# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2024:2495-1  
Rating: important  
References:

  * bsc#1195775
  * bsc#1216124
  * bsc#1218148
  * bsc#1219224
  * bsc#1220492
  * bsc#1222015
  * bsc#1222254
  * bsc#1222678
  * bsc#1223384
  * bsc#1224020
  * bsc#1224679
  * bsc#1224696
  * bsc#1224703
  * bsc#1224749
  * bsc#1224764
  * bsc#1224765
  * bsc#1224766
  * bsc#1224935
  * bsc#1225098
  * bsc#1225467
  * bsc#1225487
  * bsc#1225518
  * bsc#1225611
  * bsc#1225732
  * bsc#1225737
  * bsc#1225749
  * bsc#1225840
  * bsc#1225866
  * bsc#1226145
  * bsc#1226211
  * bsc#1226212
  * bsc#1226270
  * bsc#1226587
  * bsc#1226595
  * bsc#1226634
  * bsc#1226758
  * bsc#1226785
  * bsc#1226786
  * bsc#1226789
  * bsc#1226953
  * bsc#1226962

  
Cross-References:

  * CVE-2021-47555
  * CVE-2021-47571
  * CVE-2023-24023
  * CVE-2023-52670
  * CVE-2023-52752
  * CVE-2023-52837
  * CVE-2023-52846
  * CVE-2023-52881
  * CVE-2024-26745
  * CVE-2024-26923
  * CVE-2024-35789
  * CVE-2024-35861
  * CVE-2024-35862
  * CVE-2024-35864
  * CVE-2024-35869
  * CVE-2024-35950
  * CVE-2024-36894
  * CVE-2024-36899
  * CVE-2024-36904
  * CVE-2024-36940
  * CVE-2024-36964
  * CVE-2024-36971
  * CVE-2024-38541
  * CVE-2024-38545
  * CVE-2024-38559
  * CVE-2024-38560
  * CVE-2024-38564
  * CVE-2024-38578

  
CVSS scores:

  * CVE-2021-47555 ( SUSE ):  4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
  * CVE-2021-47571 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2021-47571 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-24023 ( SUSE ):  6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
  * CVE-2023-24023 ( NVD ):  6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
  * CVE-2023-52670 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-52752 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-52752 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-52837 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-52846 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-52881 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L
  * CVE-2024-26745 ( SUSE ):  4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-26923 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-35789 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-35861 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-35862 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-35864 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-35869 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-35950 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-36894 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-36899 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-36904 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-36940 ( SUSE ):  7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
  * CVE-2024-36964 ( SUSE ):  7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-36971 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-36971 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-38541 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-38545 ( SUSE ):  4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-38559 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-38560 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-38564 ( SUSE ):  7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  * CVE-2024-38578 ( SUSE ):  6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

  
Affected Products:

  * openSUSE Leap 15.4
  * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
  * SUSE Linux Enterprise High Availability Extension 15 SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  * SUSE Linux Enterprise Live Patching 15-SP4
  * SUSE Linux Enterprise Micro 5.3
  * SUSE Linux Enterprise Micro 5.4
  * SUSE Linux Enterprise Micro for Rancher 5.3
  * SUSE Linux Enterprise Micro for Rancher 5.4
  * SUSE Linux Enterprise Real Time 15 SP4
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

  
  
An update that solves 28 vulnerabilities and has 13 security fixes can now be
installed.

## Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security
bugfixes.

The following security bugs were fixed:

  * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
    (bsc#1225098).
  * CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()
    (bsc#1225732).
  * CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
  * CVE-2024-35869: smb: client: guarantee refcounted children from parent
    session (bsc#1224679).
  * CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in
    BPF_LINK_CREATE (bsc#1226789).
  * CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated
    (bsc#1226785).
  * CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated
    (bsc#1226786).
  * CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,).
  * CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595)
  * CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
  * CVE-2024-38541: of: module: add buffer overflow check in of_modalias()
    (bsc#1226587).
  * CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
  * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break()
    (bsc#1224765).
  * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted()
    (bsc#1224764).
  * CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in
    acrn_vm_ram_map() (bsc#1226758).
  * CVE-2024-35861: Fixed potential UAF in
    cifs_signal_cifsd_for_reconnect()(bsc#1224766).
  * CVE-2023-52752: smb: client: fix use-after-free bug in
    cifs_debug_data_proc_show() (bsc#1225487).
  * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify
    (bsc#1225737).
  * CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove()
    (bsc#1224696).
  * CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
  * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000
    (bsc#1225866).
  * CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable()
    (bsc#1225840).
  * CVE-2021-47571: staging: rtl8192e: Fix use after free in
    _rtl92e_pci_disconnect() (bsc#1225518).
  * CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt
    (bsc#1225467).
  * CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
  * CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO
    request complete (bsc#1225749).
  * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex
    (bsc#1224703).
  * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in
    __unix_gc() (bsc#1223384).

