SUSE 5143 Published by

SUSE Linux has received a range of security updates, which include xorg-x11-server, xwayland, and the Linux kernel:

SUSE-SU-2024:3787-1: important: Security update for xorg-x11-server
SUSE-SU-2024:3789-1: important: Security update for xwayland
SUSE-SU-2024:3799-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP4)
SUSE-SU-2024:3793-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP4)
SUSE-SU-2024:3788-1: important: Security update for xorg-x11-server
SUSE-SU-2024:3790-1: important: Security update for xwayland
SUSE-SU-2024:3797-1: important: Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP3)
SUSE-SU-2024:3791-1: important: Security update for xwayland
SUSE-SU-2024:3798-1: important: Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)
SUSE-SU-2024:3785-1: important: Security update for pcp
SUSE-SU-2024:3780-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP4)
SUSE-SU-2024:3783-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3)
SUSE-SU-2024:3814-1: important: Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP3)
SUSE-SU-2024:3815-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP4)
SUSE-SU-2024:3824-1: important: Security update for the Linux Kernel RT (Live Patch 9 for SLE 15 SP5)
SUSE-SU-2024:3829-1: important: Security update for the Linux Kernel RT (Live Patch 10 for SLE 15 SP5)
SUSE-SU-2024:3830-1: important: Security update for the Linux Kernel RT (Live Patch 13 for SLE 15 SP5)
SUSE-SU-2024:3833-1: important: Security update for the Linux Kernel RT (Live Patch 16 for SLE 15 SP5)
SUSE-SU-2024:3831-1: important: Security update for the Linux Kernel RT (Live Patch 15 for SLE 15 SP5)
SUSE-SU-2024:3837-1: important: Security update for the Linux Kernel RT (Live Patch 11 for SLE 15 SP5)
SUSE-SU-2024:3836-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4)
openSUSE-SU-2024:0342-1: moderate: Security update for lxc
openSUSE-SU-2024:0343-1: moderate: Security update for Botan
SUSE-SU-2024:3809-1: moderate: Security update for go1.21-openssl
SUSE-SU-2024:3811-1: moderate: Security update for govulncheck-vulndb
SUSE-SU-2024:3810-1: moderate: Security update for python-Werkzeug
SUSE-SU-2024:3805-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP4)
SUSE-SU-2024:3804-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP3)
SUSE-SU-2024:3806-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP4)




SUSE-SU-2024:3787-1: important: Security update for xorg-x11-server


# Security update for xorg-x11-server

Announcement ID: SUSE-SU-2024:3787-1
Release Date: 2024-10-30T08:18:52Z
Rating: important
References:

* bsc#1231565

Cross-References:

* CVE-2024-9632

CVSS scores:

* CVE-2024-9632 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-9632 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-9632 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP6
* Development Tools Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for xorg-x11-server fixes the following issues:

* CVE-2024-9632: Fixed heap-based buffer overflow privilege escalation in
_XkbSetCompatMap (bsc#1231565).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-3787=1 openSUSE-SLE-15.6-2024-3787=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3787=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-3787=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* xorg-x11-server-21.1.11-150600.5.3.1
* xorg-x11-server-debugsource-21.1.11-150600.5.3.1
* xorg-x11-server-Xvfb-debuginfo-21.1.11-150600.5.3.1
* xorg-x11-server-Xvfb-21.1.11-150600.5.3.1
* xorg-x11-server-extra-21.1.11-150600.5.3.1
* xorg-x11-server-source-21.1.11-150600.5.3.1
* xorg-x11-server-sdk-21.1.11-150600.5.3.1
* xorg-x11-server-extra-debuginfo-21.1.11-150600.5.3.1
* xorg-x11-server-debuginfo-21.1.11-150600.5.3.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-21.1.11-150600.5.3.1
* xorg-x11-server-debugsource-21.1.11-150600.5.3.1
* xorg-x11-server-Xvfb-debuginfo-21.1.11-150600.5.3.1
* xorg-x11-server-Xvfb-21.1.11-150600.5.3.1
* xorg-x11-server-extra-21.1.11-150600.5.3.1
* xorg-x11-server-extra-debuginfo-21.1.11-150600.5.3.1
* xorg-x11-server-debuginfo-21.1.11-150600.5.3.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-debugsource-21.1.11-150600.5.3.1
* xorg-x11-server-sdk-21.1.11-150600.5.3.1
* xorg-x11-server-debuginfo-21.1.11-150600.5.3.1

## References:

* https://www.suse.com/security/cve/CVE-2024-9632.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231565



SUSE-SU-2024:3789-1: important: Security update for xwayland


# Security update for xwayland

Announcement ID: SUSE-SU-2024:3789-1
Release Date: 2024-10-30T08:19:26Z
Rating: important
References:

* bsc#1231565

Cross-References:

* CVE-2024-9632

CVSS scores:

* CVE-2024-9632 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-9632 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-9632 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Workstation Extension 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for xwayland fixes the following issues:

* CVE-2024-9632: Fixed heap-based buffer overflow privilege escalation in
_XkbSetCompatMap (bsc#1231565).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-3789=1 openSUSE-SLE-15.6-2024-3789=1

* SUSE Linux Enterprise Workstation Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2024-3789=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* xwayland-debugsource-24.1.1-150600.5.6.1
* xwayland-debuginfo-24.1.1-150600.5.6.1
* xwayland-24.1.1-150600.5.6.1
* xwayland-devel-24.1.1-150600.5.6.1
* SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64)
* xwayland-debugsource-24.1.1-150600.5.6.1
* xwayland-debuginfo-24.1.1-150600.5.6.1
* xwayland-24.1.1-150600.5.6.1

## References:

* https://www.suse.com/security/cve/CVE-2024-9632.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231565



SUSE-SU-2024:3799-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP4)

Announcement ID: SUSE-SU-2024:3799-1
Release Date: 2024-10-30T11:33:51Z
Rating: important
References:

* bsc#1225011
* bsc#1225012
* bsc#1225309
* bsc#1225311
* bsc#1225819
* bsc#1227471
* bsc#1231353

Cross-References:

* CVE-2021-47598
* CVE-2023-52752
* CVE-2024-35862
* CVE-2024-35863
* CVE-2024-35864
* CVE-2024-35867

CVSS scores:

* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves six vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_97 fixes several issues.

The following security issues were fixed:

* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break()
(bsc#1225011).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).
* Intermittent nfs mount failures (may be due to SUNRPC over UDP)
(bsc#1231353)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3799=1 SUSE-2024-3792=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3799=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2024-3792=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_20-debugsource-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_92-default-debuginfo-14-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_19-debugsource-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_97-default-debuginfo-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_97-default-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_92-default-14-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_20-debugsource-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_92-default-debuginfo-14-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_19-debugsource-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_97-default-debuginfo-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_97-default-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_92-default-14-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35863.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://www.suse.com/security/cve/CVE-2024-35867.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225011
* https://bugzilla.suse.com/show_bug.cgi?id=1225012
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1227471
* https://bugzilla.suse.com/show_bug.cgi?id=1231353



SUSE-SU-2024:3793-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP4)

Announcement ID: SUSE-SU-2024:3793-1
Release Date: 2024-10-30T09:04:17Z
Rating: important
References:

* bsc#1219296
* bsc#1220145
* bsc#1220211
* bsc#1220828
* bsc#1220832
* bsc#1221302
* bsc#1222685
* bsc#1222882
* bsc#1223059
* bsc#1223363
* bsc#1223514
* bsc#1223521
* bsc#1223681
* bsc#1223683
* bsc#1225011
* bsc#1225012
* bsc#1225013
* bsc#1225099
* bsc#1225309
* bsc#1225310
* bsc#1225311
* bsc#1225312
* bsc#1225313
* bsc#1225739
* bsc#1225819
* bsc#1226325
* bsc#1227471
* bsc#1228573
* bsc#1228786
* bsc#1231353

Cross-References:

* CVE-2021-47598
* CVE-2022-48651
* CVE-2022-48662
* CVE-2023-52340
* CVE-2023-52502
* CVE-2023-52752
* CVE-2023-52846
* CVE-2023-6546
* CVE-2024-23307
* CVE-2024-26585
* CVE-2024-26610
* CVE-2024-26622
* CVE-2024-26766
* CVE-2024-26828
* CVE-2024-26852
* CVE-2024-26923
* CVE-2024-26930
* CVE-2024-27398
* CVE-2024-35817
* CVE-2024-35861
* CVE-2024-35862
* CVE-2024-35863
* CVE-2024-35864
* CVE-2024-35867
* CVE-2024-35950
* CVE-2024-36899
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059

CVSS scores:

* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52340 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26585 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-26622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26766 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves 29 vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_108 fixes several issues.

The following security issues were fixed:

* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break()
(bsc#1225011).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).
* Intermittent nfs mount failures (may be due to SUNRPC over UDP)
(bsc#1231353)
* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2022-48662: Fixed a general protection fault (GPF) in
i915_perf_open_ioctl (bsc#1223521).
* CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
* CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86
and ARM md, raid, raid5 modules (bsc#1220145).
* CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify()
(bsc#1223059).
* CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302).
* CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset
skb->mac_header (bsc#1223514).
* CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs()
(bsc#1222882).
* CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and
nfc_llcp_sock_get_sn() (bsc#1220832).
* CVE-2024-26585: Fixed race between tx work scheduling and socket close
(bsc#1220211).
* CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via
the GSMIOC_SETCONF ioctl that could lead to local privilege escalation
(bsc#1222685).
* CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828).
* CVE-2023-52340: Fixed a denial of service related to ICMPv6 'Packet Too Big'
packets (bsc#1219296).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3793=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3793=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_108-default-10-150400.9.8.1
* kernel-livepatch-5_14_21-150400_24_108-default-debuginfo-10-150400.9.8.1
* kernel-livepatch-SLE15-SP4_Update_23-debugsource-10-150400.9.8.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_108-default-10-150400.9.8.1
* kernel-livepatch-5_14_21-150400_24_108-default-debuginfo-10-150400.9.8.1
* kernel-livepatch-SLE15-SP4_Update_23-debugsource-10-150400.9.8.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2022-48651.html
* https://www.suse.com/security/cve/CVE-2022-48662.html
* https://www.suse.com/security/cve/CVE-2023-52340.html
* https://www.suse.com/security/cve/CVE-2023-52502.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2023-6546.html
* https://www.suse.com/security/cve/CVE-2024-23307.html
* https://www.suse.com/security/cve/CVE-2024-26585.html
* https://www.suse.com/security/cve/CVE-2024-26610.html
* https://www.suse.com/security/cve/CVE-2024-26622.html
* https://www.suse.com/security/cve/CVE-2024-26766.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26852.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-26930.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35817.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35863.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://www.suse.com/security/cve/CVE-2024-35867.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219296
* https://bugzilla.suse.com/show_bug.cgi?id=1220145
* https://bugzilla.suse.com/show_bug.cgi?id=1220211
* https://bugzilla.suse.com/show_bug.cgi?id=1220828
* https://bugzilla.suse.com/show_bug.cgi?id=1220832
* https://bugzilla.suse.com/show_bug.cgi?id=1221302
* https://bugzilla.suse.com/show_bug.cgi?id=1222685
* https://bugzilla.suse.com/show_bug.cgi?id=1222882
* https://bugzilla.suse.com/show_bug.cgi?id=1223059
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223514
* https://bugzilla.suse.com/show_bug.cgi?id=1223521
* https://bugzilla.suse.com/show_bug.cgi?id=1223681
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225011
* https://bugzilla.suse.com/show_bug.cgi?id=1225012
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225313
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1227471
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786
* https://bugzilla.suse.com/show_bug.cgi?id=1231353



