Alerts This Week
Warning Icon 1 1,139
Alerts This Week
Warning Icon 1 1,139

openSUSE 15 SP6 Advisory ID SUSE-SU-2024:4209-1 Important Kernel Update

opensuse
Calendar Grey December 5, 2024
Dist Opensuse Esm H88
Important security update for openSUSE kernel fixing memory leaks and more in Live Patch 2 for SLE 15 SP6.
An update that solves six vulnerabilities can now be installed.

Description

This update for the Linux Kernel 6.4.0-150600_23_14 fixes several issues.

The following security issues were fixed:

* CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553).

* CVE-2024-42133: Bluetooth: Ignore too large handle values in BIG

(bsc#1228511).

* CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks

(bsc#1229273).

* CVE-2023-52752: smb: client: fix use-after-free bug in

cifs_debug_data_proc_show() (bsc#1225819).

* CVE-2024-40954: net: do not leave a dangling sk pointer, when socket

creation fails (bsc#1227808)

* CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free()

(bsc#1228349).

Topics%20covered

Topics Covered

No topics assigned

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6

zypper in -t patch SUSE-2024-4209=1

* SUSE Linux Enterprise Live Patching 15-SP6

zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2024-4209=1

Package List

* openSUSE Leap 15.6 (ppc64le s390x x86_64)

* kernel-livepatch-6_4_0-150600_23_14-default-5-150600.13.6.1

* kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-5-150600.13.6.1

* kernel-livepatch-SLE15-SP6_Update_2-debugsource-5-150600.13.6.1

* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)

* kernel-livepatch-6_4_0-150600_23_14-default-5-150600.13.6.1

* kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-5-150600.13.6.1

* kernel-livepatch-SLE15-SP6_Update_2-debugsource-5-150600.13.6.1

References

* bsc#1225819

* bsc#1228349

* bsc#1228786

* bsc#1229273

* bsc#1229553

* bsc#1231419

## References:

* https://www.suse.com/security/cve/CVE-2023-52752.html

* https://www.suse.com/security/cve/CVE-2024-35949.html

* https://www.suse.com/security/cve/CVE-2024-40909.html

* https://www.suse.com/security/cve/CVE-2024-40954.html

* https://www.suse.com/security/cve/CVE-2024-42133.html

* https://www.suse.com/security/cve/CVE-2024-43861.html

* https://bugzilla.suse.com/show_bug.cgi?id=1225819

* https://bugzilla.suse.com/show_bug.cgi?id=1228349

* https://bugzilla.suse.com/show_bug.cgi?id=1228786

* https://bugzilla.suse.com/show_bug.cgi?id=1229273

* https://bugzilla.suse.com/show_bug.cgi?id=1229553

* https://bugzilla.suse.com/show_bug.cgi?id=1231419

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:4209-1
Release Date: 2024-12-05T15:34:05Z
Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6

Topics%20covered

Topics Covered

No topics assigned

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here