The following non-security bugs were fixed:

  * Revert "build initrd without systemd" (bsc#1195775)"
  * cgroup: Add annotation for holding namespace_sem in
    current_cgns_cgroup_from_root() (bsc#1222254).
  * cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show()
    (bsc#1222254).
  * cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).
  * cgroup: Remove unnecessary list_empty() (bsc#1222254).
  * cgroup: preserve KABI of cgroup_root (bsc#1222254).
  * ocfs2: adjust enabling place for la window (bsc#1219224).
  * ocfs2: fix sparse warnings (bsc#1219224).
  * ocfs2: improve write IO performance when fragmentation is high
    (bsc#1219224).
  * ocfs2: speed up chain-list searching (bsc#1219224).
  * random: treat bootloader trust toggle the same way as cpu trust toggle
    (bsc#1226953).
  * rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212).
  * rpm/kernel-obs-build.spec.in: Add networking modules for docker
    (bsc#1226211).
  * scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling
    (bsc#1216124).
  * smb: client: ensure to try all targets when finding nested links
    (bsc#1224020).
  * x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015
    bsc#1226962).
  * xfs: do not include bnobt blocks when reserving free block pool
    (bsc#1226270).

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Manager Retail Branch Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-2495=1

  * SUSE Manager Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-2495=1

  * openSUSE Leap 15.4  
    zypper in -t patch SUSE-2024-2495=1

  * SUSE Linux Enterprise Micro for Rancher 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2024-2495=1

  * SUSE Linux Enterprise Micro 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2024-2495=1

  * SUSE Linux Enterprise Micro for Rancher 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2024-2495=1

  * SUSE Linux Enterprise Micro 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2024-2495=1

  * SUSE Linux Enterprise Live Patching 15-SP4  
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-2495=1  
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.

  * SUSE Linux Enterprise High Availability Extension 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2024-2495=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2495=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2495=1

  * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4  
    zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-2495=1

  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2495=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP4  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2495=1

  * SUSE Manager Proxy 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-2495=1