SUSE-SU-2024:3788-1: important: Security update for xorg-x11-server


# Security update for xorg-x11-server

Announcement ID: SUSE-SU-2024:3788-1
Release Date: 2024-10-30T08:19:15Z
Rating: important
References:

* bsc#1231565

Cross-References:

* CVE-2024-9632

CVSS scores:

* CVE-2024-9632 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-9632 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-9632 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP5
* Development Tools Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for xorg-x11-server fixes the following issues:

* CVE-2024-9632: Fixed heap-based buffer overflow privilege escalation in
_XkbSetCompatMap (bsc#1231565).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-3788=1 openSUSE-SLE-15.5-2024-3788=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3788=1

* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-3788=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* xorg-x11-server-sdk-21.1.4-150500.7.29.1
* xorg-x11-server-extra-21.1.4-150500.7.29.1
* xorg-x11-server-Xvfb-21.1.4-150500.7.29.1
* xorg-x11-server-debugsource-21.1.4-150500.7.29.1
* xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.29.1
* xorg-x11-server-extra-debuginfo-21.1.4-150500.7.29.1
* xorg-x11-server-21.1.4-150500.7.29.1
* xorg-x11-server-debuginfo-21.1.4-150500.7.29.1
* xorg-x11-server-source-21.1.4-150500.7.29.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-extra-21.1.4-150500.7.29.1
* xorg-x11-server-Xvfb-21.1.4-150500.7.29.1
* xorg-x11-server-debugsource-21.1.4-150500.7.29.1
* xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.29.1
* xorg-x11-server-extra-debuginfo-21.1.4-150500.7.29.1
* xorg-x11-server-21.1.4-150500.7.29.1
* xorg-x11-server-debuginfo-21.1.4-150500.7.29.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-debugsource-21.1.4-150500.7.29.1
* xorg-x11-server-sdk-21.1.4-150500.7.29.1
* xorg-x11-server-debuginfo-21.1.4-150500.7.29.1

## References:

* https://www.suse.com/security/cve/CVE-2024-9632.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231565



SUSE-SU-2024:3790-1: important: Security update for xwayland


# Security update for xwayland

Announcement ID: SUSE-SU-2024:3790-1
Release Date: 2024-10-30T08:19:42Z
Rating: important
References:

* bsc#1231565

Cross-References:

* CVE-2024-9632

CVSS scores:

* CVE-2024-9632 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-9632 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-9632 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for xwayland fixes the following issues:

* CVE-2024-9632: Fixed heap-based buffer overflow privilege escalation in
_XkbSetCompatMap (bsc#1231565).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3790=1 SUSE-2024-3790=1

* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-3790=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* xwayland-debuginfo-22.1.5-150500.7.25.1
* xwayland-devel-22.1.5-150500.7.25.1
* xwayland-22.1.5-150500.7.25.1
* xwayland-debugsource-22.1.5-150500.7.25.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* xwayland-debuginfo-22.1.5-150500.7.25.1
* xwayland-22.1.5-150500.7.25.1
* xwayland-debugsource-22.1.5-150500.7.25.1

## References:

* https://www.suse.com/security/cve/CVE-2024-9632.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231565



SUSE-SU-2024:3797-1: important: Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP3)

Announcement ID: SUSE-SU-2024:3797-1
Release Date: 2024-10-30T11:04:16Z
Rating: important
References:

* bsc#1225309
* bsc#1225311
* bsc#1225819
* bsc#1227471

Cross-References:

* CVE-2021-47598
* CVE-2023-52752
* CVE-2024-35862
* CVE-2024-35864

CVSS scores:

* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_141 fixes several issues.

The following security issues were fixed:

* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-3797=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3797=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_38-debugsource-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_141-default-debuginfo-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_141-default-14-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_141-preempt-debuginfo-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_141-preempt-14-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_141-default-14-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1227471



SUSE-SU-2024:3791-1: important: Security update for xwayland


# Security update for xwayland

Announcement ID: SUSE-SU-2024:3791-1
Release Date: 2024-10-30T08:19:49Z
Rating: important
References:

* bsc#1231565

Cross-References:

* CVE-2024-9632

CVSS scores:

* CVE-2024-9632 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-9632 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-9632 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4

An update that solves one vulnerability can now be installed.

## Description:

This update for xwayland fixes the following issues:

* CVE-2024-9632: Fixed heap-based buffer overflow privilege escalation in
_XkbSetCompatMap (bsc#1231565).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3791=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3791=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* xwayland-21.1.4-150400.3.39.1
* xwayland-debugsource-21.1.4-150400.3.39.1
* xwayland-debuginfo-21.1.4-150400.3.39.1
* xwayland-devel-21.1.4-150400.3.39.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* xwayland-21.1.4-150400.3.39.1
* xwayland-debugsource-21.1.4-150400.3.39.1
* xwayland-debuginfo-21.1.4-150400.3.39.1

## References:

* https://www.suse.com/security/cve/CVE-2024-9632.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231565



SUSE-SU-2024:3798-1: important: Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)

Announcement ID: SUSE-SU-2024:3798-1
Release Date: 2024-10-30T11:33:45Z
Rating: important
References:

* bsc#1210619
* bsc#1218487
* bsc#1220145
* bsc#1220537
* bsc#1221302
* bsc#1222685
* bsc#1223059
* bsc#1223363
* bsc#1223514
* bsc#1223683
* bsc#1225013
* bsc#1225202
* bsc#1225211
* bsc#1225302
* bsc#1225309
* bsc#1225310
* bsc#1225311
* bsc#1225312
* bsc#1225819
* bsc#1226325
* bsc#1227471
* bsc#1227651
* bsc#1228573

Cross-References:

* CVE-2021-46955
* CVE-2021-47291
* CVE-2021-47378
* CVE-2021-47383
* CVE-2021-47402
* CVE-2021-47598
* CVE-2022-48651
* CVE-2023-1829
* CVE-2023-52752
* CVE-2023-6531
* CVE-2023-6546
* CVE-2024-23307
* CVE-2024-26610
* CVE-2024-26828
* CVE-2024-26852
* CVE-2024-26923
* CVE-2024-27398
* CVE-2024-35861
* CVE-2024-35862
* CVE-2024-35864
* CVE-2024-35950
* CVE-2024-36964
* CVE-2024-41059

CVSS scores:

* CVE-2021-46955 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47402 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6531 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6531 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves 23 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_153 fixes several issues.

The following security issues were fixed:

* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).
* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2021-47291: ipv6: fix another slab-out-of-bounds in
fib6_nh_flush_exceptions (bsc#1227651).
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301)
* CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free
(bsc#1225202).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).
* CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit
(bsc#1225211).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
* CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when
fragmenting IPv4 packets (bsc#1220537).
* CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86
and ARM md, raid, raid5 modules (bsc#1220145).
* CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify()
(bsc#1223059).
* CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302).
* CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset
skb->mac_header (bsc#1223514).
* CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via
the GSMIOC_SETCONF ioctl that could lead to local privilege escalation
(bsc#1222685).
* CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix
garbage collector's deletion of SKB races with unix_stream_read_generic()on
the socket that the SKB is queued on (bsc#1218487).
* CVE-2023-1829: Fixed a use-after-free vulnerability in the control index
filter (tcindex) (bsc#1210619).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3798=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-3798=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_153-default-9-150300.7.6.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_153-default-debuginfo-9-150300.7.6.1
* kernel-livepatch-5_3_18-150300_59_153-default-9-150300.7.6.1
* kernel-livepatch-SLE15-SP3_Update_42-debugsource-9-150300.7.6.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_153-preempt-debuginfo-9-150300.7.6.1
* kernel-livepatch-5_3_18-150300_59_153-preempt-9-150300.7.6.1

## References:

* https://www.suse.com/security/cve/CVE-2021-46955.html
* https://www.suse.com/security/cve/CVE-2021-47291.html
* https://www.suse.com/security/cve/CVE-2021-47378.html
* https://www.suse.com/security/cve/CVE-2021-47383.html
* https://www.suse.com/security/cve/CVE-2021-47402.html
* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2022-48651.html
* https://www.suse.com/security/cve/CVE-2023-1829.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2023-6531.html
* https://www.suse.com/security/cve/CVE-2023-6546.html
* https://www.suse.com/security/cve/CVE-2024-23307.html
* https://www.suse.com/security/cve/CVE-2024-26610.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26852.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1210619
* https://bugzilla.suse.com/show_bug.cgi?id=1218487
* https://bugzilla.suse.com/show_bug.cgi?id=1220145
* https://bugzilla.suse.com/show_bug.cgi?id=1220537
* https://bugzilla.suse.com/show_bug.cgi?id=1221302
* https://bugzilla.suse.com/show_bug.cgi?id=1222685
* https://bugzilla.suse.com/show_bug.cgi?id=1223059
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223514
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225202
* https://bugzilla.suse.com/show_bug.cgi?id=1225211
* https://bugzilla.suse.com/show_bug.cgi?id=1225302
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1227471
* https://bugzilla.suse.com/show_bug.cgi?id=1227651
* https://bugzilla.suse.com/show_bug.cgi?id=1228573



SUSE-SU-2024:3785-1: important: Security update for pcp


# Security update for pcp

Announcement ID: SUSE-SU-2024:3785-1
Release Date: 2024-10-30T07:56:18Z
Rating: important
References:

* bsc#1217826
* bsc#1222815
* bsc#1230551
* bsc#1230552
* bsc#1231345
* jsc#PED-8192
* jsc#PED-8389

Cross-References:

* CVE-2023-6917
* CVE-2024-45769
* CVE-2024-45770

CVSS scores:

* CVE-2023-6917 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45769 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-45769 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-45769 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-45770 ( SUSE ): 4.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2024-45770 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-45770 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected Products:

* Development Tools Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves three vulnerabilities, contains two features and has two
security fixes can now be installed.

