1222893).
- rxrpc: Do not put crypto buffers on the stack (git-fixes).
- rxrpc: Fix a memory leak in rxkad_verify_response() (git-fixes).
- rxrpc: Provide a different lockdep key for call->user_mutex for kernel calls (git-fixes).
- rxrpc: The mutex lock returned by rxrpc_accept_call() needs releasing (git-fixes).
- rxrpc: Work around usercopy check (git-fixes).
- s390/cpum_cf: make crypto counters upward compatible across machine types (bsc#1224347).
- s390/pci: fix max size calculation in zpci_memcpy_toio() (git-fixes bsc#1225062).
- scripts/check-kernel-fix: add -F parameter
- scripts/check-kernel-fix: avoid rechecking child branches when parents are OK Topological sorted dependency tree allows to optimize check-kernel-fixe in cases where parent already has the fix. There is not reason to check branches which merge from that branch as they will get the fix eventually.
- scripts/check-kernel-fix: print a message when no action is needed. Script exits without printing anything about the actions necessary in non-verbose mode. This can be confusing to a beginner user.
- scripts/common-functions: for_each_build_branch traverse branches in dependency topo sorted list
- scripts/common-functions: There are cases where Fixes tag is incorrect. Example would be bsc1223062 comment 3.
- scripts/cve_tools: Update README Issue was fixed in ad3235427c3
- scripts/git_sort/git_sort.py: add rafael/linux-pm.git#linux-next to remotes
- scripts/log2: Fix References: update detection The following change -REferences: git-fixes +REferences:
git-fixes bsc#123456 (note the typo in E) will not be detected as a reference update and generates a commit message like
- scripts/PMU: Always use 12 digits for abbreviated hash references Kernel developers tend to use 12 digits for abbreviated hash references as this is mandatory for upstream work. Enforce this count in PMU for consistency.
- tcp: tcp_make_synack() can be called from process context (git-fixes).
- tls: Fix context leak on tls_device_down (bsc#1221545).
- tracing: Fix blocked reader of snapshot buffer (git-fixes).
- tracing: hide unused ftrace_event_id_fops (git-fixes).
- tracing: Use .flush() call to wake up readers (git-fixes).
- tracing: Use strncpy instead of memcpy when copying comm in trace.c (git-fixes).
- tty/sysrq: replace smp_processor_id() with get_cpu() (bsc#1223540).
- usb: aqc111: stop lying about skb->truesize (git-fixes).
- wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
- wifi: radiotap: fix kernel-doc notation warnings (git-fixes).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Detections

Analytics

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:2184-1)

high Nessus Plugin ID 200931

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

VPR

CVSS v2

CVSS v3

Vulnerability Information

Reference Information