## Package List:

  * SUSE Manager Retail Branch Server 4.3 (nosrc x86_64)
    * kernel-default-5.14.21-150400.24.125.1
  * SUSE Manager Retail Branch Server 4.3 (x86_64)
    * kernel-default-devel-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-debugsource-5.14.21-150400.24.125.1
    * kernel-default-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-base-5.14.21-150400.24.125.1.150400.24.60.1
    * kernel-default-devel-5.14.21-150400.24.125.1
  * SUSE Manager Retail Branch Server 4.3 (noarch)
    * kernel-macros-5.14.21-150400.24.125.1
    * kernel-devel-5.14.21-150400.24.125.1
  * SUSE Manager Server 4.3 (nosrc ppc64le s390x x86_64)
    * kernel-default-5.14.21-150400.24.125.1
  * SUSE Manager Server 4.3 (ppc64le x86_64)
    * kernel-default-base-5.14.21-150400.24.125.1.150400.24.60.1
  * SUSE Manager Server 4.3 (ppc64le s390x x86_64)
    * kernel-default-devel-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-debugsource-5.14.21-150400.24.125.1
    * kernel-default-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-devel-5.14.21-150400.24.125.1
    * kernel-syms-5.14.21-150400.24.125.1
  * SUSE Manager Server 4.3 (noarch)
    * kernel-source-5.14.21-150400.24.125.1
    * kernel-macros-5.14.21-150400.24.125.1
    * kernel-devel-5.14.21-150400.24.125.1
  * SUSE Manager Server 4.3 (nosrc s390x)
    * kernel-zfcpdump-5.14.21-150400.24.125.1
  * SUSE Manager Server 4.3 (s390x)
    * kernel-zfcpdump-debuginfo-5.14.21-150400.24.125.1
    * kernel-zfcpdump-debugsource-5.14.21-150400.24.125.1
  * openSUSE Leap 15.4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.125.1
  * openSUSE Leap 15.4 (noarch)
    * kernel-source-5.14.21-150400.24.125.1
    * kernel-macros-5.14.21-150400.24.125.1
    * kernel-source-vanilla-5.14.21-150400.24.125.1
    * kernel-docs-html-5.14.21-150400.24.125.1
    * kernel-devel-5.14.21-150400.24.125.1
  * openSUSE Leap 15.4 (nosrc ppc64le x86_64)
    * kernel-debug-5.14.21-150400.24.125.1
  * openSUSE Leap 15.4 (ppc64le x86_64)
    * kernel-debug-livepatch-devel-5.14.21-150400.24.125.1
    * kernel-debug-devel-5.14.21-150400.24.125.1
    * kernel-debug-devel-debuginfo-5.14.21-150400.24.125.1
    * kernel-debug-debugsource-5.14.21-150400.24.125.1
    * kernel-debug-debuginfo-5.14.21-150400.24.125.1
  * openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
    * kernel-kvmsmall-debuginfo-5.14.21-150400.24.125.1
    * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.125.1
    * kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.125.1
    * kernel-default-base-5.14.21-150400.24.125.1.150400.24.60.1
    * kernel-default-base-rebuild-5.14.21-150400.24.125.1.150400.24.60.1
    * kernel-kvmsmall-devel-5.14.21-150400.24.125.1
    * kernel-kvmsmall-debugsource-5.14.21-150400.24.125.1
  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
    * kernel-default-optional-debuginfo-5.14.21-150400.24.125.1
    * dlm-kmp-default-debuginfo-5.14.21-150400.24.125.1
    * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.125.1
    * kselftests-kmp-default-debuginfo-5.14.21-150400.24.125.1
    * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-livepatch-5.14.21-150400.24.125.1
    * kernel-obs-build-debugsource-5.14.21-150400.24.125.1
    * kselftests-kmp-default-5.14.21-150400.24.125.1
    * dlm-kmp-default-5.14.21-150400.24.125.1
    * kernel-default-livepatch-devel-5.14.21-150400.24.125.1
    * cluster-md-kmp-default-5.14.21-150400.24.125.1
    * kernel-default-devel-5.14.21-150400.24.125.1
    * kernel-default-extra-debuginfo-5.14.21-150400.24.125.1
    * kernel-syms-5.14.21-150400.24.125.1
    * kernel-default-debugsource-5.14.21-150400.24.125.1
    * kernel-default-optional-5.14.21-150400.24.125.1
    * kernel-obs-qa-5.14.21-150400.24.125.1
    * gfs2-kmp-default-debuginfo-5.14.21-150400.24.125.1
    * gfs2-kmp-default-5.14.21-150400.24.125.1
    * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.125.1
    * kernel-obs-build-5.14.21-150400.24.125.1
    * kernel-default-devel-debuginfo-5.14.21-150400.24.125.1
    * reiserfs-kmp-default-5.14.21-150400.24.125.1
    * kernel-default-extra-5.14.21-150400.24.125.1
    * kernel-default-debuginfo-5.14.21-150400.24.125.1
    * ocfs2-kmp-default-5.14.21-150400.24.125.1
  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
    * kernel-default-5.14.21-150400.24.125.1
  * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64)
    * kernel-kvmsmall-5.14.21-150400.24.125.1
  * openSUSE Leap 15.4 (ppc64le s390x x86_64)
    * kernel-livepatch-5_14_21-150400_24_125-default-debuginfo-1-150400.9.3.1
    * kernel-livepatch-5_14_21-150400_24_125-default-1-150400.9.3.1
    * kernel-livepatch-SLE15-SP4_Update_28-debugsource-1-150400.9.3.1
  * openSUSE Leap 15.4 (nosrc s390x)
    * kernel-zfcpdump-5.14.21-150400.24.125.1
  * openSUSE Leap 15.4 (s390x)
    * kernel-zfcpdump-debuginfo-5.14.21-150400.24.125.1
    * kernel-zfcpdump-debugsource-5.14.21-150400.24.125.1
  * openSUSE Leap 15.4 (nosrc)
    * dtb-aarch64-5.14.21-150400.24.125.1
  * openSUSE Leap 15.4 (aarch64)
    * kernel-64kb-optional-5.14.21-150400.24.125.1
    * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.125.1
    * dtb-freescale-5.14.21-150400.24.125.1