## Description:

This update for pcp fixes the following issues:

pcp was updated from version 5.2.5 to version 6.2.0 (jsc#PED-8192,
jsc#PED-8389):

* Security issues fixed:

* CVE-2024-45770: Fixed a symlink attack that allows escalating from the pcp
to the root user (bsc#1230552)

* CVE-2024-45769: Fixed a heap corruption through metric pmstore operations
(bsc#1230551)
* CVE-2023-6917: Fixed local privilege escalation from pcp user to root in
/usr/libexec/pcp/lib/pmproxy (bsc#1217826)

* Major changes:

* Add version 3 PCP archive support: instance domain change-deltas, Y2038-safe
timestamps, nanosecond-precision timestamps, arbitrary timezones support,
64-bit file offsets used throughout for larger (beyond 2GB) individual
volumes

* Opt-in using the /etc/pcp.conf PCP_ARCHIVE_VERSION setting
* Version 2 archives remain the default (for next few years)
* Switch to using OpenSSL only throughout PCP (dropped NSS/NSPR); this impacts
on libpcp, PMAPI clients and PMCD use of encryption; these are now
configured and used consistently with pmproxy HTTPS support and redis-
server, which were both already using OpenSSL.
* New nanosecond precision timestamp PMAPI calls for PCP library interfaces
that make use of timestamps These are all optional, and full backward
compatibility is preserved for existing tools.
* For the full list of changes please consult the packaged CHANGELOG file

* Other packaging changes:

* Moved pmlogger_daily into the main package (bsc#1222815)

* Change dependency from openssl-devel >= 1.1.1 to openssl-devel >= 1.0.2p.
Required for SLE-12
* Introduce 'pmda-resctrl' package, disabled for architectures other than
x86_64
* Change the architecture for various subpackages to 'noarch' as they contain
no binaries
* Disable 'pmda-mssql', as it fails to build

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-3785=1 openSUSE-SLE-15.5-2024-3785=1

* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-3785=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* pcp-pmda-gfs2-debuginfo-6.2.0-150500.8.6.1
* pcp-system-tools-debuginfo-6.2.0-150500.8.6.1
* libpcp-devel-6.2.0-150500.8.6.1
* libpcp_trace2-6.2.0-150500.8.6.1
* perl-PCP-LogImport-debuginfo-6.2.0-150500.8.6.1
* pcp-pmda-cisco-6.2.0-150500.8.6.1
* pcp-testsuite-6.2.0-150500.8.6.1
* libpcp_import1-6.2.0-150500.8.6.1
* pcp-pmda-bash-6.2.0-150500.8.6.1
* pcp-gui-debuginfo-6.2.0-150500.8.6.1
* python3-pcp-debuginfo-6.2.0-150500.8.6.1
* pcp-pmda-bind2-6.2.0-150500.8.6.1
* pcp-pmda-logger-debuginfo-6.2.0-150500.8.6.1
* pcp-pmda-shping-debuginfo-6.2.0-150500.8.6.1
* pcp-pmda-roomtemp-6.2.0-150500.8.6.1
* pcp-pmda-shping-6.2.0-150500.8.6.1
* pcp-pmda-gfs2-6.2.0-150500.8.6.1
* pcp-pmda-apache-debuginfo-6.2.0-150500.8.6.1
* pcp-devel-6.2.0-150500.8.6.1
* pcp-pmda-zimbra-6.2.0-150500.8.6.1
* pcp-testsuite-debuginfo-6.2.0-150500.8.6.1
* pcp-pmda-mailq-debuginfo-6.2.0-150500.8.6.1
* pcp-import-collectl2pcp-debuginfo-6.2.0-150500.8.6.1
* pcp-pmda-nvidia-gpu-6.2.0-150500.8.6.1
* pcp-pmda-docker-debuginfo-6.2.0-150500.8.6.1
* libpcp3-6.2.0-150500.8.6.1
* pcp-pmda-sendmail-debuginfo-6.2.0-150500.8.6.1
* perl-PCP-MMV-6.2.0-150500.8.6.1
* python3-pcp-6.2.0-150500.8.6.1
* pcp-pmda-smart-debuginfo-6.2.0-150500.8.6.1
* pcp-devel-debuginfo-6.2.0-150500.8.6.1
* libpcp_mmv1-debuginfo-6.2.0-150500.8.6.1
* libpcp_gui2-debuginfo-6.2.0-150500.8.6.1
* pcp-debugsource-6.2.0-150500.8.6.1
* pcp-pmda-zimbra-debuginfo-6.2.0-150500.8.6.1
* pcp-pmda-trace-debuginfo-6.2.0-150500.8.6.1
* pcp-pmda-cifs-6.2.0-150500.8.6.1
* perl-PCP-PMDA-6.2.0-150500.8.6.1
* perl-PCP-MMV-debuginfo-6.2.0-150500.8.6.1
* libpcp_import1-debuginfo-6.2.0-150500.8.6.1
* pcp-pmda-cifs-debuginfo-6.2.0-150500.8.6.1
* pcp-6.2.0-150500.8.6.1
* pcp-pmda-sockets-6.2.0-150500.8.6.1
* pcp-pmda-mounts-debuginfo-6.2.0-150500.8.6.1
* pcp-pmda-bash-debuginfo-6.2.0-150500.8.6.1
* pcp-pmda-dm-debuginfo-6.2.0-150500.8.6.1
* pcp-pmda-lustrecomm-6.2.0-150500.8.6.1
* pcp-pmda-weblog-6.2.0-150500.8.6.1
* pcp-gui-6.2.0-150500.8.6.1
* pcp-pmda-sendmail-6.2.0-150500.8.6.1
* pcp-pmda-docker-6.2.0-150500.8.6.1
* pcp-pmda-hacluster-6.2.0-150500.8.6.1
* libpcp_mmv1-6.2.0-150500.8.6.1
* pcp-pmda-cisco-debuginfo-6.2.0-150500.8.6.1
* libpcp_web1-6.2.0-150500.8.6.1
* pcp-pmda-smart-6.2.0-150500.8.6.1
* pcp-pmda-trace-6.2.0-150500.8.6.1
* libpcp3-debuginfo-6.2.0-150500.8.6.1
* pcp-pmda-nvidia-gpu-debuginfo-6.2.0-150500.8.6.1
* pcp-debuginfo-6.2.0-150500.8.6.1
* pcp-pmda-hacluster-debuginfo-6.2.0-150500.8.6.1
* libpcp_gui2-6.2.0-150500.8.6.1
* pcp-pmda-mounts-6.2.0-150500.8.6.1
* pcp-pmda-weblog-debuginfo-6.2.0-150500.8.6.1
* pcp-system-tools-6.2.0-150500.8.6.1
* perl-PCP-LogSummary-6.2.0-150500.8.6.1
* pcp-pmda-logger-6.2.0-150500.8.6.1
* pcp-pmda-lustrecomm-debuginfo-6.2.0-150500.8.6.1
* pcp-pmda-summary-6.2.0-150500.8.6.1
* perl-PCP-LogImport-6.2.0-150500.8.6.1
* pcp-import-collectl2pcp-6.2.0-150500.8.6.1
* pcp-pmda-roomtemp-debuginfo-6.2.0-150500.8.6.1
* pcp-pmda-systemd-6.2.0-150500.8.6.1
* pcp-pmda-systemd-debuginfo-6.2.0-150500.8.6.1
* libpcp_trace2-debuginfo-6.2.0-150500.8.6.1
* pcp-pmda-mailq-6.2.0-150500.8.6.1
* pcp-pmda-sockets-debuginfo-6.2.0-150500.8.6.1
* pcp-pmda-dm-6.2.0-150500.8.6.1
* pcp-pmda-summary-debuginfo-6.2.0-150500.8.6.1
* perl-PCP-PMDA-debuginfo-6.2.0-150500.8.6.1
* pcp-pmda-apache-6.2.0-150500.8.6.1
* libpcp_web1-debuginfo-6.2.0-150500.8.6.1
* openSUSE Leap 15.5 (noarch)
* pcp-export-pcp2influxdb-6.2.0-150500.8.6.1
* pcp-pmda-netfilter-6.2.0-150500.8.6.1
* pcp-pmda-elasticsearch-6.2.0-150500.8.6.1
* pcp-pmda-netcheck-6.2.0-150500.8.6.1
* pcp-doc-6.2.0-150500.8.6.1
* pcp-pmda-mysql-6.2.0-150500.8.6.1
* pcp-pmda-bonding-6.2.0-150500.8.6.1
* pcp-pmda-openmetrics-6.2.0-150500.8.6.1
* pcp-pmda-ds389-6.2.0-150500.8.6.1
* pcp-pmda-rsyslog-6.2.0-150500.8.6.1
* pcp-import-ganglia2pcp-6.2.0-150500.8.6.1
* pcp-pmda-news-6.2.0-150500.8.6.1
* pcp-export-pcp2graphite-6.2.0-150500.8.6.1
* pcp-export-pcp2elasticsearch-6.2.0-150500.8.6.1
* pcp-import-mrtg2pcp-6.2.0-150500.8.6.1
* pcp-import-iostat2pcp-6.2.0-150500.8.6.1
* pcp-pmda-samba-6.2.0-150500.8.6.1
* pcp-export-pcp2zabbix-6.2.0-150500.8.6.1
* pcp-pmda-nfsclient-6.2.0-150500.8.6.1
* pcp-pmda-openvswitch-6.2.0-150500.8.6.1
* pcp-pmda-snmp-6.2.0-150500.8.6.1
* pcp-export-pcp2json-6.2.0-150500.8.6.1
* pcp-pmda-dbping-6.2.0-150500.8.6.1
* pcp-pmda-slurm-6.2.0-150500.8.6.1
* pcp-conf-6.2.0-150500.8.6.1
* pcp-pmda-mic-6.2.0-150500.8.6.1
* pcp-export-pcp2xml-6.2.0-150500.8.6.1
* pcp-pmda-haproxy-6.2.0-150500.8.6.1
* pcp-pmda-lmsensors-6.2.0-150500.8.6.1
* pcp-pmda-oracle-6.2.0-150500.8.6.1
* pcp-export-pcp2spark-6.2.0-150500.8.6.1
* pcp-pmda-nginx-6.2.0-150500.8.6.1
* pcp-pmda-gpfs-6.2.0-150500.8.6.1
* pcp-pmda-named-6.2.0-150500.8.6.1
* pcp-pmda-activemq-6.2.0-150500.8.6.1
* pcp-zeroconf-6.2.0-150500.8.6.1
* pcp-pmda-gluster-6.2.0-150500.8.6.1
* pcp-pmda-nutcracker-6.2.0-150500.8.6.1
* pcp-import-sar2pcp-6.2.0-150500.8.6.1
* pcp-pmda-lustre-6.2.0-150500.8.6.1
* pcp-pmda-zswap-6.2.0-150500.8.6.1
* pcp-pmda-postfix-6.2.0-150500.8.6.1
* pcp-pmda-redis-6.2.0-150500.8.6.1
* pcp-pmda-unbound-6.2.0-150500.8.6.1
* pcp-pmda-rabbitmq-6.2.0-150500.8.6.1
* pcp-pmda-gpsd-6.2.0-150500.8.6.1
* pcp-pmda-json-6.2.0-150500.8.6.1
* pcp-pmda-ds389log-6.2.0-150500.8.6.1
* pcp-pmda-memcache-6.2.0-150500.8.6.1
* pcp-pmda-pdns-6.2.0-150500.8.6.1
* openSUSE Leap 15.5 (aarch64 ppc64le x86_64 i586)
* pcp-pmda-infiniband-6.2.0-150500.8.6.1
* pcp-pmda-infiniband-debuginfo-6.2.0-150500.8.6.1
* pcp-pmda-perfevent-6.2.0-150500.8.6.1
* pcp-pmda-perfevent-debuginfo-6.2.0-150500.8.6.1
* openSUSE Leap 15.5 (x86_64)
* pcp-pmda-resctrl-debuginfo-6.2.0-150500.8.6.1
* pcp-pmda-resctrl-6.2.0-150500.8.6.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* pcp-system-tools-debuginfo-6.2.0-150500.8.6.1
* libpcp-devel-6.2.0-150500.8.6.1
* libpcp_trace2-6.2.0-150500.8.6.1
* perl-PCP-LogImport-debuginfo-6.2.0-150500.8.6.1
* libpcp_import1-6.2.0-150500.8.6.1
* pcp-devel-6.2.0-150500.8.6.1
* perl-PCP-MMV-6.2.0-150500.8.6.1
* libpcp3-6.2.0-150500.8.6.1
* pcp-devel-debuginfo-6.2.0-150500.8.6.1
* libpcp_mmv1-debuginfo-6.2.0-150500.8.6.1
* libpcp_gui2-debuginfo-6.2.0-150500.8.6.1
* pcp-debugsource-6.2.0-150500.8.6.1
* perl-PCP-PMDA-6.2.0-150500.8.6.1
* perl-PCP-MMV-debuginfo-6.2.0-150500.8.6.1
* libpcp_import1-debuginfo-6.2.0-150500.8.6.1
* pcp-6.2.0-150500.8.6.1
* libpcp_mmv1-6.2.0-150500.8.6.1
* libpcp_web1-6.2.0-150500.8.6.1
* libpcp3-debuginfo-6.2.0-150500.8.6.1
* pcp-debuginfo-6.2.0-150500.8.6.1
* libpcp_gui2-6.2.0-150500.8.6.1
* perl-PCP-LogSummary-6.2.0-150500.8.6.1
* pcp-system-tools-6.2.0-150500.8.6.1
* perl-PCP-LogImport-6.2.0-150500.8.6.1
* libpcp_trace2-debuginfo-6.2.0-150500.8.6.1
* python3-pcp-debuginfo-6.2.0-150500.8.6.1
* perl-PCP-PMDA-debuginfo-6.2.0-150500.8.6.1
* python3-pcp-6.2.0-150500.8.6.1
* libpcp_web1-debuginfo-6.2.0-150500.8.6.1
* Development Tools Module 15-SP5 (noarch)
* pcp-doc-6.2.0-150500.8.6.1
* pcp-conf-6.2.0-150500.8.6.1
* pcp-import-iostat2pcp-6.2.0-150500.8.6.1
* pcp-import-sar2pcp-6.2.0-150500.8.6.1
* pcp-import-mrtg2pcp-6.2.0-150500.8.6.1
* Development Tools Module 15-SP5 (ppc64le)
* pcp-pmda-perfevent-debuginfo-6.2.0-150500.8.6.1
* pcp-pmda-perfevent-6.2.0-150500.8.6.1

