Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE 15 SP4: 2024:3780-1 important: multiple security fixes

suse
Calendar Grey October 30, 2024
Dist Suse Esm H88
Essential Linux Kernel patch addresses several security flaws, with a focus on use-after-free vulnerabilities. Take immediate action!
* bsc#1223683 * bsc#1225099 * bsc#1225309 * bsc#1225310 * bsc#1225311

Summary

## This update for the Linux Kernel 5.14.21-150400_24_122 fixes several issues. The following security issues were fixed: * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * Intermittent nfs mount failures (may be due to SUNRPC over UDP) (bsc#1231353) * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739).

Topics%20covered

Topics Covered

security advisory kernel patch server important SUSE use-after-free live patching

References

* bsc#1223683

* bsc#1225099

* bsc#1225309

* bsc#1225310

* bsc#1225311

* bsc#1225312

* bsc#1225739

* bsc#1225819

* bsc#1226325

* bsc#1227471

* bsc#1228573

* bsc#1228786

* bsc#1231353

Cross-

* CVE-2021-47598

* CVE-2023-52752

* CVE-2023-52846

* CVE-2024-26923

* CVE-2024-35861

* CVE-2024-35862

* CVE-2024-35864

* CVE-2024-35950

* CVE-2024-36899

* CVE-2024-36964

* CVE-2024-40954

* CVE-2024-41059

CVSS scores:

* CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:3780-1
Release Date: 2024-10-29T20:48:12Z
Rating: important

Topics%20covered

Topics Covered

security advisory kernel patch server important SUSE use-after-free live patching

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here