    * dtb-mediatek-5.14.21-150400.24.125.1
    * dtb-socionext-5.14.21-150400.24.125.1
    * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.125.1
    * kernel-64kb-devel-debuginfo-5.14.21-150400.24.125.1
    * dtb-nvidia-5.14.21-150400.24.125.1
    * kernel-64kb-optional-debuginfo-5.14.21-150400.24.125.1
    * dtb-marvell-5.14.21-150400.24.125.1
    * kselftests-kmp-64kb-5.14.21-150400.24.125.1
    * ocfs2-kmp-64kb-5.14.21-150400.24.125.1
    * dtb-xilinx-5.14.21-150400.24.125.1
    * dtb-renesas-5.14.21-150400.24.125.1
    * dtb-cavium-5.14.21-150400.24.125.1
    * dtb-qcom-5.14.21-150400.24.125.1
    * gfs2-kmp-64kb-5.14.21-150400.24.125.1
    * kernel-64kb-livepatch-devel-5.14.21-150400.24.125.1
    * cluster-md-kmp-64kb-5.14.21-150400.24.125.1
    * dtb-lg-5.14.21-150400.24.125.1
    * kernel-64kb-extra-debuginfo-5.14.21-150400.24.125.1
    * reiserfs-kmp-64kb-5.14.21-150400.24.125.1
    * dtb-rockchip-5.14.21-150400.24.125.1
    * dtb-arm-5.14.21-150400.24.125.1
    * dtb-sprd-5.14.21-150400.24.125.1
    * dtb-amd-5.14.21-150400.24.125.1
    * dtb-amazon-5.14.21-150400.24.125.1
    * dtb-exynos-5.14.21-150400.24.125.1
    * dtb-altera-5.14.21-150400.24.125.1
    * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.125.1
    * dlm-kmp-64kb-5.14.21-150400.24.125.1
    * dtb-apple-5.14.21-150400.24.125.1
    * dtb-allwinner-5.14.21-150400.24.125.1
    * dtb-apm-5.14.21-150400.24.125.1
    * kernel-64kb-debugsource-5.14.21-150400.24.125.1
    * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.125.1
    * dtb-amlogic-5.14.21-150400.24.125.1
    * kernel-64kb-devel-5.14.21-150400.24.125.1
    * dtb-hisilicon-5.14.21-150400.24.125.1
    * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.125.1
    * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.125.1
    * kernel-64kb-debuginfo-5.14.21-150400.24.125.1
    * kernel-64kb-extra-5.14.21-150400.24.125.1
    * dtb-broadcom-5.14.21-150400.24.125.1
  * openSUSE Leap 15.4 (aarch64 nosrc)
    * kernel-64kb-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
    * kernel-default-base-5.14.21-150400.24.125.1.150400.24.60.1
  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
    * kernel-default-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-debugsource-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
    * kernel-default-base-5.14.21-150400.24.125.1.150400.24.60.1
  * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
    * kernel-default-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-debugsource-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
    * kernel-default-base-5.14.21-150400.24.125.1.150400.24.60.1
  * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
    * kernel-default-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-debugsource-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
    * kernel-default-base-5.14.21-150400.24.125.1.150400.24.60.1
  * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
    * kernel-default-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-debugsource-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc)
    * kernel-default-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
    * kernel-default-debugsource-5.14.21-150400.24.125.1
    * kernel-default-debuginfo-5.14.21-150400.24.125.1
    * kernel-livepatch-5_14_21-150400_24_125-default-1-150400.9.3.1
    * kernel-default-livepatch-devel-5.14.21-150400.24.125.1
    * kernel-livepatch-SLE15-SP4_Update_28-debugsource-1-150400.9.3.1
    * kernel-default-livepatch-5.14.21-150400.24.125.1
    * kernel-livepatch-5_14_21-150400_24_125-default-debuginfo-1-150400.9.3.1
  * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
    s390x x86_64)
    * kernel-default-debugsource-5.14.21-150400.24.125.1
    * kernel-default-debuginfo-5.14.21-150400.24.125.1
    * dlm-kmp-default-debuginfo-5.14.21-150400.24.125.1
    * dlm-kmp-default-5.14.21-150400.24.125.1
    * gfs2-kmp-default-debuginfo-5.14.21-150400.24.125.1
    * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.125.1
    * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.125.1
    * gfs2-kmp-default-5.14.21-150400.24.125.1
    * cluster-md-kmp-default-5.14.21-150400.24.125.1
    * ocfs2-kmp-default-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc)
    * kernel-default-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
    nosrc)
    * kernel-64kb-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64)
    * kernel-64kb-debuginfo-5.14.21-150400.24.125.1
    * kernel-64kb-devel-5.14.21-150400.24.125.1
    * kernel-64kb-debugsource-5.14.21-150400.24.125.1
    * kernel-64kb-devel-debuginfo-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc
    x86_64)
    * kernel-default-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
    x86_64)
    * kernel-default-devel-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-debugsource-5.14.21-150400.24.125.1
    * kernel-obs-build-debugsource-5.14.21-150400.24.125.1
    * reiserfs-kmp-default-5.14.21-150400.24.125.1
    * kernel-default-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-base-5.14.21-150400.24.125.1.150400.24.60.1
    * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-devel-5.14.21-150400.24.125.1
