openSUSE 15.6: 2024:3880-1 critical: kernel security update
opensuse
November 4, 2024
This update for the Linux Kernel 6.4.0-150600_21 fixes several issues
Description
This update for the Linux Kernel 6.4.0-150600_21 fixes several issues.
The following security issues were fixed:
* CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327).
* CVE-2024-42133: Bluetooth: Ignore too large handle values in BIG
(bsc#1231419)
* CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break()
(bsc#1225011).
* CVE-2023-52752: smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225819).
* CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
(bsc#1225311).
* CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012).
* CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
(bsc#1225309).
* CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()
(bsc#1225312).
* CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225739).
* CVE-2024-40954: net: do not leave a dangling sk pointer, when...
Read the Full Advisory
Topics Covered
Patch
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2024-3880=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-3880=1
Package List
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_21-default-6-150600.4.10.1
* kernel-livepatch-SLE15-SP6_Update_0-debugsource-6-150600.4.10.1
* kernel-livepatch-6_4_0-150600_21-default-debuginfo-6-150600.4.10.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_21-default-6-150600.4.10.1
* kernel-livepatch-SLE15-SP6_Update_0-debugsource-6-150600.4.10.1
* kernel-livepatch-6_4_0-150600_21-default-debuginfo-6-150600.4.10.1
References
* bsc#1225011
* bsc#1225012
* bsc#1225099
* bsc#1225309
* bsc#1225311
* bsc#1225312
* bsc#1225313
* bsc#1225739
* bsc#1225819
* bsc#1226325
* bsc#1226327
* bsc#1228786
* bsc#1231419
## References:
* https://www.suse.com/security/cve/CVE-2023-52752.html
* https://www.suse.com/security/cve/CVE-2023-52846.html
* https://www.suse.com/security/cve/CVE-2024-35817.html
* https://www.suse.com/security/cve/CVE-2024-35861.html
* https://www.suse.com/security/cve/CVE-2024-35862.html
* https://www.suse.com/security/cve/CVE-2024-35863.html
* https://www.suse.com/security/cve/CVE-2024-35864.html
* https://www.suse.com/security/cve/CVE-2024-35867.html
* https://www.suse.com/security/cve/CVE-2024-35905.html
* https://www.suse.com/security/cve/CVE-2024-36899.html
* https://www.suse.com/security/cve/CVE-2024-36964.html
* https://www.suse.com/security/cve/CVE-2024-40954.html
* https://www.suse.com/security/cve/CVE-2024-42133.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225011
*...
Read the Full Advisory
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2024:3880-1
Release Date: 2024-11-04T06:33:25Z
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!