## References:

* https://www.suse.com/security/cve/CVE-2023-6917.html
* https://www.suse.com/security/cve/CVE-2024-45769.html
* https://www.suse.com/security/cve/CVE-2024-45770.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217826
* https://bugzilla.suse.com/show_bug.cgi?id=1222815
* https://bugzilla.suse.com/show_bug.cgi?id=1230551
* https://bugzilla.suse.com/show_bug.cgi?id=1230552
* https://bugzilla.suse.com/show_bug.cgi?id=1231345
* https://jira.suse.com/browse/PED-8192
* https://jira.suse.com/browse/PED-8389



SUSE-SU-2024:3780-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP4)

Announcement ID: SUSE-SU-2024:3780-1
Release Date: 2024-10-29T20:48:12Z
Rating: important
References:

* bsc#1223683
* bsc#1225099
* bsc#1225309
* bsc#1225310
* bsc#1225311
* bsc#1225312
* bsc#1225739
* bsc#1225819
* bsc#1226325
* bsc#1227471
* bsc#1228573
* bsc#1228786
* bsc#1231353

Cross-References:

* CVE-2021-47598
* CVE-2023-52752
* CVE-2023-52846
* CVE-2024-26923
* CVE-2024-35861
* CVE-2024-35862
* CVE-2024-35864
* CVE-2024-35950
* CVE-2024-36899
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059

CVSS scores:

* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves 12 vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_122 fixes several issues.

The following security issues were fixed:

* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).
* Intermittent nfs mount failures (may be due to SUNRPC over UDP)
(bsc#1231353)
* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3780=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3780=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_122-default-5-150400.9.6.1
* kernel-livepatch-SLE15-SP4_Update_27-debugsource-5-150400.9.6.1
* kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-5-150400.9.6.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_122-default-5-150400.9.6.1
* kernel-livepatch-SLE15-SP4_Update_27-debugsource-5-150400.9.6.1
* kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-5-150400.9.6.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1227471
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786
* https://bugzilla.suse.com/show_bug.cgi?id=1231353



SUSE-SU-2024:3783-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3)

Announcement ID: SUSE-SU-2024:3783-1
Release Date: 2024-10-30T04:33:44Z
Rating: important
References:

* bsc#1225309
* bsc#1225311
* bsc#1225819
* bsc#1227471

Cross-References:

* CVE-2021-47598
* CVE-2023-52752
* CVE-2024-35862
* CVE-2024-35864

CVSS scores:

* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_150 fixes several issues.

The following security issues were fixed:

* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-3784=1 SUSE-2024-3783=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3784=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2024-3783=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_138-default-15-150300.2.1
* kernel-livepatch-5_3_18-150300_59_150-default-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_150-default-debuginfo-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_138-default-debuginfo-15-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_37-debugsource-15-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_41-debugsource-12-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_138-preempt-debuginfo-15-150300.2.1
* kernel-livepatch-5_3_18-150300_59_138-preempt-15-150300.2.1
* kernel-livepatch-5_3_18-150300_59_150-preempt-debuginfo-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_150-preempt-12-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_138-default-15-150300.2.1
* kernel-livepatch-5_3_18-150300_59_150-default-12-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1227471



SUSE-SU-2024:3814-1: important: Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP3)

Announcement ID: SUSE-SU-2024:3814-1
Release Date: 2024-10-30T17:03:47Z
Rating: important
References:

* bsc#1210619
* bsc#1220145
* bsc#1220537
* bsc#1221302
* bsc#1223059
* bsc#1223363
* bsc#1223514
* bsc#1223683
* bsc#1225013
* bsc#1225202
* bsc#1225211
* bsc#1225302
* bsc#1225309
* bsc#1225310
* bsc#1225311
* bsc#1225312
* bsc#1225819
* bsc#1226325
* bsc#1227471
* bsc#1227651
* bsc#1228573

Cross-References:

* CVE-2021-46955
* CVE-2021-47291
* CVE-2021-47378
* CVE-2021-47383
* CVE-2021-47402
* CVE-2021-47598
* CVE-2022-48651
* CVE-2023-1829
* CVE-2023-52752
* CVE-2024-23307
* CVE-2024-26610
* CVE-2024-26828
* CVE-2024-26852
* CVE-2024-26923
* CVE-2024-27398
* CVE-2024-35861
* CVE-2024-35862
* CVE-2024-35864
* CVE-2024-35950
* CVE-2024-36964
* CVE-2024-41059

CVSS scores:

* CVE-2021-46955 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47378 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47383 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47402 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves 21 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_158 fixes several issues.

The following security issues were fixed:

* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).
* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2021-47291: ipv6: fix another slab-out-of-bounds in
fib6_nh_flush_exceptions (bsc#1227651).
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301)
* CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free
(bsc#1225202).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).
* CVE-2021-47383: Fixed out-of-bound vmalloc access in imageblit
(bsc#1225211).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
* CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when
fragmenting IPv4 packets (bsc#1220537).
* CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86
and ARM md, raid, raid5 modules (bsc#1220145).
* CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify()
(bsc#1223059).
* CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302).
* CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset
skb->mac_header (bsc#1223514).
* CVE-2023-1829: Fixed a use-after-free vulnerability in the control index
filter (tcindex) (bsc#1210619).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-3814=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3814=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_158-default-debuginfo-8-150300.7.6.1
* kernel-livepatch-5_3_18-150300_59_158-default-8-150300.7.6.1
* kernel-livepatch-SLE15-SP3_Update_43-debugsource-8-150300.7.6.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_158-preempt-8-150300.7.6.1
* kernel-livepatch-5_3_18-150300_59_158-preempt-debuginfo-8-150300.7.6.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_158-default-8-150300.7.6.1

## References:

* https://www.suse.com/security/cve/CVE-2021-46955.html
* https://www.suse.com/security/cve/CVE-2021-47291.html
* https://www.suse.com/security/cve/CVE-2021-47378.html
* https://www.suse.com/security/cve/CVE-2021-47383.html
* https://www.suse.com/security/cve/CVE-2021-47402.html
* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2022-48651.html
* https://www.suse.com/security/cve/CVE-2023-1829.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2024-23307.html
* https://www.suse.com/security/cve/CVE-2024-26610.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26852.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1210619
* https://bugzilla.suse.com/show_bug.cgi?id=1220145
* https://bugzilla.suse.com/show_bug.cgi?id=1220537
* https://bugzilla.suse.com/show_bug.cgi?id=1221302
* https://bugzilla.suse.com/show_bug.cgi?id=1223059
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223514
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225202
* https://bugzilla.suse.com/show_bug.cgi?id=1225211
* https://bugzilla.suse.com/show_bug.cgi?id=1225302
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1227471
* https://bugzilla.suse.com/show_bug.cgi?id=1227651
* https://bugzilla.suse.com/show_bug.cgi?id=1228573



SUSE-SU-2024:3815-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP4)

Announcement ID: SUSE-SU-2024:3815-1
Release Date: 2024-10-30T17:03:57Z
Rating: important
References:

* bsc#1220145
* bsc#1220832
* bsc#1221302
* bsc#1222685
* bsc#1222882
* bsc#1223059
* bsc#1223363
* bsc#1223514
* bsc#1223521
* bsc#1223681
* bsc#1223683
* bsc#1225011
* bsc#1225012
* bsc#1225013
* bsc#1225099
* bsc#1225309
* bsc#1225310
* bsc#1225311
* bsc#1225312
* bsc#1225313
* bsc#1225739
* bsc#1225819
* bsc#1226325
* bsc#1226327
* bsc#1227471
* bsc#1228573
* bsc#1228786
* bsc#1231353

Cross-References:

* CVE-2021-47598
* CVE-2022-48651
* CVE-2022-48662
* CVE-2023-52502
* CVE-2023-52752
* CVE-2023-52846
* CVE-2023-6546
* CVE-2024-23307
* CVE-2024-26610
* CVE-2024-26766
* CVE-2024-26828
* CVE-2024-26852
* CVE-2024-26923
* CVE-2024-26930
* CVE-2024-27398
* CVE-2024-35817
* CVE-2024-35861
* CVE-2024-35862
* CVE-2024-35863
* CVE-2024-35864
* CVE-2024-35867
* CVE-2024-35905
* CVE-2024-35950
* CVE-2024-36899
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059

CVSS scores:

* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-26766 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves 27 vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_111 fixes several issues.