    * kernel-obs-build-5.14.21-150400.24.125.1
    * kernel-syms-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
    * kernel-source-5.14.21-150400.24.125.1
    * kernel-macros-5.14.21-150400.24.125.1
    * kernel-devel-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc)
    * kernel-64kb-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64)
    * kernel-64kb-debuginfo-5.14.21-150400.24.125.1
    * kernel-64kb-devel-5.14.21-150400.24.125.1
    * kernel-64kb-debugsource-5.14.21-150400.24.125.1
    * kernel-64kb-devel-debuginfo-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc
    x86_64)
    * kernel-default-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
    x86_64)
    * kernel-default-devel-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-debugsource-5.14.21-150400.24.125.1
    * kernel-obs-build-debugsource-5.14.21-150400.24.125.1
    * reiserfs-kmp-default-5.14.21-150400.24.125.1
    * kernel-default-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-base-5.14.21-150400.24.125.1.150400.24.60.1
    * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-devel-5.14.21-150400.24.125.1
    * kernel-obs-build-5.14.21-150400.24.125.1
    * kernel-syms-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
    * kernel-source-5.14.21-150400.24.125.1
    * kernel-macros-5.14.21-150400.24.125.1
    * kernel-devel-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (nosrc x86_64)
    * kernel-default-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
    * kernel-default-devel-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-debugsource-5.14.21-150400.24.125.1
    * kernel-obs-build-debugsource-5.14.21-150400.24.125.1
    * kernel-default-extra-5.14.21-150400.24.125.1
    * kernel-default-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-base-5.14.21-150400.24.125.1.150400.24.60.1
    * kernel-default-devel-5.14.21-150400.24.125.1
    * kernel-default-extra-debuginfo-5.14.21-150400.24.125.1
    * kernel-obs-build-5.14.21-150400.24.125.1
    * kernel-syms-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch)
    * kernel-source-5.14.21-150400.24.125.1
    * kernel-macros-5.14.21-150400.24.125.1
    * kernel-devel-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 nosrc)
    * kernel-64kb-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64)
    * kernel-64kb-debuginfo-5.14.21-150400.24.125.1
    * kernel-64kb-devel-5.14.21-150400.24.125.1
    * kernel-64kb-debugsource-5.14.21-150400.24.125.1
    * kernel-64kb-devel-debuginfo-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
    x86_64 nosrc)
    * kernel-default-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le x86_64)
    * kernel-default-base-5.14.21-150400.24.125.1.150400.24.60.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
    x86_64)
    * kernel-default-devel-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-debugsource-5.14.21-150400.24.125.1
    * kernel-obs-build-debugsource-5.14.21-150400.24.125.1
    * reiserfs-kmp-default-5.14.21-150400.24.125.1
    * kernel-default-debuginfo-5.14.21-150400.24.125.1
    * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-devel-5.14.21-150400.24.125.1
    * kernel-obs-build-5.14.21-150400.24.125.1
    * kernel-syms-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
    * kernel-source-5.14.21-150400.24.125.1
    * kernel-macros-5.14.21-150400.24.125.1
    * kernel-devel-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (nosrc s390x)
    * kernel-zfcpdump-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (s390x)
    * kernel-zfcpdump-debuginfo-5.14.21-150400.24.125.1
    * kernel-zfcpdump-debugsource-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc ppc64le
    x86_64)
    * kernel-default-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
    * kernel-default-devel-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-debugsource-5.14.21-150400.24.125.1
    * kernel-obs-build-debugsource-5.14.21-150400.24.125.1
    * reiserfs-kmp-default-5.14.21-150400.24.125.1
    * kernel-default-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-base-5.14.21-150400.24.125.1.150400.24.60.1
    * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-devel-5.14.21-150400.24.125.1
    * kernel-obs-build-5.14.21-150400.24.125.1
    * kernel-syms-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
    * kernel-source-5.14.21-150400.24.125.1
    * kernel-macros-5.14.21-150400.24.125.1
    * kernel-devel-5.14.21-150400.24.125.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.125.1
  * SUSE Manager Proxy 4.3 (nosrc x86_64)
    * kernel-default-5.14.21-150400.24.125.1
  * SUSE Manager Proxy 4.3 (x86_64)
    * kernel-default-devel-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-debugsource-5.14.21-150400.24.125.1
    * kernel-default-debuginfo-5.14.21-150400.24.125.1
    * kernel-default-base-5.14.21-150400.24.125.1.150400.24.60.1
    * kernel-default-devel-5.14.21-150400.24.125.1
    * kernel-syms-5.14.21-150400.24.125.1
  * SUSE Manager Proxy 4.3 (noarch)
    * kernel-source-5.14.21-150400.24.125.1
    * kernel-macros-5.14.21-150400.24.125.1
    * kernel-devel-5.14.21-150400.24.125.1

## References:

  * https://www.suse.com/security/cve/CVE-2021-47555.html
  * https://www.suse.com/security/cve/CVE-2021-47571.html
  * https://www.suse.com/security/cve/CVE-2023-24023.html
  * https://www.suse.com/security/cve/CVE-2023-52670.html
  * https://www.suse.com/security/cve/CVE-2023-52752.html
  * https://www.suse.com/security/cve/CVE-2023-52837.html
  * https://www.suse.com/security/cve/CVE-2023-52846.html
  * https://www.suse.com/security/cve/CVE-2023-52881.html
  * https://www.suse.com/security/cve/CVE-2024-26745.html
  * https://www.suse.com/security/cve/CVE-2024-26923.html
  * https://www.suse.com/security/cve/CVE-2024-35789.html
  * https://www.suse.com/security/cve/CVE-2024-35861.html
  * https://www.suse.com/security/cve/CVE-2024-35862.html
  * https://www.suse.com/security/cve/CVE-2024-35864.html
  * https://www.suse.com/security/cve/CVE-2024-35869.html
  * https://www.suse.com/security/cve/CVE-2024-35950.html
  * https://www.suse.com/security/cve/CVE-2024-36894.html
  * https://www.suse.com/security/cve/CVE-2024-36899.html
  * https://www.suse.com/security/cve/CVE-2024-36904.html
  * https://www.suse.com/security/cve/CVE-2024-36940.html
  * https://www.suse.com/security/cve/CVE-2024-36964.html
  * https://www.suse.com/security/cve/CVE-2024-36971.html
  * https://www.suse.com/security/cve/CVE-2024-38541.html
  * https://www.suse.com/security/cve/CVE-2024-38545.html
  * https://www.suse.com/security/cve/CVE-2024-38559.html
  * https://www.suse.com/security/cve/CVE-2024-38560.html
  * https://www.suse.com/security/cve/CVE-2024-38564.html
  * https://www.suse.com/security/cve/CVE-2024-38578.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1195775
  * https://bugzilla.suse.com/show_bug.cgi?id=1216124
  * https://bugzilla.suse.com/show_bug.cgi?id=1218148
  * https://bugzilla.suse.com/show_bug.cgi?id=1219224
  * https://bugzilla.suse.com/show_bug.cgi?id=1220492
  * https://bugzilla.suse.com/show_bug.cgi?id=1222015
  * https://bugzilla.suse.com/show_bug.cgi?id=1222254
  * https://bugzilla.suse.com/show_bug.cgi?id=1222678
  * https://bugzilla.suse.com/show_bug.cgi?id=1223384
  * https://bugzilla.suse.com/show_bug.cgi?id=1224020
  * https://bugzilla.suse.com/show_bug.cgi?id=1224679
  * https://bugzilla.suse.com/show_bug.cgi?id=1224696
  * https://bugzilla.suse.com/show_bug.cgi?id=1224703
  * https://bugzilla.suse.com/show_bug.cgi?id=1224749
  * https://bugzilla.suse.com/show_bug.cgi?id=1224764
  * https://bugzilla.suse.com/show_bug.cgi?id=1224765
  * https://bugzilla.suse.com/show_bug.cgi?id=1224766
  * https://bugzilla.suse.com/show_bug.cgi?id=1224935
  * https://bugzilla.suse.com/show_bug.cgi?id=1225098
  * https://bugzilla.suse.com/show_bug.cgi?id=1225467
  * https://bugzilla.suse.com/show_bug.cgi?id=1225487
  * https://bugzilla.suse.com/show_bug.cgi?id=1225518
  * https://bugzilla.suse.com/show_bug.cgi?id=1225611
  * https://bugzilla.suse.com/show_bug.cgi?id=1225732
  * https://bugzilla.suse.com/show_bug.cgi?id=1225737
  * https://bugzilla.suse.com/show_bug.cgi?id=1225749
  * https://bugzilla.suse.com/show_bug.cgi?id=1225840
  * https://bugzilla.suse.com/show_bug.cgi?id=1225866
  * https://bugzilla.suse.com/show_bug.cgi?id=1226145
  * https://bugzilla.suse.com/show_bug.cgi?id=1226211
  * https://bugzilla.suse.com/show_bug.cgi?id=1226212
  * https://bugzilla.suse.com/show_bug.cgi?id=1226270
  * https://bugzilla.suse.com/show_bug.cgi?id=1226587
  * https://bugzilla.suse.com/show_bug.cgi?id=1226595
  * https://bugzilla.suse.com/show_bug.cgi?id=1226634
  * https://bugzilla.suse.com/show_bug.cgi?id=1226758
  * https://bugzilla.suse.com/show_bug.cgi?id=1226785
  * https://bugzilla.suse.com/show_bug.cgi?id=1226786
  * https://bugzilla.suse.com/show_bug.cgi?id=1226789
  * https://bugzilla.suse.com/show_bug.cgi?id=1226953
  * https://bugzilla.suse.com/show_bug.cgi?id=1226962

SUSE: 2024:2495-1 important: the Linux Kernel Security Advisory Updates

July 16, 2024
* bsc#1195775 * bsc#1216124 * bsc#1218148 * bsc#1219224 * bsc#1220492