The following security issues were fixed:

* CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327).
* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break()
(bsc#1225011).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).
* Intermittent nfs mount failures (may be due to SUNRPC over UDP)
(bsc#1231353)
* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2022-48662: Fixed a general protection fault (GPF) in
i915_perf_open_ioctl (bsc#1223521).
* CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
* CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86
and ARM md, raid, raid5 modules (bsc#1220145).
* CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify()
(bsc#1223059).
* CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302).
* CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset
skb->mac_header (bsc#1223514).
* CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs()
(bsc#1222882).
* CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and
nfc_llcp_sock_get_sn() (bsc#1220832).
* CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via
the GSMIOC_SETCONF ioctl that could lead to local privilege escalation
(bsc#1222685).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3815=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3815=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_24-debugsource-8-150400.9.6.1
* kernel-livepatch-5_14_21-150400_24_111-default-8-150400.9.6.1
* kernel-livepatch-5_14_21-150400_24_111-default-debuginfo-8-150400.9.6.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_24-debugsource-8-150400.9.6.1
* kernel-livepatch-5_14_21-150400_24_111-default-8-150400.9.6.1
* kernel-livepatch-5_14_21-150400_24_111-default-debuginfo-8-150400.9.6.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2022-48651.html
* https://www.suse.com/security/cve/CVE-2022-48662.html
* https://www.suse.com/security/cve/CVE-2023-52502.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2023-6546.html
* https://www.suse.com/security/cve/CVE-2024-23307.html
* https://www.suse.com/security/cve/CVE-2024-26610.html
* https://www.suse.com/security/cve/CVE-2024-26766.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26852.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-26930.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35817.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35863.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://www.suse.com/security/cve/CVE-2024-35867.html
* https://www.suse.com/security/cve/CVE-2024-35905.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1220145
* https://bugzilla.suse.com/show_bug.cgi?id=1220832
* https://bugzilla.suse.com/show_bug.cgi?id=1221302
* https://bugzilla.suse.com/show_bug.cgi?id=1222685
* https://bugzilla.suse.com/show_bug.cgi?id=1222882
* https://bugzilla.suse.com/show_bug.cgi?id=1223059
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223514
* https://bugzilla.suse.com/show_bug.cgi?id=1223521
* https://bugzilla.suse.com/show_bug.cgi?id=1223681
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225011
* https://bugzilla.suse.com/show_bug.cgi?id=1225012
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225313
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1226327
* https://bugzilla.suse.com/show_bug.cgi?id=1227471
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786
* https://bugzilla.suse.com/show_bug.cgi?id=1231353



SUSE-SU-2024:3824-1: important: Security update for the Linux Kernel RT (Live Patch 9 for SLE 15 SP5)


# Security update for the Linux Kernel RT (Live Patch 9 for SLE 15 SP5)

Announcement ID: SUSE-SU-2024:3824-1
Release Date: 2024-10-30T18:33:52Z
Rating: important
References:

* bsc#1225011
* bsc#1225012
* bsc#1225309
* bsc#1225311
* bsc#1225819
* bsc#1226327
* bsc#1227471

Cross-References:

* CVE-2021-47598
* CVE-2023-52752
* CVE-2024-35862
* CVE-2024-35863
* CVE-2024-35864
* CVE-2024-35867
* CVE-2024-35905

CVSS scores:

* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_13_30 fixes several issues.

The following security issues were fixed:

* CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327).
* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break()
(bsc#1225011).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3825=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2024-3826=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2024-3827=1 SUSE-SLE-Module-Live-Patching-15-SP5-2024-3828=1
SUSE-SLE-Module-Live-Patching-15-SP5-2024-3824=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-3826=1 SUSE-2024-3827=1 SUSE-2024-3828=1
SUSE-2024-3824=1 SUSE-2024-3825=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* kernel-livepatch-SLE15-SP5-RT_Update_7-debugsource-14-150500.2.1
* kernel-livepatch-5_14_21-150500_13_30-rt-debuginfo-12-150500.2.1
* kernel-livepatch-5_14_21-150500_13_30-rt-12-150500.2.1
* kernel-livepatch-SLE15-SP5-RT_Update_5-debugsource-15-150500.2.1
* kernel-livepatch-5_14_21-150500_13_18-rt-debuginfo-15-150500.2.1
* kernel-livepatch-5_14_21-150500_13_24-rt-14-150500.2.1
* kernel-livepatch-5_14_21-150500_13_21-rt-14-150500.2.1
* kernel-livepatch-SLE15-SP5-RT_Update_9-debugsource-12-150500.2.1
* kernel-livepatch-5_14_21-150500_13_27-rt-13-150500.2.1
* kernel-livepatch-SLE15-SP5-RT_Update_8-debugsource-13-150500.2.1
* kernel-livepatch-5_14_21-150500_13_21-rt-debuginfo-14-150500.2.1
* kernel-livepatch-5_14_21-150500_13_27-rt-debuginfo-13-150500.2.1
* kernel-livepatch-5_14_21-150500_13_24-rt-debuginfo-14-150500.2.1
* kernel-livepatch-SLE15-SP5-RT_Update_6-debugsource-14-150500.2.1
* kernel-livepatch-5_14_21-150500_13_18-rt-15-150500.2.1
* openSUSE Leap 15.5 (x86_64)
* kernel-livepatch-SLE15-SP5-RT_Update_7-debugsource-14-150500.2.1
* kernel-livepatch-5_14_21-150500_13_30-rt-debuginfo-12-150500.2.1
* kernel-livepatch-5_14_21-150500_13_30-rt-12-150500.2.1
* kernel-livepatch-SLE15-SP5-RT_Update_5-debugsource-15-150500.2.1
* kernel-livepatch-5_14_21-150500_13_18-rt-debuginfo-15-150500.2.1
* kernel-livepatch-5_14_21-150500_13_24-rt-14-150500.2.1
* kernel-livepatch-5_14_21-150500_13_21-rt-14-150500.2.1
* kernel-livepatch-SLE15-SP5-RT_Update_9-debugsource-12-150500.2.1
* kernel-livepatch-5_14_21-150500_13_27-rt-13-150500.2.1
* kernel-livepatch-SLE15-SP5-RT_Update_8-debugsource-13-150500.2.1
* kernel-livepatch-5_14_21-150500_13_21-rt-debuginfo-14-150500.2.1
* kernel-livepatch-5_14_21-150500_13_27-rt-debuginfo-13-150500.2.1
* kernel-livepatch-5_14_21-150500_13_24-rt-debuginfo-14-150500.2.1
* kernel-livepatch-SLE15-SP5-RT_Update_6-debugsource-14-150500.2.1
* kernel-livepatch-5_14_21-150500_13_18-rt-15-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35863.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://www.suse.com/security/cve/CVE-2024-35867.html
* https://www.suse.com/security/cve/CVE-2024-35905.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225011
* https://bugzilla.suse.com/show_bug.cgi?id=1225012
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1226327
* https://bugzilla.suse.com/show_bug.cgi?id=1227471



SUSE-SU-2024:3829-1: important: Security update for the Linux Kernel RT (Live Patch 10 for SLE 15 SP5)


# Security update for the Linux Kernel RT (Live Patch 10 for SLE 15 SP5)

Announcement ID: SUSE-SU-2024:3829-1
Release Date: 2024-10-30T18:33:58Z
Rating: important
References:

* bsc#1219296
* bsc#1220145
* bsc#1220211
* bsc#1220828
* bsc#1220832
* bsc#1221302
* bsc#1222685
* bsc#1222882
* bsc#1223059
* bsc#1223363
* bsc#1223514
* bsc#1223521
* bsc#1223681
* bsc#1223683
* bsc#1225011
* bsc#1225012
* bsc#1225013
* bsc#1225099
* bsc#1225309
* bsc#1225310
* bsc#1225311
* bsc#1225312
* bsc#1225313
* bsc#1225739
* bsc#1225819
* bsc#1226325
* bsc#1226327
* bsc#1227471
* bsc#1228573
* bsc#1228786

Cross-References:

* CVE-2021-47598
* CVE-2022-48651
* CVE-2022-48662
* CVE-2023-52340
* CVE-2023-52502
* CVE-2023-52752
* CVE-2023-52846
* CVE-2023-6546
* CVE-2024-23307
* CVE-2024-26585
* CVE-2024-26610
* CVE-2024-26622
* CVE-2024-26766
* CVE-2024-26828
* CVE-2024-26852
* CVE-2024-26923
* CVE-2024-26930
* CVE-2024-27398
* CVE-2024-35817
* CVE-2024-35861
* CVE-2024-35862
* CVE-2024-35863
* CVE-2024-35864
* CVE-2024-35867
* CVE-2024-35905
* CVE-2024-35950
* CVE-2024-36899
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059

CVSS scores:

* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52340 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26585 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-26622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26766 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves 30 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_13_35 fixes several issues.

The following security issues were fixed:

* CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327).
* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break()
(bsc#1225011).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).
* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2022-48662: Fixed a general protection fault (GPF) in
i915_perf_open_ioctl (bsc#1223521).
* CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
* CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86
and ARM md, raid, raid5 modules (bsc#1220145).
* CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify()
(bsc#1223059).
* CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302).
* CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset
skb->mac_header (bsc#1223514).
* CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs()
(bsc#1222882).
* CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and
nfc_llcp_sock_get_sn() (bsc#1220832).
* CVE-2024-26585: Fixed race between tx work scheduling and socket close
(bsc#1220211).
* CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via
the GSMIOC_SETCONF ioctl that could lead to local privilege escalation
(bsc#1222685).
* CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828).
* CVE-2023-52340: Fixed a denial of service related to ICMPv6 'Packet Too Big'
packets (bsc#1219296).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3829=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-3829=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_35-rt-10-150500.11.8.1
* kernel-livepatch-5_14_21-150500_13_35-rt-debuginfo-10-150500.11.8.1
* kernel-livepatch-SLE15-SP5-RT_Update_10-debugsource-10-150500.11.8.1
* openSUSE Leap 15.5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_35-rt-10-150500.11.8.1
* kernel-livepatch-5_14_21-150500_13_35-rt-debuginfo-10-150500.11.8.1
* kernel-livepatch-SLE15-SP5-RT_Update_10-debugsource-10-150500.11.8.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2022-48651.html
* https://www.suse.com/security/cve/CVE-2022-48662.html
* https://www.suse.com/security/cve/CVE-2023-52340.html
* https://www.suse.com/security/cve/CVE-2023-52502.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2023-6546.html
* https://www.suse.com/security/cve/CVE-2024-23307.html
* https://www.suse.com/security/cve/CVE-2024-26585.html
* https://www.suse.com/security/cve/CVE-2024-26610.html
* https://www.suse.com/security/cve/CVE-2024-26622.html
* https://www.suse.com/security/cve/CVE-2024-26766.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26852.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-26930.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35817.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35863.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://www.suse.com/security/cve/CVE-2024-35867.html
* https://www.suse.com/security/cve/CVE-2024-35905.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219296
* https://bugzilla.suse.com/show_bug.cgi?id=1220145
* https://bugzilla.suse.com/show_bug.cgi?id=1220211
* https://bugzilla.suse.com/show_bug.cgi?id=1220828
* https://bugzilla.suse.com/show_bug.cgi?id=1220832
* https://bugzilla.suse.com/show_bug.cgi?id=1221302
* https://bugzilla.suse.com/show_bug.cgi?id=1222685
* https://bugzilla.suse.com/show_bug.cgi?id=1222882
* https://bugzilla.suse.com/show_bug.cgi?id=1223059
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223514
* https://bugzilla.suse.com/show_bug.cgi?id=1223521
* https://bugzilla.suse.com/show_bug.cgi?id=1223681
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225011
* https://bugzilla.suse.com/show_bug.cgi?id=1225012
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225313
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1226327
* https://bugzilla.suse.com/show_bug.cgi?id=1227471
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786



SUSE-SU-2024:3830-1: important: Security update for the Linux Kernel RT (Live Patch 13 for SLE 15 SP5)


# Security update for the Linux Kernel RT (Live Patch 13 for SLE 15 SP5)

Announcement ID: SUSE-SU-2024:3830-1
Release Date: 2024-10-30T18:34:04Z
Rating: important
References:

* bsc#1221302
* bsc#1223059
* bsc#1223363
* bsc#1223514
* bsc#1223521
* bsc#1223683
* bsc#1225011
* bsc#1225012
* bsc#1225013
* bsc#1225099
* bsc#1225309
* bsc#1225310
* bsc#1225311
* bsc#1225312
* bsc#1225739
* bsc#1225819
* bsc#1226325
* bsc#1226327
* bsc#1227471
* bsc#1228573
* bsc#1228786

Cross-References:

* CVE-2021-47598
* CVE-2022-48651
* CVE-2022-48662
* CVE-2023-52752
* CVE-2023-52846
* CVE-2024-26610
* CVE-2024-26828
* CVE-2024-26852
* CVE-2024-26923
* CVE-2024-27398
* CVE-2024-35861
* CVE-2024-35862
* CVE-2024-35863
* CVE-2024-35864
* CVE-2024-35867
* CVE-2024-35905
* CVE-2024-35950
* CVE-2024-36899
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059

CVSS scores:

* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves 21 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_13_47 fixes several issues.

The following security issues were fixed:

* CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327).
* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break()
(bsc#1225011).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).
* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2022-48662: Fixed a general protection fault (GPF) in
i915_perf_open_ioctl (bsc#1223521).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
* CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify()
(bsc#1223059).
* CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302).
* CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset
skb->mac_header (bsc#1223514).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-3830=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3830=1

## Package List:

* openSUSE Leap 15.5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_47-rt-8-150500.11.6.1
* kernel-livepatch-5_14_21-150500_13_47-rt-debuginfo-8-150500.11.6.1
* kernel-livepatch-SLE15-SP5-RT_Update_13-debugsource-8-150500.11.6.1
* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_47-rt-8-150500.11.6.1
* kernel-livepatch-5_14_21-150500_13_47-rt-debuginfo-8-150500.11.6.1
* kernel-livepatch-SLE15-SP5-RT_Update_13-debugsource-8-150500.11.6.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2022-48651.html
* https://www.suse.com/security/cve/CVE-2022-48662.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2024-26610.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26852.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35863.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://www.suse.com/security/cve/CVE-2024-35867.html
* https://www.suse.com/security/cve/CVE-2024-35905.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1221302
* https://bugzilla.suse.com/show_bug.cgi?id=1223059
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223514
* https://bugzilla.suse.com/show_bug.cgi?id=1223521
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225011
* https://bugzilla.suse.com/show_bug.cgi?id=1225012
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1226327
* https://bugzilla.suse.com/show_bug.cgi?id=1227471
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786



SUSE-SU-2024:3833-1: important: Security update for the Linux Kernel RT (Live Patch 16 for SLE 15 SP5)


# Security update for the Linux Kernel RT (Live Patch 16 for SLE 15 SP5)

Announcement ID: SUSE-SU-2024:3833-1
Release Date: 2024-10-30T18:34:21Z
Rating: important
References:

* bsc#1223683
* bsc#1225099
* bsc#1225739
* bsc#1225819
* bsc#1227471
* bsc#1228349
* bsc#1228573
* bsc#1228786

Cross-References:

* CVE-2021-47598
* CVE-2023-52752
* CVE-2023-52846
* CVE-2024-26923
* CVE-2024-36899
* CVE-2024-40909
* CVE-2024-40954
* CVE-2024-41059

CVSS scores:

* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40909 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_13_58 fixes several issues.

The following security issues were fixed:

* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free()
(bsc#1228349).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3833=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-3833=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_58-rt-5-150500.11.6.1
* kernel-livepatch-5_14_21-150500_13_58-rt-debuginfo-5-150500.11.6.1
* kernel-livepatch-SLE15-SP5-RT_Update_16-debugsource-5-150500.11.6.1
* openSUSE Leap 15.5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_58-rt-5-150500.11.6.1
* kernel-livepatch-5_14_21-150500_13_58-rt-debuginfo-5-150500.11.6.1
* kernel-livepatch-SLE15-SP5-RT_Update_16-debugsource-5-150500.11.6.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-40909.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1227471
* https://bugzilla.suse.com/show_bug.cgi?id=1228349
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786



SUSE-SU-2024:3831-1: important: Security update for the Linux Kernel RT (Live Patch 15 for SLE 15 SP5)


# Security update for the Linux Kernel RT (Live Patch 15 for SLE 15 SP5)

Announcement ID: SUSE-SU-2024:3831-1
Release Date: 2024-10-30T18:34:15Z
Rating: important
References:

* bsc#1223363
* bsc#1223683
* bsc#1225011
* bsc#1225012
* bsc#1225013
* bsc#1225099
* bsc#1225309
* bsc#1225311
* bsc#1225312
* bsc#1225739
* bsc#1225819
* bsc#1226325
* bsc#1226327
* bsc#1227471
* bsc#1228573
* bsc#1228786

Cross-References:

* CVE-2021-47598
* CVE-2023-52752
* CVE-2023-52846
* CVE-2024-26828
* CVE-2024-26923
* CVE-2024-27398
* CVE-2024-35861
* CVE-2024-35862
* CVE-2024-35863
* CVE-2024-35864
* CVE-2024-35867
* CVE-2024-35905
* CVE-2024-36899
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059

CVSS scores:

* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves 16 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_13_55 fixes several issues.

The following security issues were fixed:

* CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327).
* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break()
(bsc#1225011).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).
* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-3831=1 SUSE-2024-3832=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3831=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2024-3832=1

## Package List:

* openSUSE Leap 15.5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_55-rt-debuginfo-6-150500.11.6.1
* kernel-livepatch-SLE15-SP5-RT_Update_15-debugsource-6-150500.11.6.1
* kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo-6-150500.11.8.1
* kernel-livepatch-5_14_21-150500_13_55-rt-6-150500.11.6.1
* kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource-6-150500.11.8.1
* kernel-livepatch-5_14_21-150500_13_52-rt-6-150500.11.8.1
* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_55-rt-debuginfo-6-150500.11.6.1
* kernel-livepatch-SLE15-SP5-RT_Update_15-debugsource-6-150500.11.6.1
* kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo-6-150500.11.8.1
* kernel-livepatch-5_14_21-150500_13_55-rt-6-150500.11.6.1
* kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource-6-150500.11.8.1
* kernel-livepatch-5_14_21-150500_13_52-rt-6-150500.11.8.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35863.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://www.suse.com/security/cve/CVE-2024-35867.html
* https://www.suse.com/security/cve/CVE-2024-35905.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225011
* https://bugzilla.suse.com/show_bug.cgi?id=1225012
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1226327
* https://bugzilla.suse.com/show_bug.cgi?id=1227471
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786



SUSE-SU-2024:3837-1: important: Security update for the Linux Kernel RT (Live Patch 11 for SLE 15 SP5)


# Security update for the Linux Kernel RT (Live Patch 11 for SLE 15 SP5)

Announcement ID: SUSE-SU-2024:3837-1
Release Date: 2024-10-30T19:03:55Z
Rating: important
References:

* bsc#1220145
* bsc#1220832
* bsc#1221302
* bsc#1222685
* bsc#1223059
* bsc#1223363
* bsc#1223514
* bsc#1223521
* bsc#1223681
* bsc#1223683
* bsc#1225011
* bsc#1225012
* bsc#1225013
* bsc#1225099
* bsc#1225309
* bsc#1225310
* bsc#1225311
* bsc#1225312
* bsc#1225313
* bsc#1225739
* bsc#1225819
* bsc#1226325
* bsc#1226327
* bsc#1227471
* bsc#1228573
* bsc#1228786

Cross-References:

* CVE-2021-47598
* CVE-2022-48651
* CVE-2022-48662
* CVE-2023-52502
* CVE-2023-52752
* CVE-2023-52846
* CVE-2023-6546
* CVE-2024-23307
* CVE-2024-26610
* CVE-2024-26828
* CVE-2024-26852
* CVE-2024-26923
* CVE-2024-26930
* CVE-2024-27398
* CVE-2024-35817
* CVE-2024-35861
* CVE-2024-35862
* CVE-2024-35863
* CVE-2024-35864
* CVE-2024-35867
* CVE-2024-35905
* CVE-2024-35950
* CVE-2024-36899
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059

CVSS scores:

* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves 26 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_13_38 fixes several issues.

The following security issues were fixed:

* CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327).
* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break()
(bsc#1225011).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).
* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2022-48662: Fixed a general protection fault (GPF) in
i915_perf_open_ioctl (bsc#1223521).
* CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
* CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86
and ARM md, raid, raid5 modules (bsc#1220145).
* CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify()
(bsc#1223059).
* CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221302).
* CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset
skb->mac_header (bsc#1223514).
* CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and
nfc_llcp_sock_get_sn() (bsc#1220832).
* CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via
the GSMIOC_SETCONF ioctl that could lead to local privilege escalation
(bsc#1222685).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-3837=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3837=1

## Package List:

* openSUSE Leap 15.5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_38-rt-debuginfo-8-150500.11.6.1
* kernel-livepatch-5_14_21-150500_13_38-rt-8-150500.11.6.1
* kernel-livepatch-SLE15-SP5-RT_Update_11-debugsource-8-150500.11.6.1
* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_38-rt-debuginfo-8-150500.11.6.1
* kernel-livepatch-5_14_21-150500_13_38-rt-8-150500.11.6.1
* kernel-livepatch-SLE15-SP5-RT_Update_11-debugsource-8-150500.11.6.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2022-48651.html
* https://www.suse.com/security/cve/CVE-2022-48662.html
* https://www.suse.com/security/cve/CVE-2023-52502.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2023-6546.html
* https://www.suse.com/security/cve/CVE-2024-23307.html
* https://www.suse.com/security/cve/CVE-2024-26610.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26852.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-26930.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35817.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35863.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://www.suse.com/security/cve/CVE-2024-35867.html
* https://www.suse.com/security/cve/CVE-2024-35905.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1220145
* https://bugzilla.suse.com/show_bug.cgi?id=1220832
* https://bugzilla.suse.com/show_bug.cgi?id=1221302
* https://bugzilla.suse.com/show_bug.cgi?id=1222685
* https://bugzilla.suse.com/show_bug.cgi?id=1223059
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223514
* https://bugzilla.suse.com/show_bug.cgi?id=1223521
* https://bugzilla.suse.com/show_bug.cgi?id=1223681
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225011
* https://bugzilla.suse.com/show_bug.cgi?id=1225012
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225313
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1226327
* https://bugzilla.suse.com/show_bug.cgi?id=1227471
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786



SUSE-SU-2024:3836-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4)

Announcement ID: SUSE-SU-2024:3836-1
Release Date: 2024-10-30T19:03:45Z
Rating: important
References:

* bsc#1227471
* bsc#1228573
* bsc#1228786
* bsc#1231353

Cross-References:

* CVE-2021-47598
* CVE-2024-40954
* CVE-2024-41059

CVSS scores:

* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves three vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_125 fixes several issues.

The following security issues were fixed:

* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* Intermittent nfs mount failures (may be due to SUNRPC over UDP)
(bsc#1231353)
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3836=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3836=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_125-default-3-150400.9.6.1
* kernel-livepatch-SLE15-SP4_Update_28-debugsource-3-150400.9.6.1
* kernel-livepatch-5_14_21-150400_24_125-default-debuginfo-3-150400.9.6.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_125-default-3-150400.9.6.1
* kernel-livepatch-SLE15-SP4_Update_28-debugsource-3-150400.9.6.1
* kernel-livepatch-5_14_21-150400_24_125-default-debuginfo-3-150400.9.6.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1227471
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786
* https://bugzilla.suse.com/show_bug.cgi?id=1231353



openSUSE-SU-2024:0342-1: moderate: Security update for lxc


openSUSE Security Update: Security update for lxc
_______________________________

Announcement ID: openSUSE-SU-2024:0342-1
Rating: moderate
References: #1204842 #1206779
Cross-References: CVE-2022-47952
CVSS scores:
CVE-2022-47952 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Affected Products:
openSUSE Backports SLE-15-SP5
openSUSE Backports SLE-15-SP6
_______________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for lxc fixes the following issues:

lxc was updated to 6.0.2:

The LXC team is pleased to announce the release of LXC 6.0.2! This is
the second bugfix release for LXC 6.0 which is supported until June 2029.

As usual this bugfix releases focus on stability and hardening.

* Some of the highlights for this release are:

- Reduced log level on some common messages
- Fix compilation error on aarch64

* Detailed changelog

- Remove unused function
- idmap: Lower logging level of newXidmap tools to INFO
- Exit 0 when there's no error
- doc: Fix definitions of get_config_path and set_config_path
- README: Update security contact
- fix possible clang compile error in AARCH

Update to 6.0.1:

The LXC team is pleased to announce the release of LXC 6.0.1! This is
the first bugfix release for LXC 6.0 which is supported until June 2029.

As usual this bugfix releases focus on stability and hardening.

* Highlights

- Fixed some build tooling issues
- Fixed startup failures on system without IPv6 support
- Updated AppArmor rules to avoid potential warnings

Update to 6.0.0:

The LXC team is pleased to announce the release of LXC 6.0 LTS! This is
the result of two years of work since the LXC 5.0 release and is the sixth
LTS release for the LXC project. This release will be supported until June
2029.

* New multi-call binaryƂĀ¶

A new tools-multicall=true configuration option can be used to produce
a single lxc binary which can then have all other lxc-XYZ commands be
symlinked to. This allows for a massive disk space reduction, particularly
useful for embedded platforms.

* Add a set_timeout function to the library

A new set_timeout function is available on the main lxc_container
struct and allow for setting a global timeout for interactions with the
LXC monitor. Prior to this, there was no timeout, leading to potential
deadlocks as there's also no way to cancel an monitor request. As a result
of adding this new symbol to the library, we have bumped the liblxc symbol
version to 1.8.0.

* LXC bridge now has IPV6 enabled

The default lxcbr0 bridge now comes with IPv6 enabled by default,
using an IPv6 ULA subnet. Support for uid/gid selection in lxc-usernsexec
The lxc-usernsexec tool now has both -u and -g options to control what
resulting UID and GID (respectively) the user wishes to use (defaulting to
0/0).

* Improvements to lxc-checkconfig

lxc-checkconfig now only shows the version if lxc-start is present
(rather than failing). Additionally, it's seen a number of other cosmetic
improvements as well as now listing the maximum number of allowed
namespaces for every namespace type.

* Support for squashfs OCI images

The built-in oci container template can now handle squashfs compressed
OCI images through the use of atomfs.

* Switched from systemd's dbus to dbus-1

LXC now uses libdbus-1 for DBus interactions with systemd rather than
using libsystemd. The reason for this change is that libdbus-1 is readily
available for static builds.

* Removed Upstart support

Support for the Upstart init system has finally been removed from LXC.
This shouldn't really affect anyone at this stage and allowed for cleaning
up some logic and config files from our repository.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2024-342=1

- openSUSE Backports SLE-15-SP5:

zypper in -t patch openSUSE-2024-342=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

liblxc-devel-6.0.2-bp156.2.3.1
liblxc1-6.0.2-bp156.2.3.1
lxc-6.0.2-bp156.2.3.1
pam_cgfs-6.0.2-bp156.2.3.1

- openSUSE Backports SLE-15-SP6 (noarch):

lxc-bash-completion-6.0.2-bp156.2.3.1
lxc-ja-doc-6.0.2-bp156.2.3.1
lxc-ko-doc-6.0.2-bp156.2.3.1

- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):

liblxc-devel-6.0.2-bp155.4.3.1
liblxc1-6.0.2-bp155.4.3.1
liblxc1-debuginfo-6.0.2-bp155.4.3.1
lxc-6.0.2-bp155.4.3.1
lxc-debuginfo-6.0.2-bp155.4.3.1
lxc-debugsource-6.0.2-bp155.4.3.1
pam_cgfs-6.0.2-bp155.4.3.1
pam_cgfs-debuginfo-6.0.2-bp155.4.3.1

- openSUSE Backports SLE-15-SP5 (noarch):

lxc-bash-completion-6.0.2-bp155.4.3.1
lxc-ja-doc-6.0.2-bp155.4.3.1
lxc-ko-doc-6.0.2-bp155.4.3.1

References:

https://www.suse.com/security/cve/CVE-2022-47952.html
https://bugzilla.suse.com/1204842
https://bugzilla.suse.com/1206779



openSUSE-SU-2024:0343-1: moderate: Security update for Botan


openSUSE Security Update: Security update for Botan
_______________________________

Announcement ID: openSUSE-SU-2024:0343-1
Rating: moderate
References: #1232296 #1232297 #1232300 #1232301
Cross-References: CVE-2024-50382 CVE-2024-50383
CVSS scores:
CVE-2024-50382 (SUSE): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVE-2024-50383 (SUSE): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:
openSUSE Backports SLE-15-SP5
openSUSE Backports SLE-15-SP6
_______________________________

An update that solves two vulnerabilities and has two fixes
is now available.

Description:

This update for Botan fixes the following issues:

- Fixed CVE-2024-50382, CVE-2024-50383 - various compiler-induced side
channel in GHASH when certain LLVM/GCC versions are used to compile
Botan.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2024-343=1

- openSUSE Backports SLE-15-SP5:

zypper in -t patch openSUSE-2024-343=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

Botan-2.19.5-bp156.3.6.1
Botan-debuginfo-2.19.5-bp156.3.6.1
Botan-debugsource-2.19.5-bp156.3.6.1
libbotan-2-19-2.19.5-bp156.3.6.1
libbotan-2-19-debuginfo-2.19.5-bp156.3.6.1
libbotan-devel-2.19.5-bp156.3.6.1
python3-botan-2.19.5-bp156.3.6.1

- openSUSE Backports SLE-15-SP6 (aarch64_ilp32):

libbotan-2-19-64bit-2.19.5-bp156.3.6.1
libbotan-2-19-64bit-debuginfo-2.19.5-bp156.3.6.1
libbotan-devel-64bit-2.19.5-bp156.3.6.1

- openSUSE Backports SLE-15-SP6 (x86_64):

libbotan-2-19-32bit-2.19.5-bp156.3.6.1
libbotan-2-19-32bit-debuginfo-2.19.5-bp156.3.6.1
libbotan-devel-32bit-2.19.5-bp156.3.6.1

- openSUSE Backports SLE-15-SP6 (noarch):

Botan-doc-2.19.5-bp156.3.6.1

- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):

Botan-2.19.5-bp155.2.6.1
libbotan-2-19-2.19.5-bp155.2.6.1
libbotan-devel-2.19.5-bp155.2.6.1
python3-botan-2.19.5-bp155.2.6.1

- openSUSE Backports SLE-15-SP5 (aarch64_ilp32):

libbotan-2-19-64bit-2.19.5-bp155.2.6.1
libbotan-devel-64bit-2.19.5-bp155.2.6.1

- openSUSE Backports SLE-15-SP5 (noarch):

Botan-doc-2.19.5-bp155.2.6.1

- openSUSE Backports SLE-15-SP5 (x86_64):

libbotan-2-19-32bit-2.19.5-bp155.2.6.1
libbotan-devel-32bit-2.19.5-bp155.2.6.1

References:

https://www.suse.com/security/cve/CVE-2024-50382.html
https://www.suse.com/security/cve/CVE-2024-50383.html
https://bugzilla.suse.com/1232296
https://bugzilla.suse.com/1232297
https://bugzilla.suse.com/1232300
https://bugzilla.suse.com/1232301



SUSE-SU-2024:3809-1: moderate: Security update for go1.21-openssl


# Security update for go1.21-openssl

Announcement ID: SUSE-SU-2024:3809-1
Release Date: 2024-10-30T15:08:02Z
Rating: moderate
References:

* bsc#1230252
* bsc#1230253
* bsc#1230254
* jsc#SLE-18320

Cross-References:

* CVE-2024-34155
* CVE-2024-34156
* CVE-2024-34158

CVSS scores:

* CVE-2024-34155 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-34156 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-34156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-34158 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-34158 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Development Tools Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves three vulnerabilities and contains one feature can now be
installed.

## Description:

This update for go1.21-openssl fixes the following issues:

* CVE-2024-34158: Fixed stack exhaustion in Parse in go/build/constraint
(bsc#1230254).
* CVE-2024-34156: Fixed stack exhaustion in Decoder.Decode in encoding/gob
(bsc#1230253).
* CVE-2024-34155: Fixed stack exhaustion in all Parse* functions
(bsc#1230252).

* Update to version 1.21.13.3 cut from the go1.21-fips-release
(jsc#SLE-18320).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3809=1

* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-3809=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* go1.21-openssl-doc-1.21.13.4-150000.1.14.1
* go1.21-openssl-1.21.13.4-150000.1.14.1
* go1.21-openssl-race-1.21.13.4-150000.1.14.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* go1.21-openssl-doc-1.21.13.4-150000.1.14.1
* go1.21-openssl-1.21.13.4-150000.1.14.1
* go1.21-openssl-race-1.21.13.4-150000.1.14.1

## References:

* https://www.suse.com/security/cve/CVE-2024-34155.html
* https://www.suse.com/security/cve/CVE-2024-34156.html
* https://www.suse.com/security/cve/CVE-2024-34158.html
* https://bugzilla.suse.com/show_bug.cgi?id=1230252
* https://bugzilla.suse.com/show_bug.cgi?id=1230253
* https://bugzilla.suse.com/show_bug.cgi?id=1230254
* https://jira.suse.com/browse/SLE-18320



SUSE-SU-2024:3811-1: moderate: Security update for govulncheck-vulndb


# Security update for govulncheck-vulndb

Announcement ID: SUSE-SU-2024:3811-1
Release Date: 2024-10-30T15:34:13Z
Rating: moderate
References:

* jsc#PED-11136

Affected Products:

* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP5
* SUSE Package Hub 15 15-SP6

An update that contains one feature can now be installed.

## Description:

This update for govulncheck-vulndb fixes the following issues:

* Update to version 0.0.20241028T152002 2024-10-28T15:20:02Z. Refs
jsc#PED-11136 Go CVE Numbering Authority IDs added or updated:
* GO-2024-3207
* GO-2024-3208
* GO-2024-3210
* GO-2024-3211
* GO-2024-3212
* GO-2024-3213
* GO-2024-3214
* GO-2024-3215
* GO-2024-3216
* GO-2024-3217
* GO-2024-3219
* GO-2024-3220
* GO-2024-3221
* GO-2024-3222
* GO-2024-3223
* GO-2024-3224

* Update to version 0.0.20241017T153730 date 2024-10-17T15:37:30Z. Go CVE
Numbering Authority IDs added or updated:

* GO-2024-3189
* GO-2024-3203
* GO-2024-3204

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3811=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3811=1

* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3811=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3811=1

## Package List:

* openSUSE Leap 15.5 (noarch)
* govulncheck-vulndb-0.0.20241028T152002-150000.1.6.1
* openSUSE Leap 15.6 (noarch)
* govulncheck-vulndb-0.0.20241028T152002-150000.1.6.1
* SUSE Package Hub 15 15-SP5 (noarch)
* govulncheck-vulndb-0.0.20241028T152002-150000.1.6.1
* SUSE Package Hub 15 15-SP6 (noarch)
* govulncheck-vulndb-0.0.20241028T152002-150000.1.6.1

## References:

* https://jira.suse.com/browse/PED-11136



SUSE-SU-2024:3810-1: moderate: Security update for python-Werkzeug


# Security update for python-Werkzeug

Announcement ID: SUSE-SU-2024:3810-1
Release Date: 2024-10-30T15:33:55Z
Rating: moderate
References:

* bsc#1232449

Cross-References:

* CVE-2024-49767

CVSS scores:

* CVE-2024-49767 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-49767 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-49767 ( NVD ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* Python 3 Module 15-SP5
* Python 3 Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for python-Werkzeug fixes the following issues:

* CVE-2024-49767: Fixed possible resource exhaustion when parsing file data in
forms (bsc#1232449).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3810=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3810=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3810=1

* Python 3 Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2024-3810=1

* Python 3 Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-3810=1

## Package List:

* openSUSE Leap 15.4 (noarch)
* python311-Werkzeug-2.3.6-150400.6.12.1
* openSUSE Leap 15.5 (noarch)
* python311-Werkzeug-2.3.6-150400.6.12.1
* openSUSE Leap 15.6 (noarch)
* python311-Werkzeug-2.3.6-150400.6.12.1
* Python 3 Module 15-SP5 (noarch)
* python311-Werkzeug-2.3.6-150400.6.12.1
* Python 3 Module 15-SP6 (noarch)
* python311-Werkzeug-2.3.6-150400.6.12.1

## References:

* https://www.suse.com/security/cve/CVE-2024-49767.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232449



SUSE-SU-2024:3805-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP4)

Announcement ID: SUSE-SU-2024:3805-1
Release Date: 2024-10-30T13:33:56Z
Rating: important
References:

* bsc#1225011
* bsc#1225012
* bsc#1225309
* bsc#1225311
* bsc#1225819
* bsc#1227471
* bsc#1231353

Cross-References:

* CVE-2021-47598
* CVE-2023-52752
* CVE-2024-35862
* CVE-2024-35863
* CVE-2024-35864
* CVE-2024-35867

CVSS scores:

* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves six vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_103 fixes several issues.

The following security issues were fixed:

* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break()
(bsc#1225011).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).
* Intermittent nfs mount failures (may be due to SUNRPC over UDP)
(bsc#1231353)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3805=1 SUSE-2024-3801=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3805=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2024-3801=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_88-default-debuginfo-15-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_18-debugsource-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_103-default-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_88-default-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_103-default-debuginfo-11-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_22-debugsource-11-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_88-default-debuginfo-15-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_18-debugsource-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_103-default-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_88-default-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_103-default-debuginfo-11-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_22-debugsource-11-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35863.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://www.suse.com/security/cve/CVE-2024-35867.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225011
* https://bugzilla.suse.com/show_bug.cgi?id=1225012
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1227471
* https://bugzilla.suse.com/show_bug.cgi?id=1231353



SUSE-SU-2024:3804-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP3)


# Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP3)

Announcement ID: SUSE-SU-2024:3804-1
Release Date: 2024-10-30T13:33:49Z
Rating: important
References:

* bsc#1225309
* bsc#1225311
* bsc#1225819
* bsc#1227471

Cross-References:

* CVE-2021-47598
* CVE-2023-52752
* CVE-2024-35862
* CVE-2024-35864

CVSS scores:

* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_144 fixes several issues.

The following security issues were fixed:

* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-3804=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-3804=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_144-default-debuginfo-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_144-default-13-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_39-debugsource-13-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_144-preempt-debuginfo-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_144-preempt-13-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_144-default-13-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1227471



SUSE-SU-2024:3806-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP4)


# Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP4)

Announcement ID: SUSE-SU-2024:3806-1
Release Date: 2024-10-30T13:34:06Z
Rating: important
References:

* bsc#1223059
* bsc#1223363
* bsc#1223681
* bsc#1223683
* bsc#1225011
* bsc#1225012
* bsc#1225013
* bsc#1225099
* bsc#1225309
* bsc#1225310
* bsc#1225311
* bsc#1225312
* bsc#1225313
* bsc#1225739
* bsc#1225819
* bsc#1226325
* bsc#1226327
* bsc#1227471
* bsc#1228573
* bsc#1228786
* bsc#1231353

Cross-References:

* CVE-2021-47598
* CVE-2023-52752
* CVE-2023-52846
* CVE-2024-26828
* CVE-2024-26852
* CVE-2024-26923
* CVE-2024-26930
* CVE-2024-27398
* CVE-2024-35817
* CVE-2024-35861
* CVE-2024-35862
* CVE-2024-35863
* CVE-2024-35864
* CVE-2024-35867
* CVE-2024-35905
* CVE-2024-35950
* CVE-2024-36899
* CVE-2024-36964
* CVE-2024-40954
* CVE-2024-41059

CVSS scores:

* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26930 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves 20 vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_119 fixes several issues.

The following security issues were fixed:

* CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327).
* CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init()
(bsc#1227471).
* CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break()
(bsc#1225011).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).
* Intermittent nfs mount failures (may be due to SUNRPC over UDP)
(bsc#1231353)
* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
creation fails (bsc#1227808)
* CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573).
* CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1226325).
* CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
(bsc#1225099).
* CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313).
* CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout
(bsc#1225013).
* CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
(bsc#1225310).
* CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
__unix_gc() (bsc#1223683).
* CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223681).
* CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363).
* CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify()
(bsc#1223059).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3806=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3806=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_119-default-debuginfo-7-150400.9.6.1
* kernel-livepatch-5_14_21-150400_24_119-default-7-150400.9.6.1
* kernel-livepatch-SLE15-SP4_Update_26-debugsource-7-150400.9.6.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_119-default-debuginfo-7-150400.9.6.1
* kernel-livepatch-5_14_21-150400_24_119-default-7-150400.9.6.1
* kernel-livepatch-SLE15-SP4_Update_26-debugsource-7-150400.9.6.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47598.html
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2024-26828.html
* https://www.suse.com/security/cve/CVE-2024-26852.html
* https://www.suse.com/security/cve/CVE-2024-26923.html
* https://www.suse.com/security/cve/CVE-2024-26930.html
* https://www.suse.com/security/cve/CVE-2024-27398.html
* https://www.suse.com/security/cve/CVE-2024-35817.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35863.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://www.suse.com/security/cve/CVE-2024-35867.html
* https://www.suse.com/security/cve/CVE-2024-35905.html
* https://www.suse.com/security/cve/CVE-2024-35950.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-41059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223059
* https://bugzilla.suse.com/show_bug.cgi?id=1223363
* https://bugzilla.suse.com/show_bug.cgi?id=1223681
* https://bugzilla.suse.com/show_bug.cgi?id=1223683
* https://bugzilla.suse.com/show_bug.cgi?id=1225011
* https://bugzilla.suse.com/show_bug.cgi?id=1225012
* https://bugzilla.suse.com/show_bug.cgi?id=1225013
* https://bugzilla.suse.com/show_bug.cgi?id=1225099
* https://bugzilla.suse.com/show_bug.cgi?id=1225309
* https://bugzilla.suse.com/show_bug.cgi?id=1225310
* https://bugzilla.suse.com/show_bug.cgi?id=1225311
* https://bugzilla.suse.com/show_bug.cgi?id=1225312
* https://bugzilla.suse.com/show_bug.cgi?id=1225313
* https://bugzilla.suse.com/show_bug.cgi?id=1225739
* https://bugzilla.suse.com/show_bug.cgi?id=1225819
* https://bugzilla.suse.com/show_bug.cgi?id=1226325
* https://bugzilla.suse.com/show_bug.cgi?id=1226327
* https://bugzilla.suse.com/show_bug.cgi?id=1227471
* https://bugzilla.suse.com/show_bug.cgi?id=1228573
* https://bugzilla.suse.com/show_bug.cgi?id=1228786
* https://bugzilla.suse.com/show_bug.cgi?id=1231353