Summary

## The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). * CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). * CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). * CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679). * CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). * CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). * CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). * CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,). * CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595) * CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). * CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587). * CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). * CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()(bsc#1224766). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). * CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696). * CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). * CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). * CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). * CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467). * CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148). * CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). * CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). The following non-security bugs were fixed: * Revert "build initrd without systemd" (bsc#1195775)" * cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). * cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). * cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). * cgroup: Remove unnecessary list_empty() (bsc#1222254). * cgroup: preserve KABI of cgroup_root (bsc#1222254). * ocfs2: adjust enabling place for la window (bsc#1219224). * ocfs2: fix sparse warnings (bsc#1219224). * ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). * ocfs2: speed up chain-list searching (bsc#1219224). * random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953). * rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212). * rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211). * scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1216124). * smb: client: ensure to try all targets when finding nested links (bsc#1224020). * x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). * xfs: do not include bnobt blocks when reserving free block pool (bsc#1226270).

References

* bsc#1195775

* bsc#1216124

* bsc#1218148

* bsc#1219224

* bsc#1220492

* bsc#1222015

* bsc#1222254

* bsc#1222678

* bsc#1223384

* bsc#1224020

* bsc#1224679

* bsc#1224696

* bsc#1224703

* bsc#1224749

* bsc#1224764

* bsc#1224765

* bsc#1224766

* bsc#1224935

* bsc#1225098

* bsc#1225467

* bsc#1225487

* bsc#1225518

* bsc#1225611

* bsc#1225732

* bsc#1225737

* bsc#1225749

* bsc#1225840

* bsc#1225866

* bsc#1226145

* bsc#1226211

* bsc#1226212

* bsc#1226270

* bsc#1226587

* bsc#1226595

* bsc#1226634

* bsc#1226758

* bsc#1226785

* bsc#1226786

* bsc#1226789

* bsc#1226953

* bsc#1226962

Cross-

* CVE-2021-47555

* CVE-2021-47571

* CVE-2023-24023

* CVE-2023-52670

* CVE-2023-52752

* CVE-2023-52837

* CVE-2023-52846

* CVE-2023-52881

* CVE-2024-26745

* CVE-2024-26923

* CVE-2024-35789

* CVE-2024-35861

* CVE-2024-35862

* CVE-2024-35864

* CVE-2024-35869

* CVE-2024-35950

* CVE-2024-36894

* CVE-2024-36899

* CVE-2024-36904

* CVE-2024-36940

* CVE-2024-36964

* CVE-2024-36971

* CVE-2024-38541

* CVE-2024-38545

* CVE-2024-38559

* CVE-2024-38560

* CVE-2024-38564

* CVE-2024-38578

CVSS scores:

* CVE-2021-47555 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

* CVE-2021-47571 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2021-47571 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-24023 ( SUSE ): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2023-24023 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2023-52670 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-52837 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-52881 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L

* CVE-2024-26745 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-35789 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-35869 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-36894 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-36904 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-36940 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

* CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-36971 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-36971 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-38541 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-38545 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-38559 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-38560 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-38564 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

* CVE-2024-38578 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Affected Products:

* openSUSE Leap 15.4

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4

* SUSE Linux Enterprise High Availability Extension 15 SP4

* SUSE Linux Enterprise High Performance Computing 15 SP4

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4

* SUSE Linux Enterprise Live Patching 15-SP4

* SUSE Linux Enterprise Micro 5.3

* SUSE Linux Enterprise Micro 5.4

* SUSE Linux Enterprise Micro for Rancher 5.3

* SUSE Linux Enterprise Micro for Rancher 5.4

* SUSE Linux Enterprise Real Time 15 SP4

* SUSE Linux Enterprise Server 15 SP4

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4

* SUSE Linux Enterprise Server for SAP Applications 15 SP4

* SUSE Manager Proxy 4.3

* SUSE Manager Retail Branch Server 4.3

* SUSE Manager Server 4.3

An update that solves 28 vulnerabilities and has 13 security fixes can now be

installed.

##

* https://www.suse.com/security/cve/CVE-2021-47555.html

* https://www.suse.com/security/cve/CVE-2021-47571.html

* https://www.suse.com/security/cve/CVE-2023-24023.html

* https://www.suse.com/security/cve/CVE-2023-52670.html

* https://www.suse.com/security/cve/CVE-2023-52752.html

* https://www.suse.com/security/cve/CVE-2023-52837.html

* https://www.suse.com/security/cve/CVE-2023-52846.html

* https://www.suse.com/security/cve/CVE-2023-52881.html

* https://www.suse.com/security/cve/CVE-2024-26745.html

* https://www.suse.com/security/cve/CVE-2024-26923.html

* https://www.suse.com/security/cve/CVE-2024-35789.html

* https://www.suse.com/security/cve/CVE-2024-35861.html

* https://www.suse.com/security/cve/CVE-2024-35862.html

* https://www.suse.com/security/cve/CVE-2024-35864.html

* https://www.suse.com/security/cve/CVE-2024-35869.html

* https://www.suse.com/security/cve/CVE-2024-35950.html

* https://www.suse.com/security/cve/CVE-2024-36894.html

* https://www.suse.com/security/cve/CVE-2024-36899.html

* https://www.suse.com/security/cve/CVE-2024-36904.html

* https://www.suse.com/security/cve/CVE-2024-36940.html

* https://www.suse.com/security/cve/CVE-2024-36964.html

* https://www.suse.com/security/cve/CVE-2024-36971.html

* https://www.suse.com/security/cve/CVE-2024-38541.html

* https://www.suse.com/security/cve/CVE-2024-38545.html

* https://www.suse.com/security/cve/CVE-2024-38559.html

* https://www.suse.com/security/cve/CVE-2024-38560.html

* https://www.suse.com/security/cve/CVE-2024-38564.html

* https://www.suse.com/security/cve/CVE-2024-38578.html

* https://bugzilla.suse.com/show_bug.cgi?id=1195775

* https://bugzilla.suse.com/show_bug.cgi?id=1216124

* https://bugzilla.suse.com/show_bug.cgi?id=1218148

* https://bugzilla.suse.com/show_bug.cgi?id=1219224

* https://bugzilla.suse.com/show_bug.cgi?id=1220492

* https://bugzilla.suse.com/show_bug.cgi?id=1222015

* https://bugzilla.suse.com/show_bug.cgi?id=1222254

* https://bugzilla.suse.com/show_bug.cgi?id=1222678

* https://bugzilla.suse.com/show_bug.cgi?id=1223384

* https://bugzilla.suse.com/show_bug.cgi?id=1224020

* https://bugzilla.suse.com/show_bug.cgi?id=1224679

* https://bugzilla.suse.com/show_bug.cgi?id=1224696

* https://bugzilla.suse.com/show_bug.cgi?id=1224703

* https://bugzilla.suse.com/show_bug.cgi?id=1224749

* https://bugzilla.suse.com/show_bug.cgi?id=1224764

* https://bugzilla.suse.com/show_bug.cgi?id=1224765

* https://bugzilla.suse.com/show_bug.cgi?id=1224766

* https://bugzilla.suse.com/show_bug.cgi?id=1224935

* https://bugzilla.suse.com/show_bug.cgi?id=1225098

* https://bugzilla.suse.com/show_bug.cgi?id=1225467

* https://bugzilla.suse.com/show_bug.cgi?id=1225487

* https://bugzilla.suse.com/show_bug.cgi?id=1225518

* https://bugzilla.suse.com/show_bug.cgi?id=1225611

* https://bugzilla.suse.com/show_bug.cgi?id=1225732

* https://bugzilla.suse.com/show_bug.cgi?id=1225737

* https://bugzilla.suse.com/show_bug.cgi?id=1225749

* https://bugzilla.suse.com/show_bug.cgi?id=1225840

* https://bugzilla.suse.com/show_bug.cgi?id=1225866

* https://bugzilla.suse.com/show_bug.cgi?id=1226145

* https://bugzilla.suse.com/show_bug.cgi?id=1226211

* https://bugzilla.suse.com/show_bug.cgi?id=1226212

* https://bugzilla.suse.com/show_bug.cgi?id=1226270

* https://bugzilla.suse.com/show_bug.cgi?id=1226587

* https://bugzilla.suse.com/show_bug.cgi?id=1226595

* https://bugzilla.suse.com/show_bug.cgi?id=1226634

* https://bugzilla.suse.com/show_bug.cgi?id=1226758

* https://bugzilla.suse.com/show_bug.cgi?id=1226785

* https://bugzilla.suse.com/show_bug.cgi?id=1226786

* https://bugzilla.suse.com/show_bug.cgi?id=1226789

* https://bugzilla.suse.com/show_bug.cgi?id=1226953

* https://bugzilla.suse.com/show_bug.cgi?id=1226962

Severity
Announcement ID: SUSE-SU-2024:2495-1
Rating: important

Related News

Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power
8 Expert-Recommended Security Practices to Fortify Your Linux Systems
4 - 8 min read
As a Linux admin or an infosec professional, you understand how the security landscape changes due to evolving threats, newly discovered
Open Source Strategies for Enhancing Security in Digital Business Operations
5 - 9 min read
Digital transformation, powered by the principles of open-source security , is vital for businesses looking to excel in today's technology-driven
Microsoft Update Mayhem: Rescuing Linux Dual-Boot Systems from Secure Boot Woes
2 - 4 min read
Microsoft's recent patch, intended to strengthen Secure Boot defenses, has resulted in an unexpected setback for Linux-Windows dual-boot setups

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved